Number of viruses 93, infected objects 719

[piratenews]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:13 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - C:\WINDOWS\system32\admdsc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4501 bytes


=========================================================


ComboFix 08-06-07.3 - John Lee 2008-06-08 14:25:53.5 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\system32\183aa.exe
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\drivers\Cksu78.sys
C:\WINDOWS\system32\hlnftdrlttr.nls
C:\WINDOWS\system32\hlphnttnjhr.sys
C:\WINDOWS\system32\pltllp.drv
C:\WINDOWS\system32\ptldtl.dll
C:\WINDOWS\system32\ptpdrfhlhbt.dll
C:\WINDOWS\system32\ptpdrfhlhbt_ORIGINAL.dll
C:\WINDOWS\system32\rdpthj.sys
C:\WINDOWS\system32\torapcfm.dll
C:\WINDOWS\TEMP\brfnhbjtdp.dll
C:\WINDOWS\TEMP\nntnnbrh.dll
C:\WINDOWS\TEMP\pltllp.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CKSU78
-------\Service_Cksu78
-------\Service_CKSU78


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-08 14:41 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zazodeji
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\WINDOWS\system32\admdsc.dll
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\Documents and Settings\All Users\Application Data\ufofsron.dll
2008-05-21 11:56 . 2008-05-21 11:56 106,496 --a------ C:\WINDOWS\system32\vmnylyrg.exe
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-19 19:01 . 2008-05-19 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dgpixcds
2008-05-19 19:01 . 2008-05-19 19:01 122,880 --a------ C:\Documents and Settings\All Users\Application Data\ubcredal.dll
2008-05-19 19:01 . 2008-05-19 19:01 4,096 --a------ C:\WINDOWS\system32\anticipator_delete_virus.dll
2008-05-19 19:00 . 2008-05-19 19:00 122,880 --a------ C:\WINDOWS\system32\strsys.dll
2008-05-19 19:00 . 2008-05-19 19:00 102,400 --a------ C:\WINDOWS\system32\puvkbohq.exe
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-09 15:20 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-09 15:20 . 2008-05-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-09 12:38 . 2008-05-09 13:00 <DIR> d-------- C:\Program Files\worthles
2008-05-09 12:38 . 2008-05-09 12:38 <DIR> d-------- C:\Program Files\WAYBEY~1
2008-05-09 12:38 . 2008-05-09 12:58 <DIR> d-------- C:\Program Files\NEUROC~1
2008-05-09 12:38 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\MOTORC~1
2008-05-09 12:37 . 2008-05-09 12:57 <DIR> d-------- C:\Program Files\jeru
2008-05-09 12:37 . 2008-05-09 12:56 <DIR> d-------- C:\Program Files\GENERA~1
2008-05-09 12:37 . 2008-05-09 12:55 <DIR> d-------- C:\Program Files\empirest
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dodger
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dirtydoz
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\cube
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\creature
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\crass
2008-05-09 12:36 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\crakoom
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\COPPAK~1
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\conca
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\COLLEG~2
2008-05-09 12:35 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\COLLEG~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CLONEW~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CAPTAI~1
2008-05-09 12:34 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BURLES~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLUELI~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLINDM~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\beatmygu
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\autobahn
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\arnon
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMORP~1
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMAGG~1
2008-05-09 12:32 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\ANYTHI~1
2008-05-09 12:32 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ANGRYB~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ANCIEN~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\amerika
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ALIENS~1
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\alien
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\aldo
2008-05-09 12:31 . 2008-05-09 12:31 <DIR> d-------- C:\Program Files\ACTION~1
2008-05-09 12:30 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ABDUCT~1
2008-05-08 12:39 . 2008-05-08 12:39 29 --a------ C:\WINDOWS\system32\auqwqdas.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-30 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\vmxkzufk
2008-04-28 15:48 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\atubgxav.dll
2008-04-28 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\yvktobmb
2008-04-27 11:10 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\whulibwj.dll
2008-04-27 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\parifcpm
2008-04-25 23:25 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
2008-04-25 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\dunwjghm
2008-04-24 06:49 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\elitcvol.dll
2008-04-24 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\fmpkrczw
2008-04-23 18:42 118,784 ----a-w C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
2008-04-23 02:56 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
2008-04-23 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\dgxwxyjw
2008-04-22 00:52 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
2008-04-22 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\hydmhcby
2008-04-21 10:32 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
2008-04-21 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\fspmjgfy
2008-04-21 00:31 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
2008-04-21 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\izgtgbct
2008-04-19 23:40 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
2008-04-19 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\qtglohyd
2008-04-18 10:50 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\azqteduj.dll
2008-04-18 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\fyvgtytu
2008-04-16 06:48 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
2008-04-16 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\dsxmtkvi
2008-04-14 20:11 131,072 ----a-w C:\Documents and Settings\All Users\Application Data\pabedoza.dll
2008-04-13 15:55 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
2008-04-11 04:39 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
2008-04-11 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\danwhoha
2008-04-10 04:15 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
2008-04-10 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\whulahat
2008-04-09 18:10 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
2008-04-09 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\cnifshqp
2008-04-08 08:35 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
2008-04-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\jahihoxw
2008-04-07 21:59 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2008-04-07 21:59 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2008-04-07 05:35 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\dojazyds.dll
2008-04-05 04:05 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
2008-04-02 19:13 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-28 21:18 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
2008-03-27 19:37 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
2008-03-27 03:24 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-27 00:20 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 09:41 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
2008-03-26 03:14 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\elazqfct.dll
