Number of viruses 93, infected objects 719

[piratenews]

Spybot was unable to remove this RED item in SAFE mode, it just came back twice on reboot:

Product: Win32.Soundmix
Threat: Trojan
Win32.Soundmix copies itself as soundmix.exe into the system directory and pretends to be a soundmixer. It starts itself in autorun as "soundmix" without user consent. It also adds itself to the exefile shell open command so that it will be started synchronously with every other exe file.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:20 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
F2 - REG:system.ini: Shell=Explorer.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN

LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\JOHN

LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - C:\WINDOWS\system32\admdsc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [dhprthpl] rundll32.exe "C:\WINDOWS\system32\rdpthj.sys" WLEntryPoint
O4 - HKUS\S-1-5-21-1420582129-1497244195-3520757181-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common

Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\torapcfm.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: http://www.tallemu.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4947 bytes

===========================================


KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 4:14:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 185169
Number of viruses found: 93
Number of infected objects: 719
Number of suspicious objects: 4
Duration of the scan process: 02:09:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\bspefqpk\tufmlwnu.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\cnifshqp\uzqpkbcb.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\danwhoha\fmhurabo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dgxwxyjw\xqvkngze.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dsxmtkvi\vijcnshy.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dunwjghm\jmdifsvi.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fmpkrczw\bajylylq.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fspmjgfy\tibatqzc.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fyvgtytu\jobkzwry.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\hydmhcby\rmxodsla.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\izgtgbct\qbetelyx.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\jahihoxw\fqpajude.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\Documents and Settings\All Users\Application Data\obunarah.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\Documents and Settings\All Users\Application Data\parifcpm\jkhsvujc.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\qtglohyd\qpuxgzan.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE5.zip/partnership.dll Infected: Trojan-Proxy.Win32.Xorpix.dg skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/vedxga1me4t1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/vedxg4am1et2.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/dllgh8jkd1q2.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/dllgh8jkd1q6.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/dllgh8jkd1q7.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/vedxga3me2.exe Infected: Trojan-Downloader.Win32.VB.ded skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/vedxga4me1.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/vedxg6ame4.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/wind32.exe Infected: Trojan-Downloader.Win32.Tibs.vz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/desktop.html Infected: not-virus:Hoax.Win32.Renos.cy skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/BraveSentry0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip/autorun.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip/svchost.exe Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip/autorun.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/SpySheriff.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur000.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur001.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur002.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur003.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/syslook.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sys16.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/synsv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/powersys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/poweragent.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip/hostwin.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip/shift.exe.exe Infected: Email-Worm.Win32.Zhelatin.vg skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/mljgh.dll Infected: Trojan-Spy.Win32.Agent.hn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/syssys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde55.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde55.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/monpower.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde64.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde64.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/avp.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde82.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde82.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde85.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde85.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde99.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde99.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack10.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack11.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack12.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack15.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack16.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack17.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack18.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack19.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack20.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack21.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack22.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack23.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack24.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack26.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack27.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack27.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack28.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack29.zip/xloader30029.exe Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack29.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack30.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack9.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbid4.zip/winlogon.exe Infected: Trojan-Proxy.Win32.Small.kx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbid4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje10.zip/1205424199.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje6.zip/1205424199.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinGBDialerj.zip/npdl.exe Infected: not-a-virusorn-Dialer.Win32.GBDialer.j skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinGBDialerj.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLoadAdvh.zip/hlpsrv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLoadAdvh.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh10.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh13.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh16.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh19.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh21.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh25.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh28.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh30.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh33.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh33.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh36.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh39.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh39.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh4.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh41.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh43.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh43.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh46.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh46.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh48.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh48.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh51.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh51.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh53.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh53.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh56.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh56.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh58.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh58.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh60.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh60.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh63.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh63.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh66.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh66.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh68.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh68.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip/mrofinu27.exe Infected: Trojan-Downloader.Win32.Agent.lbx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zlockuc.zip/onuxuped.dll Infected: not-a-virus:AdWare.Win32.Agent.wk skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zlockuc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\stwjkzmz\qvkfkfej.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\vmxkzufk\jevmxazo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\whulahat\ynehglit.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\yvktobmb\yjolabel.exe Infected: Trojan-Dropper.Win32.Agent.amm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/0.EXE Infected: Trojan-Downloader.Win32.Small.ius skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/1922.tmp Infected: Trojan-Downloader.Win32.Agent.lcx skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/csrssc.exe Infected: Trojan-Downloader.Win32.Suurch.dw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/file834.exe Infected: Trojan-Spy.Win32.Zbot.amb skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/1.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/2.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/238A.tmp Infected: Trojan-Downloader.Win32.Zlob.jbe skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/5.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/6.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/63.tmp Infected: Trojan.Win32.Pakes.cix skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/7.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/A984.tmp Infected: Trojan-Downloader.Win32.Agent.lcx skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/codec.exe Infected: Trojan-Downloader.Win32.Zlob.jhh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/D5.tmp Infected: Trojan-Downloader.Win32.Flux.eh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/dpdbjf.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/G5F-tmp.exe Infected: Trojan-Downloader.Win32.Flux.eh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/iframestat.exe Infected: Trojan-Downloader.Win32.Tibs.vz skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/kfmtonetcrm.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/lebsbord.exe Infected: Email-Worm.Win32.Locksky.da skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/lhdtpp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/sh.exe Infected: Trojan-Downloader.Win32.Agent.lab skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/tmp.exe Infected: Backdoor.Win32.Agent.fnb skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/crap.1165507431.old/data0000 Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/crap.1165507431.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1165951424.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166051149.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166073115.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166394446.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167002879.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167199060.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167455550.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167715835.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168035795.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168242245.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168519775.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168936518.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU ZIP: infected - 36 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN1.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN2.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN6A.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BND.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/ldlddpldttt.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/nhphhhtlpht.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/sjapcrahsjq.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/ttnhtlpp.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/10.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/13.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/14.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1A.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1D.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1E.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1F.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/22D7.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/22D8.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/25.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/27.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2A.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2B.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2D.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/30.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/39.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/5.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/6.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/8.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/9.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/B.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/F.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU ZIP: infected - 30 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/hltpdhtdlhd.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/thpldt.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/ttpddptp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/bpnfbnhtdnp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/hhfpplbfth.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/ltprflbnhjf.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/ddhnlnthpl.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/dhtjdlpt.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/pppjlh.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/ffjdhf.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/nfhtpddpdjf.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/rprpdlfr.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\OnlineArmor\client.dat Object is locked skipped
C:\Documents and Settings\John Lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe CreateInstall: infected - 1 skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech59peter-sap14.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech59peter-sap14.exe CreateInstall: infected - 1 skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\John Lee\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\Documents and Settings\John Lee\ie_updates3r.exe Infected: Trojan-Downloader.Win32.Winlagons.al skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe Infected: Worm.Win32.Socks.jf skipped
C:\Documents and Settings\John Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\nax.exe Infected: Trojan-Dropper.Win32.Small.bgl skipped
C:\Documents and Settings\John Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe Infected: Worm.Win32.Socks.jf skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\backups\backup-20061219-025422-705.dll Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Cmkkhknc\qitpxpww.exe Suspicious: Type_Win32 skipped
C:\Program Files\CuteComp.exe/file21 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\CuteComp.exe Inno: infected - 1 skipped
C:\Program Files\IE Extensions\cj.v2.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Lpxiesdk\bpmqzonk.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Program Files\Orffrake\fucghrpz.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Program Files\Robot Voices\male-voice-american.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Program Files\Robot Voices\male-voice-american.exe CreateInstall: infected - 1 skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

 

[piratenews]

