PDA

View Full Version : [CLOSED] NEED HELP deciphering combofix.exe log


BEJON
2006-07-30, 20:46
I ran combofix and here is the log. can anyone please help me decipher this?
What should i do next. i had Winlogin.exe problem, a Command.exe problem, and webhdll.dll

What should i do?

LOG
--------------------------
Start Time= Sun 07/30/2006 13:28:30.24
Running from: C:\Documents and Settings\Ali\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\logons
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{182CDB68-9EB4-43EC-8320-BDAC433DD04C}]
@=""

[HKEY_CLASSES_ROOT\clsid\{182CDB68-9EB4-43EC-8320-BDAC433DD04C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{182CDB68-9EB4-43EC-8320-BDAC433DD04C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{182CDB68-9EB4-43EC-8320-BDAC433DD04C}\InprocServer32]
@="C:\\WINDOWS\\system32\\mcwsock.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\AOME.DLL
C:\WINDOWS\SYSTEM32\cansole.dll
C:\WINDOWS\SYSTEM32\dbsapi.dll
C:\WINDOWS\SYSTEM32\enrml1911.dll
C:\WINDOWS\SYSTEM32\j4l40e3qeh.dll
C:\WINDOWS\SYSTEM32\l20ulcd91f0.dll
C:\WINDOWS\SYSTEM32\mcwsock.dll
C:\WINDOWS\SYSTEM32\mebsync.dll
C:\WINDOWS\SYSTEM32\wphtcpip.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

13:30:16.10

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *




* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-03 02:56:58 127,078 "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\system32\javaw.exe"
2006-07-29 12:41:50 36,864 "C:\WINDOWS\system32\n9nyb.exe"
2006-07-29 12:42:58 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-07-29 12:44:04 234,272 "C:\WINDOWS\system32\dbsapi.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-07-29 12:42:58 159,744 "C:\WINDOWS\system32\redist.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\system32\urlmon.dll"
2006-07-29 12:39:44 14,848 "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-29 17:06:20 235,508 "C:\WINDOWS\system32\cansole.dll"
2006-05-15 18:24:34 466,944 "C:\WINDOWS\system32\capicom.dll"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\system32\jsproxy.dll"
2006-07-30 05:04:30 235,508 "C:\WINDOWS\system32\mcwsock.dll"
2006-07-29 16:49:50 234,272 "C:\WINDOWS\system32\mebsync.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-06-22 05:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\system32\danim.dll"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *




DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-05-03 02:56:58 127,078 "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53,346 "C:\WINDOWS\system32\javaw.exe"
2006-07-29 12:41:50 36,864 "C:\WINDOWS\system32\n9nyb.exe"
2006-07-29 12:42:58 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-07-29 12:39:44 14,848 "C:\WINDOWS\system32\BASSMOD.dll"
2006-05-15 18:24:34 466,944 "C:\WINDOWS\system32\capicom.dll"
2006-05-10 00:25:20 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:25:22 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:25:22 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:25:22 251,904 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:25:22 15,872 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 00:25:22 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-06-22 05:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:32:10 1,496,576 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:25:22 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 00:25:22 663,552 "C:\WINDOWS\system32\wininet.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:25:22 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:25:22 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:06:04 3,055,104 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:25:22 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-07-29 12:42:58 159,744 "C:\WINDOWS\system32\redist.dll"
2006-05-10 00:25:22 615,424 "C:\WINDOWS\system32\urlmon.dll"
2006-05-10 00:25:20 1,054,208 "C:\WINDOWS\system32\danim.dll"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload.exe
C:\drsmartload45a7i.exe
C:\drsmartload46a7i.exe
C:\drsmartload849a7i.exe
C:\dfndrfg_7.exe
C:\nwnmfg_7.exe
C:\kybrdfg_7.exe
C:\Documents and Settings\Ali\Local Settings\Temp\drsmartload180a.exe
C:\WINDOWS\drsmartload2.dat
C:\MTE3NDI6ODoxNgnew.exe
C:\warebundlenewer.exe
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\WINDOWS\QWxp
BEJON
2006-07-30, 20:47
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-29 16:55:36 78336 ( A.... ) "C:\WINDOWS\wnu_50.exe"
2006-07-29 12:48:14 155136 ( A.... ) "C:\WINDOWS\system32\oins.exe"
2006-07-29 12:48:04 81920 ( A.... ) "C:\WINDOWS\system32\ati2evxx.dll"
2006-07-29 12:46:58 14617 ( A.... ) "C:\WINDOWS\xload.exe"
2006-07-29 12:43:58 0 ( A.... ) "C:\Documents and Settings\Ali\Application Data\internaldb41.dat"
2006-07-29 12:43:52 69632 ( A.... ) "C:\WINDOWS\system32\jglkkjcc.dll"
2006-07-29 12:43:50 33012 ( A.... ) "C:\WINDOWS\system32\tpuninstall.exe"
2006-07-29 12:43:46 51712 ( A.... ) "C:\WINDOWS\system32\w014ecf5.dll"
2006-07-29 12:43:36 ( .D... ) "C:\Program Files\Batty"
2006-07-29 12:43:26 69632 ( A.... ) "C:\WINDOWS\system32\pbgdnlog.dll"
2006-07-29 12:43:18 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-07-29 12:43:12 ( .D... ) "C:\Program Files\PSHope"
2006-07-29 12:43:06 184829 ( A.... ) "C:\WINDOWS\srvhuzlded.exe"
2006-07-29 12:43:04 235134 ( A.... ) "C:\WINDOWS\srvbhdtacs.exe"
2006-07-29 12:42:58 159744 ( A.... ) "C:\WINDOWS\system32\redist.dll"
2006-07-29 12:42:58 126464 ( A.... ) "C:\WINDOWS\system32\redistributor.exe"
2006-07-29 12:42:58 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-29 12:42:56 111104 ( A.... ) "C:\numbsoftnew.exe"
2006-07-29 12:42:52 587776 ( A.... ) "C:\626_101newer.exe"
2006-07-29 12:42:52 389632 ( A.... ) "C:\webnexmknew.exe"
2006-07-29 12:42:50 61440 ( A.... ) "C:\WINDOWS\system32\vdb42eff.dll"
2006-07-29 12:42:50 1064 ( A.... ) "C:\WINDOWS\system32\vdb42eff.sys"
2006-07-29 12:42:50 1064 ( A.... ) "C:\WINDOWS\system32\vdb42eff.sys"
2006-07-29 12:42:50 ( .D... ) "C:\Program Files\System Icons"
2006-07-29 12:42:50 ( .D... ) "C:\Program Files\System Files"
2006-07-29 12:42:48 29696 ( A.... ) "C:\WINDOWS\system32\w0141203.dll"
2006-07-29 12:42:46 2560 ( A.... ) "C:\ac3_0003.exe"
2006-07-29 12:42:38 27648 ( A.... ) "C:\dist13.exe"
2006-07-29 12:42:38 ( .D... ) "C:\Program Files\Cas2Stub"
2006-07-29 12:42:34 ( .D... ) "C:\Program Files\Common Files\riuq"