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-18 18:34 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\obunarah.dll
2008-03-18 17:13 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
2008-03-18 04:24 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\tijwncze.dll
2008-03-18 01:04 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
2008-03-17 23:36 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 22:35 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2007-06-08 16:01 27,917,104 -c--a-w C:\Program Files\downloadable_install_wizard.exe
2007-04-27 05:39 4,960,221 -c--a-w C:\Program Files\RivaEncoderSetup.exe
2007-04-02 08:12 1,512,927 -c--a-w C:\Program Files\LADSPA_plugins-win-0.4.15.exe
2007-04-02 08:11 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-02 07:57 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2007-03-16 11:07 502,941 ----a-w C:\Program Files\MPEG_Streamclip_1.1.zip
2007-02-27 19:59 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
2007-02-27 19:57 1,629,496 ----a-w C:\Program Files\VOB2MPGv2_3.zip
2007-02-27 09:48 392,984 ----a-w C:\Program Files\SmartRipper 2.41.zip
2007-01-29 11:53 3,602,120 -c--a-w C:\Program Files\SFTPMSI.exe
2007-01-16 11:58 363,800 -c--a-w C:\Program Files\download-flvplayer_setup.exe.exe
2007-01-09 10:22 20,368,912 -c--a-w C:\Program Files\GoogleEarthWinProSetup.exe
2007-01-02 07:54 55,217 ----a-w C:\Program Files\Copy of checkboxtemplate.zip
2007-01-02 07:54 55,217 ----a-w C:\Program Files\checkboxtemplate.zip
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_14.59.37.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 22:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 07:56:44 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 20:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 20:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2004-09-22 22:46:12 229,376 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2005-03-03 04:48:59 12,400 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-10-06 06:59:14 49,152 -c--a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:55:52 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:56:02 17,920 ----a-w C:\WINDOWS\CTHELPER.EXE
+ 2006-08-11 18:56:06 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
+ 2007-09-11 17:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 17:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 17:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 17:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-08 16:52:25 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-08 16:52:25 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-08 05:06:16 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-08 05:06:16 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2003-03-31 12:00:00 2,589 -c----w C:\WINDOWS\I386\RUNW32.BAT
- 2003-10-06 06:48:18 20,480 -c--a-w C:\WINDOWS\INRES.DLL
+ 2006-08-11 18:57:06 11,776 -c--a-w C:\WINDOWS\INRES.DLL
+ 2008-03-20 03:43:00 22,666 --sh--r C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll
+ 2008-03-18 21:44:10 22,614 --sh--r C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll
+ 2008-03-18 20:10:00 22,782 ----a-w C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll
+ 2008-03-18 20:09:47 22,610 --sh--r C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll
+ 2007-09-15 09:00:26 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\3FHBXBRT.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\9JD7RRLZ.DAT
+ 2007-09-15 09:00:23 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\L3V5NZPR.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\MPNHB79J.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\NNT793TB.DAT
+ 2005-12-29 05:34:27 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\RJ5NXZXN.DAT
- 2003-06-20 10:13:46 49,152 -c--a-w C:\WINDOWS\MIDIDEF.EXE
+ 2006-08-11 18:42:52 25,600 ----a-w C:\WINDOWS\MIDIDEF.EXE
- 2006-12-09 20:26:25 11,402 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-05-05 15:01:04 12,007 -c--a-w C:\WINDOWS\mozver.dat
- 2003-10-06 06:59:00 184,320 -c--a-w C:\WINDOWS\PSCONV.EXE
+ 2006-08-11 18:56:04 34,304 ----a-w C:\WINDOWS\PSCONV.EXE
- 2003-10-06 06:58:50 180,224 -c--a-w C:\WINDOWS\READREG.EXE
+ 2006-08-11 18:56:08 35,840 ----a-w C:\WINDOWS\READREG.EXE
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2003-03-31 12:00:00 138,752 ----a-w C:\WINDOWS\sndvol32.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2002-11-22 13:07:10 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2005-06-08 00:58:54 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 1996-11-13 20:33:32 1,504 -c--a-w C:\WINDOWS\system\NPRX16.DLL
+ 1996-11-27 16:01:18 1,540 -c--a-w C:\WINDOWS\system\NSX83P16.DLL
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\a3d.dll
+ 2006-08-11 18:56:28 33,792 ----a-w C:\WINDOWS\system32\a3d.dll
- 2003-10-06 06:55:56 53,248 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2006-08-11 18:56:16 26,624 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2008-04-24 06:49:46 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
+ 2008-04-14 20:11:50 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
+ 2008-04-23 18:42:28 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
+ 2008-04-23 02:56:01 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
+ 2008-04-27 11:10:55 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
+ 2008-04-02 19:13:37 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2003-10-06 06:44:28 114,688 ----a-w C:\WINDOWS\system32\commonfx.dll
+ 2006-08-11 18:48:08 87,552 ----a-w C:\WINDOWS\system32\commonfx.dll
- 2008-03-13 16:12:41 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-02 18:43:28 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-11 18:45:36 200,192 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2006-08-11 18:48:50 158,720 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
- 2003-10-06 06:57:50 57,344 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
+ 2006-08-11 18:56:02 7,168 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
- 2003-11-19 02:09:46 126,976 -c--a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2006-08-11 18:45:34 74,752 ----a-w C:\WINDOWS\system32\CTASIO.DLL
- 2003-11-18 07:23:50 585,728 ----a-w C:\WINDOWS\system32\ctaudfx.dll
+ 2006-08-11 18:48:12 536,576 ----a-w C:\WINDOWS\system32\ctaudfx.dll
- 2003-10-21 09:54:48 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
+ 2006-08-11 18:45:08 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
- 2003-10-21 09:50:46 112,411 -c--a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:43:20 113,221 ----a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:57:18 37,888 ----a-w C:\WINDOWS\system32\CTBURST.DLL
- 2003-10-06 06:48:30 69,632 -c--a-w C:\WINDOWS\system32\ctcoinst.dll
+ 2006-08-11 18:57:04 81,920 ----a-w C:\WINDOWS\system32\CTCOINST.DLL
- 2003-10-21 09:47:34 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
+ 2006-08-11 18:43:04 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
- 2003-11-27 01:35:26 327,680 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2006-08-11 18:55:52 190,976 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
- 2003-12-03 01:08:46 466,944 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2006-08-11 18:55:52 286,208 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
- 2003-10-06 06:57:12 139,264 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2006-08-11 18:55:54 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
- 2003-10-21 09:54:50 217,272 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 323,640 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 44,567 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
- 2003-10-06 06:46:42 110,592 ----a-w C:\WINDOWS\system32\CTDPROXY.DLL
+ 2006-08-11 18:45:34 71,680 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2003-10-06 06:48:42 143,360 -c--a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:57:06 146,432 ----a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:48:28 160,768 ----a-w C:\WINDOWS\system32\cteapsfx.dll