Kasperkey Part 2

C:\Program Files\Tall Emu\Online Armor\antispam.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\DNSTask.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\firewall.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\fwdata.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\history.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\IPRanges.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.pak Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\oacached.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\programs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\reference.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\SentList.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\server.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\signs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\sites.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\unins000.dat Object is locked skipped
C:\Program Files\tmp123497953.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123497968.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123498765.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123498843.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123504953.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080326-203148-229.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Wkrlenst\hxymopxj.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\qoobox\Quarantine\C\Documents and Settings\John Lee\Local Settings\Application Data\cftmon.exe.vir Infected: Worm.Win32.Socks.jf skipped
C:\qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe.vir Infected: Worm.Win32.Socks.jf skipped
C:\qoobox\Quarantine\C\Program Files\ucleaner_setup.exe.vir Infected: not-a-virusownloader.Win32.UltimateFix.h skipped
C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir Infected: Trojan.Win32.Agent.htt skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ctfmona.exe.vir Infected: not-a-virusownloader.Win32.WinFixer.gj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\aoeqhbvc.dat.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir Infected: Trojan.Win32.Pakes.cix skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\os1zn2mO7Z.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/Rxd51.sys Infected: Email-Worm.Win32.Agent.du skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/aoeqhbvc.dat Infected: Rootkit.Win32.Agent.aap skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/aoeqhbvc.dat.1 Infected: Rootkit.Win32.Agent.aap skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/hgnid.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/hipsrv.mm Infected: Trojan.Win32.Agent.gau skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/guntest.chm Infected: Rootkit.Win32.Agent.aey skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/46096144.Evt Infected: Backdoor.Win32.Hupigon.ayik skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip ZIP: infected - 7 skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFixMarch2008.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFixMarch2008.exe RAR: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000002.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000012.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000013.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000014.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000015.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000016.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP11\A0003332.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP12\A0003350.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP14\A0003395.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP14\A0003396.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP15\A0003408.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP16\A0003587.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP17\A0003602.exe Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP17\A0003618.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP19\A0003643.exe Infected: not-a-virusorn-Dialer.Win32.GBDialer.j skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP20\A0003681.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP21\A0003786.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP22\A0003822.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP23\A0004786.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP24\A0004824.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP25\A0004868.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP25\A0004870.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP26\A0004892.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP26\A0004902.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP27\A0004930.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005902.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005919.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005935.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP29\A0005966.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000031.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000033.dll Infected: Trojan-Downloader.Win32.Small.iqx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000036.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000037.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000038.exe Infected: Trojan-Dropper.Win32.Agent.qqa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000039.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000044.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000045.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000046.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000047.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000048.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000049.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000050.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000052.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000053.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000055.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000056.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000057.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000058.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000059.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000060.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000061.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000062.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000063.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000064.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000065.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000066.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000067.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000068.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000069.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000070.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000071.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000072.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000073.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000074.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000075.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000076.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000077.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000078.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000079.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000080.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000081.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000082.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000083.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000084.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000085.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000086.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000087.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000088.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000089.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000090.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000091.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000092.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000093.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000094.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000095.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000096.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000098.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000099.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000100.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000101.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000102.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000103.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000105.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000106.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000107.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000108.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000109.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000110.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000112.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000113.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000114.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000115.exe Infected: Trojan-Dropper.Win32.Agent.qqa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000116.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000117.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000118.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000119.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000142.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP30\A0005981.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP30\A0005987.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0006981.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0006997.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0007046.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP32\A0007098.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP32\A0008046.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP33\A0008055.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008239.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008266.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008269.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0008287.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0008301.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0009287.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP38\A0009324.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP38\A0009334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP39\A0009358.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP39\A0010334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000151.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000173.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000179.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP40\A0010353.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP40\A0011334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP41\A0011350.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP41\A0011356.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP42\A0011373.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP42\A0011376.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP43\A0011406.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP44\A0012406.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP45\A0012431.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP45\A0012434.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP47\A0012571.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP48\A0012582.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP49\A0012594.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP49\A0013582.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0000189.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0000194.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001189.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001203.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001214.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001222.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\snapshot\MFEX-1.DAT Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP50\A0013608.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP51\A0013632.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP52\A0013668.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP52\A0013696.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP53\A0014059.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014119.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014120.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP55\A0015132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP56\A0016132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP57\A0016146.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP58\A0016171.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016199.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016204.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016209.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0001234.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0002222.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0002243.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016312.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016464.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016470.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP61\A0016489.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP61\A0016493.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016533.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016534.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016535.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016537.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016539.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016540.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016541.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016542.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016543.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016544.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016545.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016546.dll Infected: not-a-virus:AdWare.Win32.Agent.wk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016547.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016548.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016549.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016550.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016551.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016552.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016553.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016554.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016555.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016556.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016557.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016558.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016559.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016560.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016561.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016563.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016564.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016565.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016572.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016573.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016576.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016577.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016579.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016583.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016584.dll Infected: Trojan-Downloader.Win32.Small.sxn skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016585.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016586.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016587.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016589.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016591.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016593.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016594.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016595.exe Infected: Worm.Win32.Socks.c skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016596.exe Infected: Trojan-Proxy.Win32.Xorpix.dh skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016597.exe Infected: Trojan-Downloader.Win32.Small.svf skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016598.exe Infected: Trojan.Win32.Pakes.cif skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016599.exe Infected: Trojan.Win32.Agent.gau skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016600.exe Infected: Trojan-Clicker.Win32.Agent.tp skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016601.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016602.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016603.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016604.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016605.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016606.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016607.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016608.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016609.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016610.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016612.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016614.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016615.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016618.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016619.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016620.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016622.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016623.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016625.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016651.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016710.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016722.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016726.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016739.exe Infected: not-a-virusownloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016740.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016750.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016764.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0017767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0018767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP65\A0018814.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP66\A0018910.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP66\A0018914.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018940.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018945.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018956.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018969.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018974.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0018991.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0018995.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0019017.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0019021.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP69\A0019054.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP69\A0019058.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP7\A0003243.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019078.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019082.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019085.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019101.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019124.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019129.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019143.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019170.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019180.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019187.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019194.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019208.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019221.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019235.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019240.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019296.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019314.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019379.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019460.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019468.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019472.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019476.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019477.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019478.exe Infected: not-a-virusownloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019481.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019486.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019515.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019535.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019540.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019559.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019577.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019583.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019601.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP75\A0019669.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP76\A0019690.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP76\A0019720.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP77\A0019737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP77\A0020737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP78\A0021737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP79\A0022737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP8\A0003257.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP81\A0022831.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP81\A0022853.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP82\A0022923.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP82\A0022930.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022951.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022958.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022970.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022974.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\change.log Object is locked skipped
C:\Virus\3 march 2008 virus\C_WINDOWS_SYSTEM32_maxpaynow1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Virus\3 march 2008 virus\C_WINDOWS_SYSTEM32_maxpaynowti1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{ac633de7-14d4-4297-8e5f-613b933fb5ab}\KbdSetup.dll Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{e82124db-dadc-4f41-977a-12c725dd7cc0}\DrvAvp.dll Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\system32\183aa.exe Infected: Trojan-Downloader.Win32.Agent.gbj skipped
C:\WINDOWS\system32\alrsvco.exe Infected: Backdoor.Win32.IRCBot.bye skipped
C:\WINDOWS\system32\ALSNDMGRd.exe Infected: Backdoor.Win32.IRCBot.bye skipped
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe Infected: Backdoor.Win32.Agent.egy skipped
C:\WINDOWS\system32\bohodqhy.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\WINDOWS\system32\bqxgvwxo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\credigui.dll Infected: Trojan-Downloader.Win32.Small.iqt skipped
C:\WINDOWS\system32\drivers\Gms31.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OADriver.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OAmon.sys Object is locked skipped
C:\WINDOWS\system32\drivers\oanet.sys Object is locked skipped
C:\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.jf skipped
C:\WINDOWS\system32\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\WINDOWS\system32\gdid32.dll Infected: Trojan-Downloader.Win32.Small.iqu skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hlnftdrlttr.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\hlphnttnjhr.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\iphelp.dll Infected: Trojan.Win32.Pakes.cku skipped
C:\WINDOWS\system32\iSecurity.cpl Infected: Trojan-Downloader.Win32.Agent.mso skipped
C:\WINDOWS\system32\Kf94lfg.dll Infected: Trojan-Downloader.Win32.Small.sxo skipped
C:\WINDOWS\system32\netd.dll Infected: Trojan.Win32.Pakes.ckv skipped
C:\WINDOWS\system32\protect.dll Infected: Trojan.Win32.Pakes.ckw skipped
C:\WINDOWS\system32\psx.dll Infected: Trojan-Downloader.Win32.Small.iqv skipped
C:\WINDOWS\system32\ptldtl.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\ptpdrfhlhbt.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\ptpdrfhlhbt_ORIGINAL.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\puvkbohq.exe Suspicious: Type_Win32 skipped
C:\WINDOWS\system32\pxcrt.dll Infected: Trojan-Downloader.Win32.Small.iqw skipped
C:\WINDOWS\system32\rcdll.dll Infected: Trojan.Win32.Pakes.ckt skipped
C:\WINDOWS\system32\rdpthj.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\torapcfm.dll Infected: Email-Worm.Win32.Locksky.da skipped
C:\WINDOWS\system32\vmnylyrg.exe Suspicious: Type_Win32 skipped
C:\WINDOWS\system32\wbem\csrss.exe Infected: Trojan.Win32.Agent.gci skipped
C:\WINDOWS\system32\winlugan.exe Infected: Trojan-Downloader.Win32.Winlagons.al skipped
C:\WINDOWS\system32\winmed.exe Infected: Trojan-Downloader.Win32.Agent.laq skipped
C:\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\WINDOWS\system32\wsock32d.dll Infected: Trojan.Win32.Pakes.ckx skipped
C:\WINDOWS\TEMP\bthhht_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ddpphhdl_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\djfjtd_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\dplhdhjthd.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\dplldf_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\fdtdlllhlp_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\hhfdnpddnjt_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\hlnftdrlttr.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\jfnplj_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\lhttlh_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ndrlblhljb.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\pltbddtp_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\plttplht_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\prphnrpdtd_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ptpdrfhlhbt.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\Web\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