2006-07-29 12:42:24 110592 ( A.... ) "C:\WINDOWS\v1201.exe"
2006-07-29 12:42:16 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-07-29 12:42:02 53120 ( A.... ) "C:\WINDOWS\optimize.exe"
2006-07-29 12:42:00 467968 ( A.... ) "C:\visfx500new.exe"
2006-07-29 12:41:56 48190 ( A.... ) "C:\RDFX4.exe"
2006-07-29 12:41:56 28672 ( A.... ) "C:\WINDOWS\system32\iqqr.exe"
2006-07-29 12:41:54 45056 ( A.... ) "C:\WINDOWS\system32ghynf.exe"
2006-07-29 12:41:54 36864 ( A.... ) "C:\WINDOWS\system32n9nyb.exe"
2006-07-29 12:41:54 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
2006-07-29 12:41:50 36864 ( A.... ) "C:\WINDOWS\system32\n9nyb.exe"
2006-07-29 12:41:50 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-29 12:41:50 ( .D... ) "C:\Program Files\Common Files\{0C15C3C4-05DA-1033-0930-031120030001}"
2006-07-29 12:41:48 102400 ( A.... ) "C:\WINDOWS\mirar.exe"
2006-07-29 12:41:48 ( .D... ) "C:\Program Files\àdobe"
2006-07-29 12:41:44 226536 ( A.... ) "C:\WINDOWS\whCC-GIANT.exe"
2006-07-29 12:41:42 57344 ( A.... ) "C:\fym9bvo.exe"
2006-07-29 12:39:44 14848 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-29 12:39:20 ( .D... ) "C:\Program Files\XoftSpySE"
2006-07-29 12:33:00 ( .D... ) "C:\Program Files\utorrent"
2006-07-29 12:33:00 ( .D... ) "C:\Documents and Settings\Ali\Application Data\uTorrent"
2006-07-25 12:25:30 139264 ( A.... ) "C:\WINDOWS\system32\cladnrkx.dll"
2006-07-20 02:07:56 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Help"
2006-07-20 01:58:42 ( .D... ) "C:\Program Files\Okidata"
2006-07-19 19:34:28 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2006-07-18 10:35:40 ( .D... ) "C:\Program Files\Trillian"
2006-07-18 10:29:30 ( .D... ) "C:\Program Files\Google"
2006-07-16 12:47:14 ( .D... ) "C:\Documents and Settings\Ali\Application Data\AdobeUM"
2006-07-14 20:59:42 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Sun"
2006-07-14 20:58:16 ( .D... ) "C:\Program Files\Java"
2006-07-14 20:56:26 ( .D... ) "C:\Program Files\Common Files\Java"
2006-07-14 20:51:16 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Macromedia"
2006-07-14 09:03:52 ( .D... ) "C:\Program Files\Common Files\Symantec Shared"
2006-07-14 08:26:58 ( .D... ) "C:\Program Files\WinRAR"
2006-07-14 08:19:26 ( .D... ) "C:\Program Files\WUSB11 WLAN Monitor"
2006-07-14 02:42:16 ( .D... ) "C:\Program Files\Microsoft.NET"
2006-07-14 02:41:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-14 02:40:22 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2006-07-14 02:38:36 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-13 23:37:08 ( .D... ) "C:\Program Files\Dell"
2006-07-13 20:30:14 ( .D... ) "C:\Program Files\CONEXANT"
2006-07-13 19:26:26 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Adobe"
2006-07-13 19:25:36 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-13 19:24:16 ( .D... ) "C:\Program Files\Adobe"
2006-07-13 17:27:52 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Aim"
2006-07-13 17:27:40 ( .D... ) "C:\Program Files\AOD"
2006-07-13 17:27:38 ( .D... ) "C:\Program Files\AIM"
2006-07-11 16:51:26 ( .D... ) "C:\Program Files\Apoint"
2006-07-10 19:32:56 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Intel"
2006-07-10 19:32:12 ( .D... ) "C:\Program Files\Intel"
2006-07-10 19:18:56 ( .D... ) "C:\Program Files\SigmaTel"
2006-07-10 19:14:52 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-10 19:14:36 ( .D... ) "C:\Program Files\Broadcom"
2006-07-10 19:14:22 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-10 19:01:36 ( .D... ) "C:\Documents and Settings\Ali\Application Data\Identities"
2006-07-10 19:01:34 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-10 19:01:24 ( .DS.. ) "C:\Documents and Settings\Ali\Application Data\Microsoft"
2006-07-10 18:53:14 ( .D... ) "C:\Program Files\xerox"
2006-07-10 18:53:14 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-10 18:52:44 0 ( ..... ) "C:\AUTOEXEC.BAT"