+ 2006-08-11 18:45:36 47,616 ----a-w C:\WINDOWS\system32\CTEDASIO.DLL
+ 2006-08-11 18:45:40 269,824 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
+ 2006-08-11 18:45:50 115,200 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
+ 2006-08-11 18:48:06 317,952 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
- 2003-10-06 06:45:28 36,864 -c--a-w C:\WINDOWS\system32\CTEMUPIA.DLL
+ 2006-08-11 18:48:52 108,032 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2006-08-11 18:48:42 1,170,432 ----a-w C:\WINDOWS\system32\CTEXFIFX.dll
+ 2006-08-11 18:48:52 61,952 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
+ 2005-06-16 22:17:16 71,680 ----a-w C:\WINDOWS\system32\CTMMACTL.DLL
- 2003-10-06 06:57:48 28,672 -c--a-w C:\WINDOWS\system32\CTMMEP.DLL
+ 2006-08-11 18:56:00 11,776 ----a-w C:\WINDOWS\system32\CTMMEP.DLL
- 2003-10-06 06:46:50 159,744 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:45:22 132,096 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:56:00 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2006-08-11 18:55:56 9,216 ----a-w C:\WINDOWS\system32\CTPRES.DLL
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\ctsbas2w.dat
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\ctsbas2w.dat
- 2003-10-21 09:50:44 230,201 -c--a-w C:\WINDOWS\system32\CTSBASW.DAT
+ 2006-08-11 18:43:18 231,281 ----a-w C:\WINDOWS\system32\CTSBASW.DAT
- 2003-10-06 06:46:14 606,208 ----a-w C:\WINDOWS\system32\ctsblfx.dll
+ 2006-08-11 18:48:32 548,352 ----a-w C:\WINDOWS\system32\ctsblfx.dll
- 2003-10-06 06:57:20 118,784 -c--a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2006-08-11 18:55:54 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2005-06-30 19:24:14 121,856 ----a-w C:\WINDOWS\system32\CTSFINST.DLL
- 2003-10-06 06:58:46 45,056 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2006-08-11 18:56:02 23,040 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
- 2003-10-21 09:47:40 298,971 ----a-w C:\WINDOWS\system32\ctstatic.dat
+ 2006-08-11 18:43:04 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
- 2003-12-31 00:48:26 106,496 -c--a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:55:54 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:56:06 26,112 ----a-w C:\WINDOWS\system32\CTXFIBTN.DLL
+ 2006-08-11 18:56:04 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
+ 2006-08-11 18:53:22 42,496 ----a-w C:\WINDOWS\system32\CTXFIREG.EXE
+ 2006-08-11 18:53:22 52,224 ----a-w C:\WINDOWS\system32\CTXFISPI.DLL
+ 2006-08-11 18:53:20 733,184 ----a-w C:\WINDOWS\system32\CTXFISPI.EXE
+ 2006-08-11 18:56:06 25,088 ----a-w C:\WINDOWS\system32\CTXFISPK.DLL
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:12 232,847 ----a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:04 15,899 ----a-w C:\WINDOWS\system32\Data\CTD20X.DAT
+ 2006-08-11 18:43:18 199,465 ----a-w C:\WINDOWS\system32\Data\CTEAPSW.DAT
+ 2006-08-11 18:43:40 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSP2W.DAT
+ 2006-08-11 18:43:42 339,138 ----a-w C:\WINDOWS\system32\Data\CTEDSPHW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPKW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPLW.DAT
+ 2006-08-11 18:43:42 321,378 ----a-w C:\WINDOWS\system32\Data\CTEDSPPW.DAT
+ 2006-08-11 18:43:40 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPTW.DAT
+ 2006-08-11 18:43:42 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPUW.DAT
+ 2006-08-11 18:43:32 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSPW.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
+ 2006-08-11 18:43:20 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
- 2003-10-21 09:54:42 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
+ 2006-08-11 18:43:26 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
- 2003-10-21 09:54:42 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
+ 2006-08-11 18:43:22 265,882 ----a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
- 2003-10-21 09:50:42 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
+ 2006-08-11 18:43:22 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
- 2003-10-21 09:54:42 265,695 -c--a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
+ 2006-08-11 18:43:24 266,271 ----a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
- 2003-10-21 09:54:42 265,396 -c--a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
+ 2006-08-11 18:43:24 265,972 ----a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
- 2003-10-21 09:54:44 307,781 -c--a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
+ 2006-08-11 18:43:26 309,525 ----a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
- 2003-10-21 09:54:44 307,511 -c--a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
+ 2006-08-11 18:43:28 309,255 ----a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
- 2003-10-21 09:54:44 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:28 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:30 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0246W.DAT
- 2003-10-21 09:54:44 307,052 -c--a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
+ 2006-08-11 18:43:30 308,796 ----a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
+ 2006-08-11 18:43:30 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
+ 2006-08-11 18:43:32 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
- 2003-10-21 09:54:46 312,351 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
+ 2006-08-11 18:43:32 314,095 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
- 2003-10-21 09:54:46 310,240 -c--a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:32 311,984 ----a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:36 312,649 ----a-w C:\WINDOWS\system32\Data\CTP0355W.DAT
+ 2006-08-11 18:43:34 312,007 ----a-w C:\WINDOWS\system32\Data\CTP0358W.DAT
+ 2006-08-11 18:43:34 311,077 ----a-w C:\WINDOWS\system32\Data\CTP0359W.DAT
- 2003-10-21 09:54:46 308,787 -c--a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:34 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:36 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0380W.DAT
+ 2006-08-11 18:43:36 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0400W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
+ 2006-08-11 18:44:24 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0530L.DAT
+ 2006-08-11 18:43:42 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0530W.DAT
+ 2006-08-11 18:45:08 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0531L.DAT
+ 2006-08-11 18:44:26 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0531W.DAT
+ 2006-08-11 18:45:10 245,351 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2006-08-11 18:45:12 245,023 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0600W.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0610W.DAT
+ 2006-08-11 18:43:40 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0669W.DAT
+ 2006-08-11 18:45:08 326,466 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2006-08-11 18:45:10 245,847 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
+ 2006-08-11 18:45:12 245,847 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
- 2003-10-21 09:54:40 257,478 -c--a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
+ 2006-08-11 18:43:20 258,054 ----a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
+ 2006-08-11 18:43:10 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
+ 2006-08-11 18:43:12 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
+ 2006-08-11 18:43:14 232,847 ----a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:04 2,091 ----a-w C:\WINDOWS\system32\Data\CTS20X.DAT
+ 2008-04-28 15:48:15 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2006-08-11 18:42:50 47,104 ----a-w C:\WINDOWS\system32\DEVREG.DLL
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2006-08-11 18:56:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
- 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 06:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 05:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys

[piratenews]

COMBOFIX PART 2


- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
- 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 01:07:12 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 05:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 01:07:12 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2004-08-04 06:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 05:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 01:07:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 06:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-08-04 05:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:09:42 584,192 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2004-08-04 06:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 05:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 06:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2004-09-22 22:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 21:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2005-06-08 17:08:34 1,359,744 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
- 2003-11-05 06:26:02 645,392 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2006-08-11 18:45:14 502,272 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2003-11-19 02:13:54 366,160 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2006-08-11 18:45:38 499,584 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2003-10-14 03:17:56 332,800 -c--a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
+ 2005-11-10 21:06:04 340,704 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
- 2002-12-30 02:53:36 12,160 -c--a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2002-12-30 14:53:36 12,160 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2005-09-06 18:02:20 1,365,888 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
- 2003-10-08 02:06:50 178,672 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2006-08-11 18:45:24 116,224 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2003-10-08 02:08:12 6,096 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2006-08-11 18:45:40 7,168 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2003-10-08 02:09:10 130,288 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2006-08-11 18:45:18 143,872 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
- 2004-08-04 06:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 05:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2003-10-13 09:42:12 145,488 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2006-08-11 18:45:18 78,336 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2004-08-04 06:08:21 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-04 05:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
- 2003-10-21 09:26:08 904,496 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:26 766,976 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:32 1,110,016 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
- 2003-10-21 09:23:44 148,432 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:26 154,112 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:28 180,224 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
- 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 05:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2003-03-31 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2003-03-05 16:19:28 15,840 ----a-w C:\WINDOWS\system32\drivers\PfModNT.sys
+ 2006-08-11 18:56:36 8,192 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2004-08-04 06:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-04 05:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2005-03-03 04:48:59 12,400 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-04 06:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 05:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-07-31 22:50:36 51,200 -c--a-w C:\WINDOWS\system32\dumphive.exe
+ 2004-07-31 21:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-07-11 02:51:00 77,824 -c--a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2001-07-11 14:51:00 77,824 ----a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2006-08-11 18:43:02 4,096 ----a-w C:\WINDOWS\system32\ENLOCSTR.EXE
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-18 00:16:19 395,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-09 18:53:05 423,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-26 12:50:45 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2002-05-27 01:00:00 294,912 ------w C:\WINDOWS\system32\Import-Export\EpExifpi.dll
+ 2002-06-03 18:31:52 172,032 ------w C:\WINDOWS\system32\Import-Export\EPPIM2pi.DLL
+ 2002-05-27 01:00:00 229,376 ------w C:\WINDOWS\system32\Import-Export\EpTiffpi.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
- 2007-11-22 17:41:57 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2008-05-27 14:31:36 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
- 2003-03-14 01:33:40 53,248 -c--a-w C:\WINDOWS\system32\KILLAPPS.EXE
+ 2006-08-11 18:43:00 9,216 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
- 2004-08-04 07:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 06:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2003-03-31 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-04-22 00:52:34 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
- 2007-09-05 23:50:44 17,474,680 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 12:30:56 19,148,408 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-19 23:40:58 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-03-29 11:38:48 663,675 ----a-w C:\WINDOWS\system32\OALInst.exe
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2003-10-14 03:53:40 155,648 -c--a-w C:\WINDOWS\system32\OPENAL32.DLL
+ 2008-03-19 20:47:37 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
- 2008-03-18 18:06:36 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 18:29:43 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-18 18:06:36 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 18:29:43 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2003-10-13 09:41:16 114,688 ----a-w C:\WINDOWS\system32\PIAPROXY.DLL
+ 2006-08-11 18:45:16 73,728 ----a-w C:\WINDOWS\system32\piaproxy.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 00:31:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
- 2003-06-06 01:13:00 53,248 -c--a-w C:\WINDOWS\system32\Process.exe
+ 2003-06-06 00:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2008-04-18 10:50:35 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
+ 2008-05-06 03:17:56 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
+ 2008-05-06 03:18:12 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2001-06-28 03:05:52 36,864 -c--a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2006-08-11 18:45:18 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2001-08-17 06:35:46 36,864 -c--a-w C:\WINDOWS\system32\sfman32.dll
+ 2006-08-11 18:45:20 21,504 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2003-10-06 06:47:46 172,032 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2006-08-11 18:45:20 120,832 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
+ 2003-07-08 07:00:00 2,523 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_A4X2H1.DAT
+ 2002-06-12 08:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DCON02.DLL
+ 2003-07-24 09:00:00 51,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DDSP13.DLL
+ 2003-06-16 08:00:00 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHMM12.DLL
+ 2003-06-27 08:00:00 750,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHT41D.DLL
+ 2003-07-23 06:01:00 1,108,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DI08FA.DLL
+ 2003-06-19 08:00:00 418,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DJB307.DLL
+ 2003-07-04 09:00:00 64,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMAI16.DLL
+ 2003-01-14 07:00:00 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMSG00.EXE
+ 2003-01-09 08:00:00 144,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPPE03.EXE
+ 2003-02-05 08:00:00 509,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPUI03.DLL
+ 2003-07-29 08:00:00 4,679,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DS80FE.DLL
+ 2003-08-06 09:00:00 384,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DU18KE.DLL
+ 2003-06-27 08:00:00 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DUMWF2.DLL
+ 2003-07-08 05:01:00 115,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H26UIA.DLL
+ 2003-08-05 05:00:00 954,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H490H2.DLL
+ 2003-08-05 05:00:00 80,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H4E0H2.DLL
+ 2002-07-01 06:02:00 62,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S00RP1.EXE
+ 2003-02-14 07:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10MT1.EXE
+ 2003-02-14 07:04:00 77,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10RN1.EXE
+ 2003-05-19 07:11:00 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S1T0A1.EXE
+ 2003-08-06 07:00:00 318,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S490H1.DLL
+ 2003-08-06 07:00:00 236,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4E2H1.DLL
+ 2003-07-08 07:00:00 99,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4I2H1.EXE
+ 2003-05-16 08:13:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SIINS1.EXE
+ 2003-04-18 07:01:00 16,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN161.DLL
+ 2003-04-18 07:01:00 78,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN321.DLL
+ 2003-07-17 05:04:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBAPI4.DLL