 

[piratenews]

This has been a problem since March 2008, thanks to Virtumonde. Lots of crashes, loss of all programs, etc.

Limping along pretty well for now, after learning more than I cared to learn about computers.

Online Armor firewall does okay but tends to shut down all programs if I get carried away deleting stuff. Still seems to be a couple dozen connections in LISTEN mode (botnet?).

Spybot Teatimer catches viruses with popups every 10 seconds, 24/7.

MS Explorer is locked down as tight as I can get it, but is very annoying having to click 10 times for each webpage.

Windows Installer is damaged and won't repair nor reinstall, so I cannot switch to Opera, which cannot install. Also lost MS Word, which cannot reinstall due to loss of Windows Installer. Any ideas how to fix Windows Installer? I think an antispyware program killed Installer.exe.

Also having weird effects on my mouse in certain programs, having to right click on SELECT ALL before the mouse will work, with copy/paste disabled. Any suggestions?

I've learned my lesson, with my next computer I'll just refry the harddrives and start over. With this one I'm too committed to try that. Cannot reinstall certain critical programs. Data is backed up though.

Thanks for the help.

 

[piratenews]

I use an online email, and MS Outlook is not installed (I think).

But is Navigator Communicator hijacked by a botnet? Is that a problem if I never open Navigator?

 

[piratenews]

I manually disconnect from the modem when not using internet, and disconnect when booting up. This seems to help reduce new infections.

I delete Virtumonde each STARTUP using MSCONFIG before each SHUTDOWN.

I use TASK MANAGER to delete Virtumonde or other virus if and when it pops up. But there still seems to be some other viruses running in Processes, but Bad Things happen sometimes when I try deleting RundDLL, CSRSS or SVCHOST.

 

[tashi]

Hello,

I see you posted in the Waiting Room: http://forums.spybot.info/showthread.php?p=199202#post199202

Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

For our helpers information, what happened here: http://forums.spybot.info/showthread.php?p=179275#post179275

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

You requested assistance to attempt a clean anyway and the thread was closed due to inactivity.

As you say, this was back in March 2008.

Regards.

 

[piratenews]

Thanks. I'll buy a new computer as soon as I can afford to. This one cannot be reformated without losing too much work. Lesson learned.

So what do I do next?

 

[Shaba]

Hi piratenews

Regarding amount of viruses and their nature, reformatting would be best option here.

If you really don't want to do it, we can try to clean you

 

[piratenews]

Yes, let's try to clean it. Hopefully without frying anything.

The computer is working amazingly well, considering what it's been through. Last thing I remember downloading before the attack was a freeware program to morph photographs, from a website with a million little adverts. Only used the program for one photo, then uninstalled it. Apparently it had some little viruses left over.

The only real problem I'm having is Windows Installer is not working. Which is a big problem, actually. But probably something I can fix.

 

[Shaba]

Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
- sdfix report

 

[piratenews]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:13 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - C:\WINDOWS\system32\admdsc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4501 bytes


=========================================================


ComboFix 08-06-07.3 - John Lee 2008-06-08 14:25:53.5 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\system32\183aa.exe
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\drivers\Cksu78.sys
C:\WINDOWS\system32\hlnftdrlttr.nls
C:\WINDOWS\system32\hlphnttnjhr.sys
C:\WINDOWS\system32\pltllp.drv
C:\WINDOWS\system32\ptldtl.dll
C:\WINDOWS\system32\ptpdrfhlhbt.dll
C:\WINDOWS\system32\ptpdrfhlhbt_ORIGINAL.dll
C:\WINDOWS\system32\rdpthj.sys
C:\WINDOWS\system32\torapcfm.dll
C:\WINDOWS\TEMP\brfnhbjtdp.dll
C:\WINDOWS\TEMP\nntnnbrh.dll
C:\WINDOWS\TEMP\pltllp.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CKSU78
-------\Service_Cksu78
-------\Service_CKSU78