2006-07-10 18:50:48 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-10 18:49:50 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-10 18:49:48 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-10 18:49:34 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-10 18:49:24 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-10 18:49:20 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-10 18:49:14 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-10 18:49:10 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-10 18:48:28 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-10 18:48:06 ( .D... ) "C:\Program Files\Online Services"
2006-07-10 18:48:04 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-10 18:47:58 ( .D... ) "C:\Program Files\Messenger"
2006-07-10 18:47:54 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-10 18:47:18 ( .D... ) "C:\Program Files\MSN"
2006-07-10 18:47:16 ( .D... ) "C:\Program Files\Windows NT"
2006-07-10 13:37:50 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-10 13:37:46 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-10 13:37:46 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-10 13:37:46 ( .D... ) "C:\Program Files\Common Files"
2006-07-10 13:37:14 62 ( ..SH. ) "C:\Documents and Settings\Ali\Application Data\desktop.ini"
2006-06-29 09:07:36 61440 ( A.... ) "C:\WINDOWS\system32\BattyRun.dll"
2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\abkw.dll"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-15 18:24:34 466944 ( A.... ) "C:\WINDOWS\system32\capicom.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-29 16:55 78,336 C:\WINDOWS\wnu_50.exe
2006-07-29 12:48 81,920 C:\WINDOWS\system32\ati2evxx.dll
2006-07-29 12:48 139,264 C:\WINDOWS\system32\cladnrkx.dll
2006-07-29 12:47 155,136 C:\WINDOWS\system32\oins.exe
2006-07-29 12:47 14,617 C:\WINDOWS\xload.exe
2006-07-29 12:43 69,632 C:\WINDOWS\system32\pbgdnlog.dll
2006-07-29 12:43 69,632 C:\WINDOWS\system32\jglkkjcc.dll
2006-07-29 12:43 51,712 C:\WINDOWS\system32\w014ecf5.dll
2006-07-29 12:43 38,412 C:\WINDOWS\ssqbn.exe
2006-07-29 12:43 33,012 C:\WINDOWS\system32\tpuninstall.exe
2006-07-29 12:43 235,134 C:\WINDOWS\srvbhdtacs.exe
2006-07-29 12:43 184,829 C:\WINDOWS\srvhuzlded.exe
2006-07-29 12:42 844,304 C:\WINDOWS\ggwkrlyA.exe
2006-07-29 12:42 683,728 C:\WINDOWS\ggwkrly.exe
2006-07-29 12:42 61,440 C:\WINDOWS\system32\vdb42eff.dll
2006-07-29 12:42 587,776 C:\626_101newer.exe
2006-07-29 12:42 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-29 12:42 389,632 C:\webnexmknew.exe
2006-07-29 12:42 29,696 C:\WINDOWS\system32\w0141203.dll
2006-07-29 12:42 27,648 C:\dist13.exe
2006-07-29 12:42 2,560 C:\ac3_0003.exe
2006-07-29 12:42 159,744 C:\WINDOWS\system32\redist.dll
2006-07-29 12:42 14,848 C:\stub_113_4_0_4_0newer.exe
2006-07-29 12:42 126,464 C:\WINDOWS\system32\redistributor.exe
2006-07-29 12:42 111,104 C:\numbsoftnew.exe
2006-07-29 12:42 110,592 C:\WINDOWS\v1201.exe
2006-07-29 12:42 1,064 C:\WINDOWS\system32\vdb42eff.sys
2006-07-29 12:41 57,344 C:\fym9bvo.exe
2006-07-29 12:41 53,120 C:\WINDOWS\optimize.exe
2006-07-29 12:41 48,190 C:\RDFX4.exe
2006-07-29 12:41 467,968 C:\visfx500new.exe
2006-07-29 12:41 45,056 C:\WINDOWS\system32ghynf.exe
2006-07-29 12:41 40,960 C:\WINDOWS\webhdll.dll
2006-07-29 12:41 36,864 C:\WINDOWS\system32n9nyb.exe
2006-07-29 12:41 36,864 C:\WINDOWS\system32\n9nyb.exe
2006-07-29 12:41 28,672 C:\WINDOWS\system32bez6n4r21.exe
2006-07-29 12:41 28,672 C:\WINDOWS\system32\iqqr.exe
2006-07-29 12:41 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-29 12:41 226,536 C:\WINDOWS\whCC-GIANT.exe
2006-07-29 12:41 102,400 C:\WINDOWS\mirar.exe
2006-07-29 12:39 14,848 C:\WINDOWS\system32\BASSMOD.dll
2006-07-20 01:58 23,552 C:\WINDOWS\system32\oklprmon.dll
2006-07-16 11:15 96,256 C:\WINDOWS\system32\SMACKW32.DLL
2006-07-16 09:15 969,216 C:\WINDOWS\system32\qd3d.dll
2006-07-16 09:15 596,992 C:\WINDOWS\system32\rave.dll
2006-07-16 09:15 126,976 C:\WINDOWS\system32\3DViewer.dll