+ 2003-07-28 05:07:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPLPT4.DLL
+ 2002-09-30 05:01:00 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPSHRE4.DLL
+ 2002-06-07 08:00:00 28,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIBSR30.EXE
+ 2003-04-03 08:00:00 52,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIPGI10.DLL
+ 2003-02-20 05:08:00 54,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPSET32.DLL
+ 2002-12-13 09:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUPDATE.EXE
+ 2003-06-27 11:00:06 180,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.DLL
+ 2003-06-27 11:00:06 38,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.EXE
+ 2002-12-11 05:03:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SAGENT4.EXE
+ 2002-12-13 09:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SETUP32.DLL
+ 2002-12-13 13:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2002-12-13 13:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\SETUP32.DLL
- 2006-04-27 21:49:30 288,417 -c--a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-04-27 20:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2008-04-21 10:32:42 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
+ 2008-04-25 23:25:12 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
- 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-27 11:10:55 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
+ 2008-04-16 06:48:23 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
+ 2008-03-22 19:49:39 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
- 2007-09-06 04:22:24 289,144 -c--a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-09-06 03:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
- 2004-08-04 07:56:57 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 06:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\winspool.exe
- 2004-09-22 22:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-03-19 20:47:37 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
+ 2007-10-04 03:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
- 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
backup=C:\WINDOWS\pss\svchost.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]
path=C:\Documents and Settings\John Lee\Start Menu\Programs\Startup\info.exe
backup=C:\WINDOWS\pss\info.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\admrgzcl]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\admrgzcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\WINDOWS\system32\msgk387.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agzlhjyb]
C:\Program Files\Zailakrn\agzlhjyb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajwvivwh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atubgxav]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\atubgxav.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avkftkuj]
--a------ 2008-04-02 15:13 102400 C:\WINDOWS\system32\bqxgvwxo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azqteduj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\azqteduj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdbhljfb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdpfdpft]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdrtjhfh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfbjffnb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfjbjbbr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bhnbbblr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjfbbnfj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjjrtb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnjprlnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
C:\Program Files\BraveSentry\BraveSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brfnnbnn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brlbjnrr]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\buvobwlu]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\buvobwlu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bvwptbsi]
--a------ 2008-04-27 07:10 102400 C:\WINDOWS\system32\bohodqhy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwbcvybi]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfuvubgd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
--a------ 2008-03-13 01:10 26112 C:\WINDOWS\system32\wbem\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddopuymx]
C:\Program Files\Jgcizuhb\ddopuymx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddphnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddrpphfd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhhlldtp]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhpdtj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlfhldtt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlttddlh]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dnfjnfpd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
C:\WINDOWS\system32\maxpaynowti1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtbdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtdddhdt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtddtttf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtfjrrrh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtrnffdj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elitcvol]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\elitcvol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbfnrfnj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbnjflrb]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdtdtp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffbnbdpb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffffnf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfphp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfrjjnf]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjbdjjrh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjsskbze]
C:\Program Files\Iuzmoqrn\fjsskbze.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flcvscpl]
C:\Program Files\Ffotrmup\flcvscpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fldtphth]
C:\WINDOWS\TEMP\ldlddpldttt.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnfbnr]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fpntrppt]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fucghrpz]
--a------ 2008-03-17 19:36 48640 C:\Program Files\Orffrake\fucghrpz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-07-12 15:35 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gdizatqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\gdizatqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glssewff]
C:\WINDOWS\system32\rklwbqty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcjjrfga]
C:\Program Files\Ukwgteha\hcjjrfga.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hddhlthh]
C:\WINDOWS\TEMP\ttllbnrddlj.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdfpltpp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhflhdl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhrhtpn]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdltthhh]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hgbqlgnq]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhdbpd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
C:\WINDOWS\TEMP\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhpjrtrh]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhtdptph]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjdbttdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjzskweh]
C:\WINDOWS\system32\haxqpepk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlbhrdrt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlphllrp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hntnldpb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-06-21 17:44 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpdtttdd]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpnwviiy]
C:\WINDOWS\system32\nmdyfyne.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppdbhth]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htddtlll]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htdthlhd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htgmiqwj]
C:\WINDOWS\system32\sjofkvmz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthdphnj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthhdj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthpdhdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hvjxtkos]
C:\WINDOWS\system32\mvclorsx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxaoehiw]
C:\Program Files\Bruslibn\hxaoehiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxymopxj]
--a------ 2008-03-18 00:24 48640 C:\Program Files\Wkrlenst\hxymopxj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iiuqhadp]
C:\WINDOWS\system32\ankfslit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikfrdeos]
C:\Program Files\Nemgmdaq\ikfrdeos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imwmpapb]
C:\Program Files\Pghxgfpu\imwmpapb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iqccrbxf]
C:\Program Files\Urfhsfjs\iqccrbxf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ixbvwfoo]
C:\WINDOWS\system32\mrgdmhql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jbhtndtt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jddnrddp]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfbhjnrn]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfnbrfrp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfntlt]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfrfnrjj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnbnbfnd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnjbfnbf]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[piratenews]