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-08 14:41 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zazodeji
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\WINDOWS\system32\admdsc.dll
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\Documents and Settings\All Users\Application Data\ufofsron.dll
2008-05-21 11:56 . 2008-05-21 11:56 106,496 --a------ C:\WINDOWS\system32\vmnylyrg.exe
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-19 19:01 . 2008-05-19 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dgpixcds
2008-05-19 19:01 . 2008-05-19 19:01 122,880 --a------ C:\Documents and Settings\All Users\Application Data\ubcredal.dll
2008-05-19 19:01 . 2008-05-19 19:01 4,096 --a------ C:\WINDOWS\system32\anticipator_delete_virus.dll
2008-05-19 19:00 . 2008-05-19 19:00 122,880 --a------ C:\WINDOWS\system32\strsys.dll
2008-05-19 19:00 . 2008-05-19 19:00 102,400 --a------ C:\WINDOWS\system32\puvkbohq.exe
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-09 15:20 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-09 15:20 . 2008-05-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-09 12:38 . 2008-05-09 13:00 <DIR> d-------- C:\Program Files\worthles
2008-05-09 12:38 . 2008-05-09 12:38 <DIR> d-------- C:\Program Files\WAYBEY~1
2008-05-09 12:38 . 2008-05-09 12:58 <DIR> d-------- C:\Program Files\NEUROC~1
2008-05-09 12:38 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\MOTORC~1
2008-05-09 12:37 . 2008-05-09 12:57 <DIR> d-------- C:\Program Files\jeru
2008-05-09 12:37 . 2008-05-09 12:56 <DIR> d-------- C:\Program Files\GENERA~1
2008-05-09 12:37 . 2008-05-09 12:55 <DIR> d-------- C:\Program Files\empirest
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dodger
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dirtydoz
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\cube
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\creature
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\crass
2008-05-09 12:36 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\crakoom
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\COPPAK~1
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\conca
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\COLLEG~2
2008-05-09 12:35 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\COLLEG~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CLONEW~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CAPTAI~1
2008-05-09 12:34 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BURLES~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLUELI~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLINDM~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\beatmygu
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\autobahn
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\arnon
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMORP~1
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMAGG~1
2008-05-09 12:32 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\ANYTHI~1
2008-05-09 12:32 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ANGRYB~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ANCIEN~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\amerika
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ALIENS~1
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\alien
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\aldo
2008-05-09 12:31 . 2008-05-09 12:31 <DIR> d-------- C:\Program Files\ACTION~1
2008-05-09 12:30 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ABDUCT~1
2008-05-08 12:39 . 2008-05-08 12:39 29 --a------ C:\WINDOWS\system32\auqwqdas.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-30 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\vmxkzufk
2008-04-28 15:48 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\atubgxav.dll
2008-04-28 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\yvktobmb
2008-04-27 11:10 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\whulibwj.dll
2008-04-27 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\parifcpm
2008-04-25 23:25 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
2008-04-25 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\dunwjghm
2008-04-24 06:49 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\elitcvol.dll
2008-04-24 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\fmpkrczw
2008-04-23 18:42 118,784 ----a-w C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
2008-04-23 02:56 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
2008-04-23 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\dgxwxyjw
2008-04-22 00:52 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
2008-04-22 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\hydmhcby
2008-04-21 10:32 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
2008-04-21 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\fspmjgfy
2008-04-21 00:31 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
2008-04-21 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\izgtgbct
2008-04-19 23:40 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
2008-04-19 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\qtglohyd
2008-04-18 10:50 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\azqteduj.dll
2008-04-18 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\fyvgtytu
2008-04-16 06:48 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
2008-04-16 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\dsxmtkvi
2008-04-14 20:11 131,072 ----a-w C:\Documents and Settings\All Users\Application Data\pabedoza.dll
2008-04-13 15:55 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
2008-04-11 04:39 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
2008-04-11 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\danwhoha
2008-04-10 04:15 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
2008-04-10 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\whulahat
2008-04-09 18:10 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
2008-04-09 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\cnifshqp
2008-04-08 08:35 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
2008-04-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\jahihoxw
2008-04-07 21:59 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2008-04-07 21:59 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2008-04-07 05:35 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\dojazyds.dll
2008-04-05 04:05 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
2008-04-02 19:13 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-28 21:18 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
2008-03-27 19:37 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
2008-03-27 03:24 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-27 00:20 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 09:41 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
2008-03-26 03:14 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\elazqfct.dll
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-18 18:34 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\obunarah.dll
2008-03-18 17:13 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
2008-03-18 04:24 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\tijwncze.dll
2008-03-18 01:04 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
2008-03-17 23:36 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 22:35 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2007-06-08 16:01 27,917,104 -c--a-w C:\Program Files\downloadable_install_wizard.exe
2007-04-27 05:39 4,960,221 -c--a-w C:\Program Files\RivaEncoderSetup.exe
2007-04-02 08:12 1,512,927 -c--a-w C:\Program Files\LADSPA_plugins-win-0.4.15.exe
2007-04-02 08:11 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-02 07:57 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2007-03-16 11:07 502,941 ----a-w C:\Program Files\MPEG_Streamclip_1.1.zip
2007-02-27 19:59 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
2007-02-27 19:57 1,629,496 ----a-w C:\Program Files\VOB2MPGv2_3.zip
2007-02-27 09:48 392,984 ----a-w C:\Program Files\SmartRipper 2.41.zip
2007-01-29 11:53 3,602,120 -c--a-w C:\Program Files\SFTPMSI.exe
2007-01-16 11:58 363,800 -c--a-w C:\Program Files\download-flvplayer_setup.exe.exe
2007-01-09 10:22 20,368,912 -c--a-w C:\Program Files\GoogleEarthWinProSetup.exe
2007-01-02 07:54 55,217 ----a-w C:\Program Files\Copy of checkboxtemplate.zip
2007-01-02 07:54 55,217 ----a-w C:\Program Files\checkboxtemplate.zip
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_14.59.37.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 22:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 07:56:44 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 20:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 20:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2004-09-22 22:46:12 229,376 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2005-03-03 04:48:59 12,400 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-10-06 06:59:14 49,152 -c--a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:55:52 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:56:02 17,920 ----a-w C:\WINDOWS\CTHELPER.EXE
+ 2006-08-11 18:56:06 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
+ 2007-09-11 17:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 17:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 17:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 17:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-08 16:52:25 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-08 16:52:25 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-08 05:06:16 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-08 05:06:16 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2003-03-31 12:00:00 2,589 -c----w C:\WINDOWS\I386\RUNW32.BAT
- 2003-10-06 06:48:18 20,480 -c--a-w C:\WINDOWS\INRES.DLL
+ 2006-08-11 18:57:06 11,776 -c--a-w C:\WINDOWS\INRES.DLL
+ 2008-03-20 03:43:00 22,666 --sh--r C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll
+ 2008-03-18 21:44:10 22,614 --sh--r C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll
+ 2008-03-18 20:10:00 22,782 ----a-w C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll
+ 2008-03-18 20:09:47 22,610 --sh--r C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll
+ 2007-09-15 09:00:26 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\3FHBXBRT.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\9JD7RRLZ.DAT
+ 2007-09-15 09:00:23 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\L3V5NZPR.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\MPNHB79J.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\NNT793TB.DAT
+ 2005-12-29 05:34:27 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\RJ5NXZXN.DAT
- 2003-06-20 10:13:46 49,152 -c--a-w C:\WINDOWS\MIDIDEF.EXE
+ 2006-08-11 18:42:52 25,600 ----a-w C:\WINDOWS\MIDIDEF.EXE
- 2006-12-09 20:26:25 11,402 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-05-05 15:01:04 12,007 -c--a-w C:\WINDOWS\mozver.dat
- 2003-10-06 06:59:00 184,320 -c--a-w C:\WINDOWS\PSCONV.EXE
+ 2006-08-11 18:56:04 34,304 ----a-w C:\WINDOWS\PSCONV.EXE
- 2003-10-06 06:58:50 180,224 -c--a-w C:\WINDOWS\READREG.EXE
+ 2006-08-11 18:56:08 35,840 ----a-w C:\WINDOWS\READREG.EXE
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2003-03-31 12:00:00 138,752 ----a-w C:\WINDOWS\sndvol32.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2002-11-22 13:07:10 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2005-06-08 00:58:54 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 1996-11-13 20:33:32 1,504 -c--a-w C:\WINDOWS\system\NPRX16.DLL