2006-07-16 09:05 306,688 C:\WINDOWS\IsUninst.exe
2006-07-16 08:59 722,192 C:\WINDOWS\system32\Vb40032.DLL
2006-07-16 08:59 7,168 C:\WINDOWS\system32\DTCTRACE.DLL
2006-07-16 08:59 7,168 C:\WINDOWS\system32\DISPDIB.DLL
2006-07-16 08:59 582,144 C:\WINDOWS\system32\DAO350.DLL
2006-07-16 08:59 57,856 C:\WINDOWS\system32\ADME.DLL
2006-07-16 08:59 48,128 C:\WINDOWS\system32\DTCUTIL.DLL
2006-07-16 08:59 403,216 C:\WINDOWS\system32\MSREPL35.DLL
2006-07-16 08:59 29,696 C:\WINDOWS\system32\VB5STKIT.DLL
2006-07-16 08:59 210,944 C:\WINDOWS\system32\MSVCRT10.DLL
2006-07-16 08:59 194,048 C:\WINDOWS\system32\DTCCM.DLL
2006-07-16 08:59 19,456 C:\WINDOWS\system32\SLSLic32.dll
2006-07-16 08:59 151,552 C:\WINDOWS\uninst95.exe
2006-07-16 08:50 77,824 C:\WINDOWS\system32\ODBCTL32.DLL
2006-07-16 08:50 7,680 C:\WINDOWS\system32\CONVDSN.EXE
2006-07-16 08:50 37,136 C:\WINDOWS\system32\MSJINT35.DLL
2006-07-16 08:50 368,912 C:\WINDOWS\system32\VBAR332.DLL
2006-07-16 08:50 251,664 C:\WINDOWS\system32\MSRD2X35.DLL
2006-07-16 08:50 24,336 C:\WINDOWS\system32\MSJTER35.DLL
2006-07-16 08:50 22,016 C:\WINDOWS\system32\ODBCSTF.DLL
2006-07-16 08:50 1,038,848
BEJON
2006-07-30, 20:48
C:\WINDOWS\system32\MSJET35.DLL
2006-07-16 08:47 299,520 C:\WINDOWS\uninst.exe
2006-07-16 00:04 221,184 C:\WINDOWS\system32\wmpns.dll
2006-07-14 20:59 53,346 C:\WINDOWS\system32\javaw.exe
2006-07-14 20:59 49,248 C:\WINDOWS\system32\java.exe
2006-07-14 20:59 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-14 09:04 466,944 C:\WINDOWS\system32\capicom.dll
2006-07-14 08:19 40,960 C:\WINDOWS\system32\IsUser11b.dll
2006-07-14 02:43 24,816 C:\WINDOWS\system32\mdimon.dll
2006-07-13 23:37 667,648 C:\WINDOWS\system32\BCMLogon.dll
2006-07-13 20:29 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-07-13 20:29 42,858 C:\WINDOWS\system32\hsfci014.dll
2006-07-13 20:27 176,128 C:\WINDOWS\system32\nvudisp.exe
2006-07-13 20:25 86,016 C:\WINDOWS\system32\nvmctray.dll
2006-07-13 20:25 81,920 C:\WINDOWS\system32\nvwddi.dll
2006-07-13 20:25 7,118,848
C:\WINDOWS\system32\nvcpl.dll
2006-07-13 20:25 5,140,480 C:\WINDOWS\system32\nvoglnt.dll
2006-07-13 20:25 466,944 C:\WINDOWS\system32\nvshell.dll
2006-07-13 20:25 442,368 C:\WINDOWS\system32\nvappbar.exe
2006-07-13 20:25 393,216 C:\WINDOWS\system32\keystone.exe
2006-07-13 20:25 335,872 C:\WINDOWS\system32\nvwrses.dll
2006-07-13 20:25 327,680 C:\WINDOWS\system32\nvwrsfr.dll
2006-07-13 20:25 323,584 C:\WINDOWS\system32\nvwrsit.dll
2006-07-13 20:25 32,768 C:\WINDOWS\system32\nvcodins.dll
2006-07-13 20:25 32,768 C:\WINDOWS\system32\nvcod.dll
2006-07-13 20:25 319,488 C:\WINDOWS\system32\nvwrsptb.dll
2006-07-13 20:25 311,296 C:\WINDOWS\system32\nvwrsde.dll
2006-07-13 20:25 3,912,192 C:\WINDOWS\system32\nv4_disp.dll
2006-07-13 20:25 270,336 C:\WINDOWS\system32\nvrsit.dll
2006-07-13 20:25 270,336 C:\WINDOWS\system32\nvrsfr.dll
2006-07-13 20:25 270,336 C:\WINDOWS\system32\nvrses.dll
2006-07-13 20:25 266,240 C:\WINDOWS\system32\nvrsde.dll
2006-07-13 20:25 253,952 C:\WINDOWS\system32\nvrsptb.dll
2006-07-13 20:25 253,952 C:\WINDOWS\system32\nvrsja.dll
2006-07-13 20:25 249,856 C:\WINDOWS\system32\nvrsko.dll
2006-07-13 20:25 212,992 C:\WINDOWS\system32\nvwrsja.dll
2006-07-13 20:25 212,992 C:\WINDOWS\system32\nvrszhc.dll
2006-07-13 20:25 196,608 C:\WINDOWS\system32\nvwrsko.dll
2006-07-13 20:25 167,936 C:\WINDOWS\system32\nvwrszht.dll
2006-07-13 20:25 163,840 C:\WINDOWS\system32\nvwrszhc.dll
2006-07-13 20:25 127,044 C:\WINDOWS\system32\nvsvc32.exe
2006-07-13 20:25 114,688 C:\WINDOWS\system32\nvrszht.dll
2006-07-13 20:25 1,662,976 C:\WINDOWS\system32\nvwdmcpl.dll
2006-07-13 20:25 1,519,616 C:\WINDOWS\system32\nwiz.exe
2006-07-13 20:25 1,466,368 C:\WINDOWS\system32\nview.dll
2006-07-13 20:25 1,339,392 C:\WINDOWS\system32\nvdspsch.exe
2006-07-13 20:25 1,019,904 C:\WINDOWS\system32\nvwimg.dll
2006-07-13 17:36 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-13 17:32 18,200 C:\WINDOWS\system32\wups2.dll
2006-07-11 16:51 95,511 C:\WINDOWS\system32\Vxdif.dll