COMBOFIX PART 3


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
C:\DOCUME~1\JOHNLE~1\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrfjfdlt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrjbfrbd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrnjnbjr]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jthlpd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jzclvydd]
C:\WINDOWS\system32\bedarspg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbqnmhel]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kekponwx]
C:\WINDOWS\system32\xitidwty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klmngtet]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\klmngtet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kozqfxfg]
C:\Program Files\Rrljelam\kozqfxfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krwzmpex]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\krwzmpex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktobqrwd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbhnlnpf]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldblhhfj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddhphll]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddthlpt]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldhphjtt]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldttjhpp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
--a--c--- 2001-06-14 13:42 53248 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
--a--c--- 2001-10-18 11:25 40960 C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfffbfnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfprbplj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfrtrl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhhtthfr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhppttdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljlfhthp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llbhjh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldddhhl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldthhbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhfftlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhjhttj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhrdjpj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lllldtdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llltlpht]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llpdhllt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltpdrjf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltttdph]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lndfpp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnfnhrjb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpfhldjf]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lppptldp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpthpptt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrfpbb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdcvwpqv]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlqdwxef]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msphldex]
C:\WINDOWS\system32\yrcrkdun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a--c--- 2005-10-17 16:24 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\naiotpqs]
C:\Program Files\Tkmrdeil\naiotpqs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nboybimn]
C:\Program Files\Uocxgrut\nboybimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncwsiyal]
C:\WINDOWS\system32\tghapypy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndbnbdfj]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndprhldl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndtfrplj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nfjnfjtb]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njnbrntf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njrrbn]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nldtnphp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlrzkvgr]
C:\Program Files\Yvnmpsfq\nlrzkvgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nnjnfbjb]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nplttrdd]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\npphtdlh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrdnjntj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrfbnbrt]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrjqrgwi]
C:\Program Files\Bjwgpido\nrjqrgwi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrlnflrr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrnjrnff]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oiopwjko]
C:\Program Files\Jzdxcrvx\oiopwjko.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineArmor GUI]
--a------ 2008-04-17 05:25 5545536 C:\Program Files\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozmvkdqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pabedoza]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pabedoza.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdbphtnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdltdpth]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdpdphdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdtddtph]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pftptnbh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phpphdpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pjrdnjjb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkfsykan]
C:\WINDOWS\system32\mjirirez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plpppdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmlypovk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pmlypovk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnbdbj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppdprp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pphttpdp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppjdbnjn]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppldfdlp]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pplrthld]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptdltdt]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptpplpt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]
C:\WINDOWS\system32\alt.exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qavrnrjb]
C:\WINDOWS\system32\qavrnrjb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfoeeqkl]
C:\Program Files\Mobrdadk\qfoeeqkl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpasynse]
C:\Program Files\Hphnwvyk\qpasynse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrtdrglx]
--a------ 2008-05-19 19:00 102400 C:\WINDOWS\system32\puvkbohq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvwvklqf]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rbjrnjbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddfhbff]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddhfl]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-13 15:40 214608 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a--c--- 2003-10-08 16:35 139264 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrfljnl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrjfnnj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhffrbrt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhthpl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rjbnrbbj]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkjovyzk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnbnrnjr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnhffphn]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rrbrnr]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ryfktuji]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ryfktuji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 11:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2005-10-14 01:18 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\wind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
C:\WINDOWS\system32\maxpaynow1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon]
C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbtfhtbd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdlhtdht]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdpjltdl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdrrhj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdtdltpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 10:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thlhdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thptdt]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tijwncze]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\tijwncze.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tjhjlhhr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-13 15:40 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlldnldp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlpddtth]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphjlph]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphnt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlrpbttd]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tltphhlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tnmynbil]
C:\Program Files\Ihjyqtpj\tnmynbil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tntjnd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpblshao]
C:\Program Files\Hnqkjucr\tpblshao.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tplhptth]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpphhppp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tptldptf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
c:\program files\tracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trnpfljj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trttphnd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttbhhhrb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tthlddhh]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tttpdphd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcredal]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ubcredal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufofsron]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ufofsron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uugokkhw]
C:\WINDOWS\system32\nwxyhkxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uweoswtc]
C:\WINDOWS\system32\qxgrmxgl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a--c--- 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqzyjyno]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vzhdavza]
C:\Program Files\Zsuczuvx\vzhdavza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdqzcjeh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wggdpiak]
C:\Program Files\Iazyumko\wggdpiak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whulibwj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\whulibwj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 18:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-01-27 01:38 316728 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\woclqjdh]
C:\WINDOWS\system32\dcnezuly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbtxgkze]
C:\WINDOWS\system32\hufcpoxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xiumixpr]
C:\Program Files\Kfacetsk\xiumixpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmrezyho]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\xmrezyho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xtijziod]
C:\WINDOWS\system32\lejkrohm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xyyhtwwe]
C:\Program Files\Kgatfkzm\xyyhtwwe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydeuhenr]
C:\Program Files\Agglrhai\ydeuhenr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydgstffl]
C:\Program Files\Ujfdpyxl\ydgstffl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yxqylskv]
C:\WINDOWS\system32\qpebubqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zguupthq]
C:\Program Files\Vzovtvph\zguupthq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zhofmsgn]
C:\WINDOWS\system32\hufsrmhs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlmvompz]
C:\Program Files\Jmvthami\zlmvompz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zqjctcjy]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=C:\WINDOWS\mppds.exe
"fnrtlllf"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"klmngtet"=regsvr32 /u "C:\Documents and Settings\All Users\Application Data\klmngtet.dll"
"csrss"=C:\WINDOWS\system32\wbem\csrss.exe
"dddltrhb"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"iSecurity applet"=rundll32.exe iSecurity.cpl,SecurityMonitor
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:38:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-08 14:54:56 - machine was rebooted [John Lee]
ComboFix-quarantined-files.txt 2008-06-08 18:54:44
ComboFix2.txt 2008-03-18 19:02:20