+ 1996-11-27 16:01:18 1,540 -c--a-w C:\WINDOWS\system\NSX83P16.DLL
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\a3d.dll
+ 2006-08-11 18:56:28 33,792 ----a-w C:\WINDOWS\system32\a3d.dll
- 2003-10-06 06:55:56 53,248 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2006-08-11 18:56:16 26,624 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2008-04-24 06:49:46 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
+ 2008-04-14 20:11:50 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
+ 2008-04-23 18:42:28 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
+ 2008-04-23 02:56:01 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
+ 2008-04-27 11:10:55 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
+ 2008-04-02 19:13:37 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2003-10-06 06:44:28 114,688 ----a-w C:\WINDOWS\system32\commonfx.dll
+ 2006-08-11 18:48:08 87,552 ----a-w C:\WINDOWS\system32\commonfx.dll
- 2008-03-13 16:12:41 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-02 18:43:28 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-11 18:45:36 200,192 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2006-08-11 18:48:50 158,720 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
- 2003-10-06 06:57:50 57,344 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
+ 2006-08-11 18:56:02 7,168 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
- 2003-11-19 02:09:46 126,976 -c--a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2006-08-11 18:45:34 74,752 ----a-w C:\WINDOWS\system32\CTASIO.DLL
- 2003-11-18 07:23:50 585,728 ----a-w C:\WINDOWS\system32\ctaudfx.dll
+ 2006-08-11 18:48:12 536,576 ----a-w C:\WINDOWS\system32\ctaudfx.dll
- 2003-10-21 09:54:48 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
+ 2006-08-11 18:45:08 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
- 2003-10-21 09:50:46 112,411 -c--a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:43:20 113,221 ----a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:57:18 37,888 ----a-w C:\WINDOWS\system32\CTBURST.DLL
- 2003-10-06 06:48:30 69,632 -c--a-w C:\WINDOWS\system32\ctcoinst.dll
+ 2006-08-11 18:57:04 81,920 ----a-w C:\WINDOWS\system32\CTCOINST.DLL
- 2003-10-21 09:47:34 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
+ 2006-08-11 18:43:04 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
- 2003-11-27 01:35:26 327,680 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2006-08-11 18:55:52 190,976 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
- 2003-12-03 01:08:46 466,944 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2006-08-11 18:55:52 286,208 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
- 2003-10-06 06:57:12 139,264 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2006-08-11 18:55:54 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
- 2003-10-21 09:54:50 217,272 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 323,640 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 44,567 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
- 2003-10-06 06:46:42 110,592 ----a-w C:\WINDOWS\system32\CTDPROXY.DLL
+ 2006-08-11 18:45:34 71,680 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2003-10-06 06:48:42 143,360 -c--a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:57:06 146,432 ----a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:48:28 160,768 ----a-w C:\WINDOWS\system32\cteapsfx.dll
+ 2006-08-11 18:45:36 47,616 ----a-w C:\WINDOWS\system32\CTEDASIO.DLL
+ 2006-08-11 18:45:40 269,824 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
+ 2006-08-11 18:45:50 115,200 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
+ 2006-08-11 18:48:06 317,952 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
- 2003-10-06 06:45:28 36,864 -c--a-w C:\WINDOWS\system32\CTEMUPIA.DLL
+ 2006-08-11 18:48:52 108,032 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2006-08-11 18:48:42 1,170,432 ----a-w C:\WINDOWS\system32\CTEXFIFX.dll
+ 2006-08-11 18:48:52 61,952 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
+ 2005-06-16 22:17:16 71,680 ----a-w C:\WINDOWS\system32\CTMMACTL.DLL
- 2003-10-06 06:57:48 28,672 -c--a-w C:\WINDOWS\system32\CTMMEP.DLL
+ 2006-08-11 18:56:00 11,776 ----a-w C:\WINDOWS\system32\CTMMEP.DLL
- 2003-10-06 06:46:50 159,744 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:45:22 132,096 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:56:00 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2006-08-11 18:55:56 9,216 ----a-w C:\WINDOWS\system32\CTPRES.DLL
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\ctsbas2w.dat
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\ctsbas2w.dat
- 2003-10-21 09:50:44 230,201 -c--a-w C:\WINDOWS\system32\CTSBASW.DAT
+ 2006-08-11 18:43:18 231,281 ----a-w C:\WINDOWS\system32\CTSBASW.DAT
- 2003-10-06 06:46:14 606,208 ----a-w C:\WINDOWS\system32\ctsblfx.dll
+ 2006-08-11 18:48:32 548,352 ----a-w C:\WINDOWS\system32\ctsblfx.dll
- 2003-10-06 06:57:20 118,784 -c--a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2006-08-11 18:55:54 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2005-06-30 19:24:14 121,856 ----a-w C:\WINDOWS\system32\CTSFINST.DLL
- 2003-10-06 06:58:46 45,056 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2006-08-11 18:56:02 23,040 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
- 2003-10-21 09:47:40 298,971 ----a-w C:\WINDOWS\system32\ctstatic.dat
+ 2006-08-11 18:43:04 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
- 2003-12-31 00:48:26 106,496 -c--a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:55:54 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:56:06 26,112 ----a-w C:\WINDOWS\system32\CTXFIBTN.DLL
+ 2006-08-11 18:56:04 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
+ 2006-08-11 18:53:22 42,496 ----a-w C:\WINDOWS\system32\CTXFIREG.EXE
+ 2006-08-11 18:53:22 52,224 ----a-w C:\WINDOWS\system32\CTXFISPI.DLL
+ 2006-08-11 18:53:20 733,184 ----a-w C:\WINDOWS\system32\CTXFISPI.EXE
+ 2006-08-11 18:56:06 25,088 ----a-w C:\WINDOWS\system32\CTXFISPK.DLL
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:12 232,847 ----a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:04 15,899 ----a-w C:\WINDOWS\system32\Data\CTD20X.DAT
+ 2006-08-11 18:43:18 199,465 ----a-w C:\WINDOWS\system32\Data\CTEAPSW.DAT
+ 2006-08-11 18:43:40 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSP2W.DAT
+ 2006-08-11 18:43:42 339,138 ----a-w C:\WINDOWS\system32\Data\CTEDSPHW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPKW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPLW.DAT
+ 2006-08-11 18:43:42 321,378 ----a-w C:\WINDOWS\system32\Data\CTEDSPPW.DAT
+ 2006-08-11 18:43:40 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPTW.DAT
+ 2006-08-11 18:43:42 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPUW.DAT
+ 2006-08-11 18:43:32 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSPW.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
+ 2006-08-11 18:43:20 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
- 2003-10-21 09:54:42 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
+ 2006-08-11 18:43:26 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
- 2003-10-21 09:54:42 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
+ 2006-08-11 18:43:22 265,882 ----a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
- 2003-10-21 09:50:42 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
+ 2006-08-11 18:43:22 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
- 2003-10-21 09:54:42 265,695 -c--a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
+ 2006-08-11 18:43:24 266,271 ----a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
- 2003-10-21 09:54:42 265,396 -c--a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
+ 2006-08-11 18:43:24 265,972 ----a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
- 2003-10-21 09:54:44 307,781 -c--a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
+ 2006-08-11 18:43:26 309,525 ----a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
- 2003-10-21 09:54:44 307,511 -c--a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
+ 2006-08-11 18:43:28 309,255 ----a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
- 2003-10-21 09:54:44 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:28 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:30 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0246W.DAT
- 2003-10-21 09:54:44 307,052 -c--a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
+ 2006-08-11 18:43:30 308,796 ----a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
+ 2006-08-11 18:43:30 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
+ 2006-08-11 18:43:32 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
- 2003-10-21 09:54:46 312,351 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
+ 2006-08-11 18:43:32 314,095 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
- 2003-10-21 09:54:46 310,240 -c--a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:32 311,984 ----a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:36 312,649 ----a-w C:\WINDOWS\system32\Data\CTP0355W.DAT
+ 2006-08-11 18:43:34 312,007 ----a-w C:\WINDOWS\system32\Data\CTP0358W.DAT
+ 2006-08-11 18:43:34 311,077 ----a-w C:\WINDOWS\system32\Data\CTP0359W.DAT
- 2003-10-21 09:54:46 308,787 -c--a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:34 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:36 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0380W.DAT
+ 2006-08-11 18:43:36 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0400W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
+ 2006-08-11 18:44:24 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0530L.DAT
+ 2006-08-11 18:43:42 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0530W.DAT
+ 2006-08-11 18:45:08 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0531L.DAT
+ 2006-08-11 18:44:26 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0531W.DAT
+ 2006-08-11 18:45:10 245,351 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2006-08-11 18:45:12 245,023 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0600W.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0610W.DAT
+ 2006-08-11 18:43:40 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0669W.DAT
+ 2006-08-11 18:45:08 326,466 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2006-08-11 18:45:10 245,847 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
+ 2006-08-11 18:45:12 245,847 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
- 2003-10-21 09:54:40 257,478 -c--a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
+ 2006-08-11 18:43:20 258,054 ----a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
+ 2006-08-11 18:43:10 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
+ 2006-08-11 18:43:12 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
+ 2006-08-11 18:43:14 232,847 ----a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:04 2,091 ----a-w C:\WINDOWS\system32\Data\CTS20X.DAT
+ 2008-04-28 15:48:15 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2006-08-11 18:42:50 47,104 ----a-w C:\WINDOWS\system32\DEVREG.DLL
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2006-08-11 18:56:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
- 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 06:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 05:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys

 

[piratenews]

COMBOFIX PART 2


- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
- 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 01:07:12 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 05:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 01:07:12 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2004-08-04 06:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 05:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 01:07:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 06:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-08-04 05:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:09:42 584,192 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2004-08-04 06:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 05:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 06:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2004-09-22 22:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 21:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2005-06-08 17:08:34 1,359,744 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
- 2003-11-05 06:26:02 645,392 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2006-08-11 18:45:14 502,272 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2003-11-19 02:13:54 366,160 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2006-08-11 18:45:38 499,584 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2003-10-14 03:17:56 332,800 -c--a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
+ 2005-11-10 21:06:04 340,704 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
- 2002-12-30 02:53:36 12,160 -c--a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2002-12-30 14:53:36 12,160 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2005-09-06 18:02:20 1,365,888 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
- 2003-10-08 02:06:50 178,672 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2006-08-11 18:45:24 116,224 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2003-10-08 02:08:12 6,096 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2006-08-11 18:45:40 7,168 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2003-10-08 02:09:10 130,288 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2006-08-11 18:45:18 143,872 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
- 2004-08-04 06:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 05:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2003-10-13 09:42:12 145,488 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2006-08-11 18:45:18 78,336 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2004-08-04 06:08:21 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-04 05:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
- 2003-10-21 09:26:08 904,496 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:26 766,976 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:32 1,110,016 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
- 2003-10-21 09:23:44 148,432 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:26 154,112 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:28 180,224 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
- 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 05:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2003-03-31 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2003-03-05 16:19:28 15,840 ----a-w C:\WINDOWS\system32\drivers\PfModNT.sys
+ 2006-08-11 18:56:36 8,192 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2004-08-04 06:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-04 05:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2005-03-03 04:48:59 12,400 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-04 06:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 05:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-07-31 22:50:36 51,200 -c--a-w C:\WINDOWS\system32\dumphive.exe
+ 2004-07-31 21:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-07-11 02:51:00 77,824 -c--a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2001-07-11 14:51:00 77,824 ----a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2006-08-11 18:43:02 4,096 ----a-w C:\WINDOWS\system32\ENLOCSTR.EXE
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-18 00:16:19 395,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-09 18:53:05 423,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-26 12:50:45 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2002-05-27 01:00:00 294,912 ------w C:\WINDOWS\system32\Import-Export\EpExifpi.dll
+ 2002-06-03 18:31:52 172,032 ------w C:\WINDOWS\system32\Import-Export\EPPIM2pi.DLL
+ 2002-05-27 01:00:00 229,376 ------w C:\WINDOWS\system32\Import-Export\EpTiffpi.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
- 2007-11-22 17:41:57 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2008-05-27 14:31:36 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
- 2003-03-14 01:33:40 53,248 -c--a-w C:\WINDOWS\system32\KILLAPPS.EXE
+ 2006-08-11 18:43:00 9,216 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
- 2004-08-04 07:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 06:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2003-03-31 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-04-22 00:52:34 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
- 2007-09-05 23:50:44 17,474,680 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 12:30:56 19,148,408 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-19 23:40:58 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-03-29 11:38:48 663,675 ----a-w C:\WINDOWS\system32\OALInst.exe
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2003-10-14 03:53:40 155,648 -c--a-w C:\WINDOWS\system32\OPENAL32.DLL
+ 2008-03-19 20:47:37 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
- 2008-03-18 18:06:36 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 18:29:43 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-18 18:06:36 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 18:29:43 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2003-10-13 09:41:16 114,688 ----a-w C:\WINDOWS\system32\PIAPROXY.DLL
+ 2006-08-11 18:45:16 73,728 ----a-w C:\WINDOWS\system32\piaproxy.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 00:31:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
- 2003-06-06 01:13:00 53,248 -c--a-w C:\WINDOWS\system32\Process.exe
+ 2003-06-06 00:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2008-04-18 10:50:35 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
+ 2008-05-06 03:17:56 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
+ 2008-05-06 03:18:12 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2001-06-28 03:05:52 36,864 -c--a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2006-08-11 18:45:18 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2001-08-17 06:35:46 36,864 -c--a-w C:\WINDOWS\system32\sfman32.dll
+ 2006-08-11 18:45:20 21,504 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2003-10-06 06:47:46 172,032 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2006-08-11 18:45:20 120,832 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
+ 2003-07-08 07:00:00 2,523 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_A4X2H1.DAT
+ 2002-06-12 08:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DCON02.DLL
+ 2003-07-24 09:00:00 51,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DDSP13.DLL
+ 2003-06-16 08:00:00 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHMM12.DLL
+ 2003-06-27 08:00:00 750,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHT41D.DLL
+ 2003-07-23 06:01:00 1,108,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DI08FA.DLL
+ 2003-06-19 08:00:00 418,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DJB307.DLL
+ 2003-07-04 09:00:00 64,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMAI16.DLL
+ 2003-01-14 07:00:00 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMSG00.EXE
+ 2003-01-09 08:00:00 144,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPPE03.EXE
+ 2003-02-05 08:00:00 509,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPUI03.DLL
+ 2003-07-29 08:00:00 4,679,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DS80FE.DLL
+ 2003-08-06 09:00:00 384,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DU18KE.DLL
+ 2003-06-27 08:00:00 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DUMWF2.DLL
+ 2003-07-08 05:01:00 115,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H26UIA.DLL
+ 2003-08-05 05:00:00 954,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H490H2.DLL
+ 2003-08-05 05:00:00 80,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H4E0H2.DLL
+ 2002-07-01 06:02:00 62,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S00RP1.EXE
+ 2003-02-14 07:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10MT1.EXE
+ 2003-02-14 07:04:00 77,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10RN1.EXE
+ 2003-05-19 07:11:00 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S1T0A1.EXE
+ 2003-08-06 07:00:00 318,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S490H1.DLL
+ 2003-08-06 07:00:00 236,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4E2H1.DLL
+ 2003-07-08 07:00:00 99,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4I2H1.EXE
+ 2003-05-16 08:13:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SIINS1.EXE
+ 2003-04-18 07:01:00 16,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN161.DLL
+ 2003-04-18 07:01:00 78,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN321.DLL
+ 2003-07-17 05:04:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBAPI4.DLL
+ 2003-07-28 05:07:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPLPT4.DLL
+ 2002-09-30 05:01:00 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPSHRE4.DLL
+ 2002-06-07 08:00:00 28,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIBSR30.EXE
+ 2003-04-03 08:00:00 52,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIPGI10.DLL
+ 2003-02-20 05:08:00 54,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPSET32.DLL
+ 2002-12-13 09:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUPDATE.EXE
+ 2003-06-27 11:00:06 180,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.DLL
+ 2003-06-27 11:00:06 38,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.EXE
+ 2002-12-11 05:03:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SAGENT4.EXE
+ 2002-12-13 09:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SETUP32.DLL
+ 2002-12-13 13:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2002-12-13 13:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\SETUP32.DLL
- 2006-04-27 21:49:30 288,417 -c--a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-04-27 20:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2008-04-21 10:32:42 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
+ 2008-04-25 23:25:12 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
- 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-27 11:10:55 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
+ 2008-04-16 06:48:23 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
+ 2008-03-22 19:49:39 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
- 2007-09-06 04:22:24 289,144 -c--a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-09-06 03:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
- 2004-08-04 07:56:57 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 06:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\winspool.exe
- 2004-09-22 22:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-03-19 20:47:37 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
+ 2007-10-04 03:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
- 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
backup=C:\WINDOWS\pss\svchost.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]
path=C:\Documents and Settings\John Lee\Start Menu\Programs\Startup\info.exe
backup=C:\WINDOWS\pss\info.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\admrgzcl]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\admrgzcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\WINDOWS\system32\msgk387.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agzlhjyb]
C:\Program Files\Zailakrn\agzlhjyb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajwvivwh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atubgxav]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\atubgxav.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avkftkuj]
--a------ 2008-04-02 15:13 102400 C:\WINDOWS\system32\bqxgvwxo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azqteduj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\azqteduj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdbhljfb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdpfdpft]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdrtjhfh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfbjffnb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfjbjbbr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bhnbbblr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjfbbnfj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjjrtb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnjprlnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
C:\Program Files\BraveSentry\BraveSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brfnnbnn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brlbjnrr]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\buvobwlu]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\buvobwlu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bvwptbsi]
--a------ 2008-04-27 07:10 102400 C:\WINDOWS\system32\bohodqhy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwbcvybi]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfuvubgd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
--a------ 2008-03-13 01:10 26112 C:\WINDOWS\system32\wbem\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddopuymx]
C:\Program Files\Jgcizuhb\ddopuymx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddphnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddrpphfd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhhlldtp]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhpdtj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlfhldtt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlttddlh]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dnfjnfpd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
C:\WINDOWS\system32\maxpaynowti1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtbdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtdddhdt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtddtttf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtfjrrrh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtrnffdj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elitcvol]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\elitcvol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbfnrfnj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbnjflrb]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdtdtp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffbnbdpb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffffnf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfphp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfrjjnf]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjbdjjrh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjsskbze]
C:\Program Files\Iuzmoqrn\fjsskbze.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flcvscpl]
C:\Program Files\Ffotrmup\flcvscpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fldtphth]
C:\WINDOWS\TEMP\ldlddpldttt.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnfbnr]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fpntrppt]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fucghrpz]
--a------ 2008-03-17 19:36 48640 C:\Program Files\Orffrake\fucghrpz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-07-12 15:35 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gdizatqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\gdizatqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glssewff]
C:\WINDOWS\system32\rklwbqty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcjjrfga]
C:\Program Files\Ukwgteha\hcjjrfga.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hddhlthh]
C:\WINDOWS\TEMP\ttllbnrddlj.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdfpltpp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhflhdl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhrhtpn]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdltthhh]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hgbqlgnq]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhdbpd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
C:\WINDOWS\TEMP\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhpjrtrh]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhtdptph]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjdbttdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjzskweh]
C:\WINDOWS\system32\haxqpepk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlbhrdrt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlphllrp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hntnldpb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-06-21 17:44 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpdtttdd]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpnwviiy]
C:\WINDOWS\system32\nmdyfyne.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppdbhth]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htddtlll]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htdthlhd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htgmiqwj]
C:\WINDOWS\system32\sjofkvmz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthdphnj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthhdj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthpdhdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hvjxtkos]
C:\WINDOWS\system32\mvclorsx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxaoehiw]
C:\Program Files\Bruslibn\hxaoehiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxymopxj]
--a------ 2008-03-18 00:24 48640 C:\Program Files\Wkrlenst\hxymopxj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iiuqhadp]
C:\WINDOWS\system32\ankfslit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikfrdeos]
C:\Program Files\Nemgmdaq\ikfrdeos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imwmpapb]
C:\Program Files\Pghxgfpu\imwmpapb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iqccrbxf]
C:\Program Files\Urfhsfjs\iqccrbxf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ixbvwfoo]
C:\WINDOWS\system32\mrgdmhql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jbhtndtt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jddnrddp]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfbhjnrn]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfnbrfrp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfntlt]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfrfnrjj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnbnbfnd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnjbfnbf]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