2006-07-10 19:20 69,632 C:\WINDOWS\system32\bcmwlpkt.dll
2006-07-10 19:20 253,952 C:\WINDOWS\system32\bcmwlu00.exe
2006-07-10 19:20 1,200,128 C:\WINDOWS\system32\BCMWLTRY.EXE
2006-07-10 19:19 89,088 C:\WINDOWS\system32\ATL71.DLL
2006-07-10 19:19 86,016 C:\WINDOWS\system32\preflib.dll
2006-07-10 19:19 757,760 C:\WINDOWS\system32\bcm1xsup.dll
2006-07-10 19:19 499,712 C:\WINDOWS\system32\MSVCP71.DLL
2006-07-10 19:19 44,032 C:\WINDOWS\system32\wltrynt.dll
2006-07-10 19:19 348,160 C:\WINDOWS\system32\MSVCR71.DLL
2006-07-10 19:19 2,129,920 C:\WINDOWS\system32\WLBCGCBPRO731.DLL
2006-07-10 19:19 18,944 C:\WINDOWS\system32\WLTRYSVC.EXE
2006-07-10 19:19 1,347,584 C:\WINDOWS\system32\WLTRAY.EXE
2006-07-10 19:19 1,060,864 C:\WINDOWS\system32\MFC71.DLL
2006-07-10 19:18 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-10 18:52 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-10 18:52 0 C:\MSDOS.SYS
2006-07-10 18:52 0 C:\IO.SYS
2006-07-10 18:52 0 C:\CONFIG.SYS
2006-07-10 18:52 0 C:\AUTOEXEC.BAT
2006-07-10 18:50 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-10 18:49 81,920 C:\WINDOWS\system32\isign32.dll
2006-07-10 18:49 81,920 C:\WINDOWS\system32\ils.dll
2006-07-10 18:49 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-07-10 18:49 73,728 C:\WINDOWS\system32\icwdial.dll
2006-07-10 18:49 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-10 18:49 69,632 C:\WINDOWS\system32\msconf.dll
2006-07-10 18:49 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-07-10 18:49 67,584 C:\WINDOWS\system32\srclient.dll
2006-07-10 18:49 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-07-10 18:49 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-10 18:49 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-07-10 18:49 48,128 C:\WINDOWS\system32\inetres.dll
2006-07-10 18:49 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-10 18:49 45,568 C:\WINDOWS\system32\safrslv.dll
2006-07-10 18:49 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-07-10 18:49 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-07-10 18:49 41,240 C:\WINDOWS\system32\wups.dll
2006-07-10 18:49 382,464 C:\WINDOWS\system32\qmgr.dll
2006-07-10 18:49 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-07-10 18:49 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-10 18:49 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-07-10 18:49 29,696 C:\WINDOWS\system32\safrdm.dll
2006-07-10 18:49 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-07-10 18:49 274,944 C:\WINDOWS\system32\mstask.dll
2006-07-10 18:49 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-07-10 18:49 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-07-10 18:49 239,104 C:\WINDOWS\system32\srrstr.dll
2006-07-10 18:49 22,528 C:\WINDOWS\system32\fltMc.exe
2006-07-10 18:49 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-10 18:49 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-07-10 18:49 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-10 18:49 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-10 18:49 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-10 18:49 170,496 C:\WINDOWS\system32\srsvc.dll
2006-07-10 18:49 16,896 C:\WINDOWS\system32\fltlib.dll
2006-07-10 18:49 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-10 18:49 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-10 18:49 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-10 18:49 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-10 18:49 12,288 C:\WINDOWS\system32\mstinit.exe
2006-07-10 18:49 105,984 C:\WINDOWS\system32\msoert2.dll
2006-07-10 18:49 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-10 18:47 97,792 C:\WINDOWS\system32\comrepl.dll
2006-07-10 18:47 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-07-10 18:47 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-10 18:47 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-07-10 18:47 9,728 C:\WINDOWS\system32\reset.exe