Pre-Run: 35,028,836,352 bytes free
Post-Run: 35,357,483,008 bytes free

1709 --- E O F --- 2008-03-21 11:30:12

[piratenews]

SDFix: Version 1.189
Run by John Lee on Sun 06/08/2008 at 01:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
Google Online Search Service
GMS31

Path :

Google Online Search Service - Deleted
GMS31 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Schedule Service Path
Resetting AppInit_DLLs value


Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\DOCUME~1\LOCALS~1\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\Program Files\tmp123497953.exe - Deleted
C:\Program Files\tmp123497968.exe - Deleted
C:\Program Files\tmp123498765.exe - Deleted
C:\Program Files\tmp123498843.exe - Deleted
C:\Program Files\tmp123502031.exe - Deleted
C:\Program Files\tmp123504953.exe - Deleted
C:\Documents and Settings\John Lee\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\smp\msrc.exe - Deleted
C:\Program Files\IE Extensions\cj.v2.dll - Deleted
C:\Documents and Settings\John Lee\nax.exe - Deleted
C:\WINDOWS\system32\akttzn.exe - Deleted
C:\WINDOWS\system32\awtoolb.dll - Deleted
C:\WINDOWS\system32\bdn.com - Deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
C:\WINDOWS\system32\credigui.dll - Deleted
C:\WINDOWS\system32\dpcproxy.exe - Deleted
C:\WINDOWS\system32\emesx.dll - Deleted
C:\WINDOWS\system32\gdid32.dll - Deleted
C:\WINDOWS\system32\hoproxy.dll - Deleted
C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
C:\WINDOWS\system32\iphelp.dll - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\medup012.dll - Deleted
C:\WINDOWS\system32\msgp.exe - Deleted
C:\WINDOWS\system32\msnbho.dll - Deleted
C:\WINDOWS\system32\mssecu.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\mtr2.exe - Deleted
C:\WINDOWS\system32\mwin32.exe - Deleted
C:\WINDOWS\system32\n.ini - Deleted
C:\WINDOWS\system32\netd.dll - Deleted
C:\WINDOWS\system32\netode.exe - Deleted
C:\WINDOWS\system32\newsd32.exe - Deleted
C:\WINDOWS\system32\protect.dll - Deleted
C:\WINDOWS\system32\ps1.exe - Deleted
C:\WINDOWS\system32\psof1.exe - Deleted
C:\WINDOWS\system32\psoft1.exe - Deleted
C:\WINDOWS\system32\psx.dll - Deleted
C:\WINDOWS\system32\pxcrt.dll - Deleted
C:\WINDOWS\system32\regc64.dll - Deleted
C:\WINDOWS\system32\regm64.dll - Deleted
C:\WINDOWS\system32\Rundl1.exe - Deleted
C:\WINDOWS\system32\sncntr.exe - Deleted
C:\WINDOWS\system32\ssurf022.dll - Deleted
C:\WINDOWS\system32\ssvchost.com - Deleted
C:\WINDOWS\system32\ssvchost.exe - Deleted
C:\WINDOWS\system32\svchost.t__ - Deleted
C:\WINDOWS\system32\sysreq.exe - Deleted
C:\WINDOWS\system32\taack.dat - Deleted
C:\WINDOWS\system32\taack.exe - Deleted
C:\WINDOWS\system32\temp#01.exe - Deleted
C:\WINDOWS\system32\thun.dll - Deleted
C:\WINDOWS\system32\thun32.dll - Deleted
C:\WINDOWS\system32\VBIEWER.OCX - Deleted
C:\WINDOWS\system32\vbsys2.dll - Deleted
C:\WINDOWS\system32\vcatchpi.dll - Deleted
C:\WINDOWS\system32\winlogonpc.exe - Deleted
C:\WINDOWS\system32\winlugan.exe - Deleted
C:\WINDOWS\system32\winmed.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\WINWGPX.EXE - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\wsock32d.dll - Deleted
C:\WINDOWS\Web\def.htm - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\Documents and Settings\John Lee\Local Settings\Application Data\cftmon.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\SDFix\backups_old1\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\drivers\GMS31.sys - Deleted