 

[piratenews]

COMBOFIX PART 3


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
C:\DOCUME~1\JOHNLE~1\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrfjfdlt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrjbfrbd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrnjnbjr]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jthlpd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jzclvydd]
C:\WINDOWS\system32\bedarspg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbqnmhel]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kekponwx]
C:\WINDOWS\system32\xitidwty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klmngtet]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\klmngtet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kozqfxfg]
C:\Program Files\Rrljelam\kozqfxfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krwzmpex]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\krwzmpex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktobqrwd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbhnlnpf]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldblhhfj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddhphll]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddthlpt]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldhphjtt]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldttjhpp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
--a--c--- 2001-06-14 13:42 53248 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
--a--c--- 2001-10-18 11:25 40960 C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfffbfnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfprbplj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfrtrl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhhtthfr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhppttdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljlfhthp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llbhjh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldddhhl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldthhbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhfftlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhjhttj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhrdjpj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lllldtdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llltlpht]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llpdhllt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltpdrjf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltttdph]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lndfpp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnfnhrjb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpfhldjf]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lppptldp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpthpptt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrfpbb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdcvwpqv]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlqdwxef]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msphldex]
C:\WINDOWS\system32\yrcrkdun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a--c--- 2005-10-17 16:24 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\naiotpqs]
C:\Program Files\Tkmrdeil\naiotpqs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nboybimn]
C:\Program Files\Uocxgrut\nboybimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncwsiyal]
C:\WINDOWS\system32\tghapypy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndbnbdfj]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndprhldl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndtfrplj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nfjnfjtb]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njnbrntf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njrrbn]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nldtnphp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlrzkvgr]
C:\Program Files\Yvnmpsfq\nlrzkvgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nnjnfbjb]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nplttrdd]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\npphtdlh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrdnjntj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrfbnbrt]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrjqrgwi]
C:\Program Files\Bjwgpido\nrjqrgwi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrlnflrr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrnjrnff]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oiopwjko]
C:\Program Files\Jzdxcrvx\oiopwjko.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineArmor GUI]
--a------ 2008-04-17 05:25 5545536 C:\Program Files\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozmvkdqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pabedoza]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pabedoza.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdbphtnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdltdpth]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdpdphdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdtddtph]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pftptnbh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phpphdpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pjrdnjjb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkfsykan]
C:\WINDOWS\system32\mjirirez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plpppdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmlypovk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pmlypovk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnbdbj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppdprp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pphttpdp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppjdbnjn]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppldfdlp]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pplrthld]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptdltdt]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptpplpt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]
C:\WINDOWS\system32\alt.exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qavrnrjb]
C:\WINDOWS\system32\qavrnrjb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfoeeqkl]
C:\Program Files\Mobrdadk\qfoeeqkl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpasynse]
C:\Program Files\Hphnwvyk\qpasynse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrtdrglx]
--a------ 2008-05-19 19:00 102400 C:\WINDOWS\system32\puvkbohq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvwvklqf]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rbjrnjbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddfhbff]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddhfl]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-13 15:40 214608 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a--c--- 2003-10-08 16:35 139264 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrfljnl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrjfnnj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhffrbrt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhthpl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rjbnrbbj]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkjovyzk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnbnrnjr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnhffphn]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rrbrnr]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ryfktuji]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ryfktuji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 11:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2005-10-14 01:18 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\wind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
C:\WINDOWS\system32\maxpaynow1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon]
C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbtfhtbd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdlhtdht]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdpjltdl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdrrhj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdtdltpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 10:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thlhdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thptdt]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tijwncze]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\tijwncze.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tjhjlhhr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-13 15:40 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlldnldp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlpddtth]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphjlph]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphnt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlrpbttd]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tltphhlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tnmynbil]
C:\Program Files\Ihjyqtpj\tnmynbil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tntjnd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpblshao]
C:\Program Files\Hnqkjucr\tpblshao.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tplhptth]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpphhppp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tptldptf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
c:\program files\tracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trnpfljj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trttphnd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttbhhhrb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tthlddhh]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tttpdphd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcredal]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ubcredal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufofsron]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ufofsron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uugokkhw]
C:\WINDOWS\system32\nwxyhkxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uweoswtc]
C:\WINDOWS\system32\qxgrmxgl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a--c--- 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqzyjyno]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vzhdavza]
C:\Program Files\Zsuczuvx\vzhdavza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdqzcjeh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wggdpiak]
C:\Program Files\Iazyumko\wggdpiak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whulibwj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\whulibwj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 18:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-01-27 01:38 316728 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\woclqjdh]
C:\WINDOWS\system32\dcnezuly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbtxgkze]
C:\WINDOWS\system32\hufcpoxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xiumixpr]
C:\Program Files\Kfacetsk\xiumixpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmrezyho]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\xmrezyho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xtijziod]
C:\WINDOWS\system32\lejkrohm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xyyhtwwe]
C:\Program Files\Kgatfkzm\xyyhtwwe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydeuhenr]
C:\Program Files\Agglrhai\ydeuhenr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydgstffl]
C:\Program Files\Ujfdpyxl\ydgstffl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yxqylskv]
C:\WINDOWS\system32\qpebubqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zguupthq]
C:\Program Files\Vzovtvph\zguupthq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zhofmsgn]
C:\WINDOWS\system32\hufsrmhs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlmvompz]
C:\Program Files\Jmvthami\zlmvompz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zqjctcjy]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=C:\WINDOWS\mppds.exe
"fnrtlllf"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"klmngtet"=regsvr32 /u "C:\Documents and Settings\All Users\Application Data\klmngtet.dll"
"csrss"=C:\WINDOWS\system32\wbem\csrss.exe
"dddltrhb"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"iSecurity applet"=rundll32.exe iSecurity.cpl,SecurityMonitor
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCPxpsp2res.dll,-22005
"26952:TCP"= 26952:TCPxpsp2res.dll,-22005
"6071:TCP"= 6071:TCPxpsp2res.dll,-22005
"15946:TCP"= 15946:TCPxpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:38:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-08 14:54:56 - machine was rebooted [John Lee]
ComboFix-quarantined-files.txt 2008-06-08 18:54:44
ComboFix2.txt 2008-03-18 19:02:20

Pre-Run: 35,028,836,352 bytes free
Post-Run: 35,357,483,008 bytes free

1709 --- E O F --- 2008-03-21 11:30:12

 

[piratenews]

SDFix: Version 1.189
Run by John Lee on Sun 06/08/2008 at 01:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
Google Online Search Service
GMS31

Path :

Google Online Search Service - Deleted
GMS31 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Schedule Service Path
Resetting AppInit_DLLs value


Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\DOCUME~1\LOCALS~1\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\Program Files\tmp123497953.exe - Deleted
C:\Program Files\tmp123497968.exe - Deleted
C:\Program Files\tmp123498765.exe - Deleted
C:\Program Files\tmp123498843.exe - Deleted
C:\Program Files\tmp123502031.exe - Deleted
C:\Program Files\tmp123504953.exe - Deleted
C:\Documents and Settings\John Lee\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\smp\msrc.exe - Deleted
C:\Program Files\IE Extensions\cj.v2.dll - Deleted
C:\Documents and Settings\John Lee\nax.exe - Deleted
C:\WINDOWS\system32\akttzn.exe - Deleted
C:\WINDOWS\system32\awtoolb.dll - Deleted
C:\WINDOWS\system32\bdn.com - Deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
C:\WINDOWS\system32\credigui.dll - Deleted
C:\WINDOWS\system32\dpcproxy.exe - Deleted
C:\WINDOWS\system32\emesx.dll - Deleted
C:\WINDOWS\system32\gdid32.dll - Deleted
C:\WINDOWS\system32\hoproxy.dll - Deleted
C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
C:\WINDOWS\system32\iphelp.dll - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\medup012.dll - Deleted
C:\WINDOWS\system32\msgp.exe - Deleted
C:\WINDOWS\system32\msnbho.dll - Deleted
C:\WINDOWS\system32\mssecu.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\mtr2.exe - Deleted
C:\WINDOWS\system32\mwin32.exe - Deleted
C:\WINDOWS\system32\n.ini - Deleted
C:\WINDOWS\system32\netd.dll - Deleted
C:\WINDOWS\system32\netode.exe - Deleted
C:\WINDOWS\system32\newsd32.exe - Deleted
C:\WINDOWS\system32\protect.dll - Deleted
C:\WINDOWS\system32\ps1.exe - Deleted
C:\WINDOWS\system32\psof1.exe - Deleted
C:\WINDOWS\system32\psoft1.exe - Deleted
C:\WINDOWS\system32\psx.dll - Deleted
C:\WINDOWS\system32\pxcrt.dll - Deleted
C:\WINDOWS\system32\regc64.dll - Deleted
C:\WINDOWS\system32\regm64.dll - Deleted
C:\WINDOWS\system32\Rundl1.exe - Deleted
C:\WINDOWS\system32\sncntr.exe - Deleted
C:\WINDOWS\system32\ssurf022.dll - Deleted
C:\WINDOWS\system32\ssvchost.com - Deleted
C:\WINDOWS\system32\ssvchost.exe - Deleted
C:\WINDOWS\system32\svchost.t__ - Deleted
C:\WINDOWS\system32\sysreq.exe - Deleted
C:\WINDOWS\system32\taack.dat - Deleted
C:\WINDOWS\system32\taack.exe - Deleted
C:\WINDOWS\system32\temp#01.exe - Deleted
C:\WINDOWS\system32\thun.dll - Deleted
C:\WINDOWS\system32\thun32.dll - Deleted
C:\WINDOWS\system32\VBIEWER.OCX - Deleted
C:\WINDOWS\system32\vbsys2.dll - Deleted
C:\WINDOWS\system32\vcatchpi.dll - Deleted
C:\WINDOWS\system32\winlogonpc.exe - Deleted
C:\WINDOWS\system32\winlugan.exe - Deleted
C:\WINDOWS\system32\winmed.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\WINWGPX.EXE - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\wsock32d.dll - Deleted
C:\WINDOWS\Web\def.htm - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\Documents and Settings\John Lee\Local Settings\Application Data\cftmon.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\SDFix\backups_old1\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\drivers\GMS31.sys - Deleted



Folder C:\Program Files\IE Extensions - Removed
Folder C:\Program Files\iSecurity - Removed
Folder C:\WINDOWS\PerfInfo - Removed
Folder C:\WINDOWS\system32\smp - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 13:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\Cksu78.sys 167936 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*isabled:Support.com Scheduler and Command Dispatcher"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*isabledxpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*isabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"\\findfast.exe"="\\findfast.exe:*:Enabledxpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\Replay Converter\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\Replay Converter\28_83260.dll"
Mon 9 Dec 2002 73,766 A..HR --- "C:\Program Files\Replay Converter\atrc3260.dll"
Mon 9 Dec 2002 65,575 A..HR --- "C:\Program Files\Replay Converter\cook3260.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\Replay Converter\dnet3260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon 9 Dec 2002 94,208 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 548,940 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Mon 9 Dec 2002 102,439 A..HR --- "C:\Program Files\Replay Converter\sipr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\alrsvco.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\ALSNDMGRd.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 27 May 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 18 Mar 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Thu 13 Mar 2008 22,802 ..SHR --- "C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll"
Mon 17 Mar 2008 22,686 ..SHR --- "C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll"
Thu 13 Mar 2008 22,774 ..SHR --- "C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll"
Wed 19 Mar 2008 22,666 ..SHR --- "C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll"
Tue 18 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll"
Thu 13 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll"
Thu 13 Mar 2008 22,714 ..SHR --- "C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll"
Thu 13 Mar 2008 22,678 ..SHR --- "C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll"
Tue 18 Mar 2008 22,610 ..SHR --- "C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll"

Finished!

 

[Shaba]

Hi

I say this once again:

I see no point of cleaning computer infected that badly.

You are using this computer solely on your risk, even after "cleaning".

Open notepad and copy/paste the text in the codebox below into it:

File::
C:\WINDOWS\system32\admdsc.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\auqwqdas.tmp
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll

Folder::
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=-
"fnrtlllf"=-
"klmngtet"=-
"csrss"=-
"dddltrhb"=-
"iSecurity applet"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

 

[piratenews]

Darn! When I ran Combofix my computer just exploded and my house burned down.















Just kidding.

Now how do I hunt down those hackers and get revenge? I'm open to filing criminal charges, as well as extra-judicial measures.

==============================================


ComboFix 08-06-07.3 - John Lee 2008-06-10 1:32:27.6 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Lee\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\cnifshqp\uzqpkbcb.exe
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\danwhoha\fmhurabo.exe
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\dgpixcds\balyzspq.exe
C:\Documents and Settings\All Users\Application Data\dgxwxyjw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw\xqvkngze.exe
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\dsxmtkvi\vijcnshy.exe
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\dunwjghm\jmdifsvi.exe
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\fmpkrczw\bajylylq.exe
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\fspmjgfy\tibatqzc.exe
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\fyvgtytu\jobkzwry.exe
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\hydmhcby\rmxodsla.exe
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\izgtgbct\qbetelyx.exe
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\jahihoxw\fqpajude.exe
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\parifcpm\jkhsvujc.exe
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\qtglohyd\qpuxgzan.exe
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\vmxkzufk\jevmxazo.exe
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\whulahat\ynehglit.exe
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\yvktobmb\yjolabel.exe
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\zazodeji\rclkxmzi.exe
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-10 01:31 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-28 15:39 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-27 14:31 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-07 00:48 2,014 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-06 03:18 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
2008-05-06 03:17 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-28 15:48 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
2008-04-27 11:10 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
2008-04-27 11:10 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
2008-04-25 23:25 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
2008-04-24 06:49 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
2008-04-23 18:42 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
2008-04-23 02:56 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
2008-04-22 00:52 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
2008-04-21 10:32 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
2008-04-21 00:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
2008-04-19 23:40 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
2008-04-18 10:50 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
2008-04-16 06:48 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
2008-04-14 20:11 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
2008-04-02 19:13 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 12:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-22 19:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-19 20:47 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 20:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\ALSNDMGRd.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\alrsvco.exe
2008-03-13 15:56 10,000 ------w C:\WINDOWS\system32\Kf94lfg.dll
2008-03-13 15:45 8,704 ----a-w C:\WINDOWS\system32\rcdll.dll
2008-03-13 05:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_14.51.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 04:17:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCPxpsp2res.dll,-22005
"26952:TCP"= 26952:TCPxpsp2res.dll,-22005
"6071:TCP"= 6071:TCPxpsp2res.dll,-22005
"15946:TCP"= 15946:TCPxpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 01:39:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-06-10 1:45:20
ComboFix-quarantined-files.txt 2008-06-10 05:44:14
ComboFix2.txt 2008-06-08 18:54:59
ComboFix3.txt 2008-03-18 19:02:20

Pre-Run: 34,259,288,064 bytes free
Post-Run: 34,242,891,776 bytes free

396 --- E O F --- 2008-03-21 11:30:12


================================================


Am I cured, Doc?

Computer seems to be running great. My mouse problem disappeared, and now I can copy and post in my online email. And I don't have 10 mouse clicks per webpage. Still have a Windows Installer problem. But all in all, it's a big improvement.

Thank ye!

 

[piratenews]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:55 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4465 bytes

 

[Shaba]

Hi

We will come to that a bit later

Do you recognize these folders?

2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY

 

[piratenews]

Very mysterious names...

Actually, they all look like old font folders that I failed to download to windows/fonts/ directory. Deletable. I've already moved the font files. Folders are empty except for junk txt files.

My file keeping is a little sloppy.

 

[piratenews]

Here's a live one today, perhaps:

c:\program files\Cmkkhknc\qitpxww.exe
80kb 5/21/2008