2006-07-10 18:47 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-07-10 18:47 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-10 18:47 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-10 18:47 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-10 18:47 67,072 C:\WINDOWS\system32\rdshost.exe
2006-07-10 18:47 655,360 C:\WINDOWS\system32\mstscax.dll
2006-07-10 18:47 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-07-10 18:47 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-07-10 18:47 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-10 18:47 60,416 C:\WINDOWS\system32\remotepg.dll
2006-07-10 18:47 60,416 C:\WINDOWS\system32\colbact.dll
2006-07-10 18:47 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-10 18:47 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-07-10 18:47 58,880 C:\WINDOWS\system32\licwmi.dll
2006-07-10 18:47 56,832 C:\WINDOWS\system32\sol.exe
2006-07-10 18:47 56,320 C:\WINDOWS\system32\servdeps.dll
2006-07-10 18:47 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-10 18:47 540,160 C:\WINDOWS\system32\comuid.dll
2006-07-10 18:47 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-10 18:47 538,624 C:\WINDOWS\system32\spider.exe
2006-07-10 18:47 5,632 C:\WINDOWS\system32\write.exe
2006-07-10 18:47 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-10 18:47 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-07-10 18:47 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-07-10 18:47 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-10 18:47 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-07-10 18:47 407,552 C:\WINDOWS\system32\mstsc.exe
2006-07-10 18:47 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-10 18:47 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-10 18:47 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-07-10 18:47 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-10 18:47 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-07-10 18:47 343,040 C:\WINDOWS\system32\mspaint.exe
2006-07-10 18:47 33,792 C:\WINDOWS\system32\regini.exe
2006-07-10 18:47 295,424 C:\WINDOWS\system32\termsrv.dll
2006-07-10 18:47 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-10 18:47 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-10 18:47 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-10 18:47 225,792 C:\WINDOWS\system32\catsrv.dll
2006-07-10 18:47 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-10 18:47 20,992 C:\WINDOWS\system32\msg.exe
2006-07-10 18:47 20,480 C:\WINDOWS\system32\qprocess.exe
2006-07-10 18:47 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-10 18:47 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-07-10 18:47 185,344 C:\WINDOWS\system32\cmprops.dll
2006-07-10 18:47 183,808 C:\WINDOWS\system32\accwiz.exe
2006-07-10 18:47 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-07-10 18:47 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-10 18:47 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-10 18:47 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-10 18:47 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-10 18:47 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-10 18:47 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-10 18:47 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-10 18:47 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-10 18:47 147,968 C:\WINDOWS\system32\rdchost.dll
2006-07-10 18:47 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-10 18:47 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-07-10 18:47 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-10 18:47 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-10 18:47 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-10 18:47 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-10 18:47 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-07-10 18:47 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-07-10 18:47 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-10 18:47 123,392 C:\WINDOWS\system32\mplay32.exe