Folder C:\Program Files\IE Extensions - Removed
Folder C:\Program Files\iSecurity - Removed
Folder C:\WINDOWS\PerfInfo - Removed
Folder C:\WINDOWS\system32\smp - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 13:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\Cksu78.sys 167936 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"\\findfast.exe"="\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\Replay Converter\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\Replay Converter\28_83260.dll"
Mon 9 Dec 2002 73,766 A..HR --- "C:\Program Files\Replay Converter\atrc3260.dll"
Mon 9 Dec 2002 65,575 A..HR --- "C:\Program Files\Replay Converter\cook3260.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\Replay Converter\dnet3260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon 9 Dec 2002 94,208 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 548,940 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Mon 9 Dec 2002 102,439 A..HR --- "C:\Program Files\Replay Converter\sipr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\alrsvco.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\ALSNDMGRd.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 27 May 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 18 Mar 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Thu 13 Mar 2008 22,802 ..SHR --- "C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll"
Mon 17 Mar 2008 22,686 ..SHR --- "C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll"
Thu 13 Mar 2008 22,774 ..SHR --- "C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll"
Wed 19 Mar 2008 22,666 ..SHR --- "C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll"
Tue 18 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll"
Thu 13 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll"
Thu 13 Mar 2008 22,714 ..SHR --- "C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll"
Thu 13 Mar 2008 22,678 ..SHR --- "C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll"
Tue 18 Mar 2008 22,610 ..SHR --- "C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll"

Finished!

[Shaba]

Hi

I say this once again:

I see no point of cleaning computer infected that badly.

You are using this computer solely on your risk, even after "cleaning".

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
C:\WINDOWS\system32\admdsc.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\auqwqdas.tmp
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll

Folder::
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=-
"fnrtlllf"=-
"klmngtet"=-
"csrss"=-
"dddltrhb"=-
"iSecurity applet"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[piratenews]

Darn! When I ran Combofix my computer just exploded and my house burned down.















Just kidding.

Now how do I hunt down those hackers and get revenge? I'm open to filing criminal charges, as well as extra-judicial measures.

==============================================


ComboFix 08-06-07.3 - John Lee 2008-06-10 1:32:27.6 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Lee\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\cnifshqp\uzqpkbcb.exe
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\danwhoha\fmhurabo.exe
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\dgpixcds\balyzspq.exe
C:\Documents and Settings\All Users\Application Data\dgxwxyjw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw\xqvkngze.exe
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\dsxmtkvi\vijcnshy.exe
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\dunwjghm\jmdifsvi.exe
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\fmpkrczw\bajylylq.exe
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\fspmjgfy\tibatqzc.exe
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\fyvgtytu\jobkzwry.exe
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\hydmhcby\rmxodsla.exe
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\izgtgbct\qbetelyx.exe
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\jahihoxw\fqpajude.exe
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\parifcpm\jkhsvujc.exe
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\qtglohyd\qpuxgzan.exe
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\vmxkzufk\jevmxazo.exe
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\whulahat\ynehglit.exe
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\yvktobmb\yjolabel.exe
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\zazodeji\rclkxmzi.exe
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-10 01:31 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-28 15:39 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-27 14:31 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-07 00:48 2,014 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-06 03:18 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
2008-05-06 03:17 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-28 15:48 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
2008-04-27 11:10 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
2008-04-27 11:10 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
2008-04-25 23:25 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
2008-04-24 06:49 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
2008-04-23 18:42 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
2008-04-23 02:56 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
2008-04-22 00:52 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
2008-04-21 10:32 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
2008-04-21 00:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
2008-04-19 23:40 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
2008-04-18 10:50 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
2008-04-16 06:48 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
2008-04-14 20:11 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
2008-04-02 19:13 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 12:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-22 19:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-19 20:47 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 20:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\ALSNDMGRd.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\alrsvco.exe
2008-03-13 15:56 10,000 ------w C:\WINDOWS\system32\Kf94lfg.dll
2008-03-13 15:45 8,704 ----a-w C:\WINDOWS\system32\rcdll.dll
2008-03-13 05:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_14.51.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 04:17:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 01:39:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-06-10 1:45:20
ComboFix-quarantined-files.txt 2008-06-10 05:44:14
ComboFix2.txt 2008-06-08 18:54:59
ComboFix3.txt 2008-03-18 19:02:20

Pre-Run: 34,259,288,064 bytes free
Post-Run: 34,242,891,776 bytes free

396 --- E O F --- 2008-03-21 11:30:12


================================================


Am I cured, Doc?

Computer seems to be running great. My mouse problem disappeared, and now I can copy and post in my online email. And I don't have 10 mouse clicks per webpage. Still have a Windows Installer problem. But all in all, it's a big improvement.

Thank ye!

[piratenews]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:55 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4465 bytes

[Shaba]

Hi

We will come to that a bit later

Do you recognize these folders?

2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY

[piratenews]

Very mysterious names...

Actually, they all look like old font folders that I failed to download to windows/fonts/ directory. Deletable. I've already moved the font files. Folders are empty except for junk txt files.

My file keeping is a little sloppy.

[piratenews]

Here's a live one today, perhaps:

c:\program files\Cmkkhknc\qitpxww.exe
80kb 5/21/2008