2006-07-10 18:47 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-10 18:47 114,688 C:\WINDOWS\system32\calc.exe
2006-07-10 18:47 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-07-10 18:47 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-07-10 18:47 11,264 C:\WINDOWS\system32\icaapi.dll
2006-07-10 18:47 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-07-10 18:47 1,267,200C:\WINDOWS\system32\comsvcs.dll
2006-07-10 18:47 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-10 13:40 8,192 C:\WINDOWS\system32\wshirda.dll
2006-07-10 13:40 27,136 C:\WINDOWS\system32\irmon.dll
2006-07-10 13:40 152,576 C:\WINDOWS\system32\irftp.exe
2006-07-10 13:39 74,240 C:\WINDOWS\system32\usbui.dll
2006-07-10 13:37 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-10 13:37 8,704 C:\WINDOWS\system32\batt.dll
2006-07-10 13:37 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-10 13:37 74,752 C:\WINDOWS\system32\storprop.dll
2006-07-10 13:37 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-10 13:37 69,120 C:\WINDOWS\NOTEPAD.EXE
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-10 13:37 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-10 13:37 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-10 13:37 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-10 13:37 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-10 13:37 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-10 13:37 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-10 13:37 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-10 13:37 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-10 13:31 603,979,776 C:\pagefile.sys
2006-06-29 09:07 61,440 C:\WINDOWS\system32\BattyRun.dll
2006-06-23 10:22 9,216 C:\WINDOWS\abkw.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TheMonitor"=""
"ACTX1"="C:\\WINDOWS\\v1201.exe"
"XoftSpySE"="C:\\Program Files\\XoftSpySE\\xoftspy.exe -s"
"ggwkrlyA"="C:\\WINDOWS\\ggwkrlyA.exe"
"NwCplMonitor"="C:\\WINDOWS\\system32\\redistributor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"ggwkrlyA"="C:\\WINDOWS\\ggwkrlyA.exe"
"defender"="C:\\\\dfndrfg_7.exe"
"vdb42eff"="RUNDLL32.EXE w0141203.dll,n 00242efd000000030141203"
"w014ecf5.dll"="RUNDLL32.EXE w014ecf5.dll,I2 00242efd0014ecf5"
"xload"="\"C:\\WINDOWS\\xload.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"riuq"="C:\\PROGRA~1\\COMMON~1\\riuq\\riuqm.exe"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""
"Ortn"="\"C:\\PROGRA~1\\DOBE~1\\dllhost.exe\" -vt mt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\AutorunsDisabled]
"pmsngr.exe"="C:\\Program Files\\Media-Codec\\pmsngr.exe"
"homepage.monitor.exe"="C:\\Program Files\\Media-Codec\\isamonitor.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{0C15C3C4-05DA-1033-0930-031120030001}"="\"C:\\Program Files\\Common Files\\{0C15C3C4-05DA-1033-0930-031120030001}\\Update.exe\" mc-110-12-0000103"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00000000
"Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,1c,01,00,00,db,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,01,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKLM"
"command"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WLTRAY"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=dword:00000002
"wuauserv"=dword:00000002




Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpySE.job

Completion time: Sun 07/30/2006 13:32:03.46
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt
tashi
2006-07-30, 22:16
Hello
Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
tashi
2006-08-03, 22:37
Is this the same computer?
http://forums.spybot.info/showthread.php?t=6278

This one?
http://forums.spybot.info/showthread.php?t=6261&page=2
tashi
2006-08-04, 06:44
Two topics merged.

http://forums.spybot.info/showthread.php?t=6261&page=2

Members please start one topic for same computer and one topic only, thank you.

This topic closed.