Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Known Look2me Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 Keserian

Keserian

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2006 - 01:56 PM

Alright, I'm getting the usual symptoms, random pop-ups from various sites, errors with my desktop background, and so forth. I know I have a look2me infection, both Windows Defender and Spybot S&D have found it, and I've tried every manual trick I remember (Killbox, HijackThis, etc.) to remove it, but the damn thing won't go away.

For background technical info, I'm running a Windows XP Pro system SP2 with full updates. I'm running the NVIDIA Chipset Firewall as well as a updated version of Norton AV. So that's that. Now for the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:47 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\{7413C223-08A3-1033-0602-050902040001}\Update.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\Thelas Setup\Anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\iodbg.exe
F2 - REG:system.ini: UserInit=userinit.exe,tjjeqjm.exe
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [rvqogb] C:\WINDOWS\system32\sfmwgd.exe reg_run
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [oswph] C:\WINDOWS\system32\sfmwgd.exe reg_run
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151889545718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151889541078
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\lv4009hme.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

I have HijackThis, Hitman Pro and Kill Box availible, altough I can of course download whatever you need me to.

As well as the detection information from Windows Defender:
Category:
Spyware

Description:
This program has potentially unwanted behavior.

Advice:
Remove this software immediately.

Resources:
process:
pid:2004

process:
pid:428

clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{73B7F180-B00B-4382-820A-77590BA6AD30}

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{73B7F180-B00B-4382-820A-77590BA6AD30}

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\Explorer

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{73B7F180-B00B-4382-820A-77590BA6AD30}

winlognotif:
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\Explorer

shellextapproved:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\\{73B7F180-B00B-4382-820A-77590BA6AD30}

file:
C:\WINDOWS\system32\mtcsubs.dll

file:
C:\WINDOWS\system32\lv4009hme.dll

Edited by Keserian, 29 July 2006 - 01:59 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 29 July 2006 - 05:52 PM

Hello,

Please don't use the code tags to post the logs, because it stretches the logs and make it harder to read.

It is important you don't miss a step and perform everything in the right order!!

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

Please download, install, and update Ewido anti-spyware
  • Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Ewido and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
You may need several replies to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2006 - 06:40 PM

Alright, here it goes:

Start Time= Sat 07/29/2006 19:35:11.84
Running from: C:\Documents and Settings\Administrator

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{73B7F180-B00B-4382-820A-77590BA6AD30}]
@=""

[HKEY_CLASSES_ROOT\clsid\{73B7F180-B00B-4382-820A-77590BA6AD30}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{73B7F180-B00B-4382-820A-77590BA6AD30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{73B7F180-B00B-4382-820A-77590BA6AD30}\InprocServer32]
@="C:\\WINDOWS\\system32\\niprovau.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\niprovau.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

19:35:23.23

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *




* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-01 19:09:24 208,896 "C:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208,896 "C:\WINDOWS\system32\nvusmb.exe"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-01 17:22:00 229,376 "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 81,920 "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 1,019,904 "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1,740,800 "C:\WINDOWS\system32\nvwssr.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-01 17:22:00 147,456 "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 794,624 "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 155,715 "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 208,896 "C:\WINDOWS\system32\nvudisp.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-06-01 17:22:00 5,652,480 "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 3,100,672 "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 581,632 "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 188,416 "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 888,832 "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 5,632,000 "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 466,944 "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 2,924,544 "C:\WINDOWS\system32\nvvitvs.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-06-22 06:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-06-01 17:22:00 196,608 "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 35,840 "C:\WINDOWS\system32\nvcod.dll"
2006-06-01 17:22:00 7,618,560 "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 1,466,368 "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1,257,472 "C:\WINDOWS\system32\nvwss.dll"
2006-07-29 13:50:02 290 "C:\WINDOWS\qasdw.dll"
2006-07-02 21:14:52 5,245 "C:\WINDOWS\mozver.dat"
2006-07-28 20:58:56 53 "C:\WINDOWS\vepqpl.dat"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


07/29/2006 01:50 PM 290 qasdw.dll.vir
07/28/2006 08:58 PM 53 vepqpl.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-01 17:22:00 147,456 "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 794,624 "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 155,715 "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 208,896 "C:\WINDOWS\system32\nvudisp.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-01 19:09:24 208,896 "C:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208,896 "C:\WINDOWS\system32\nvusmb.exe"
2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-06-01 17:22:00 5,652,480 "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 3,100,672 "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 581,632 "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 188,416 "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 888,832 "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 5,632,000 "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 466,944 "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 2,924,544 "C:\WINDOWS\system32\nvvitvs.dll"
2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-06-22 06:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-01 17:22:00 229,376 "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 81,920 "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 1,019,904 "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1,740,800 "C:\WINDOWS\system32\nvwssr.dll"
2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-01 17:22:00 196,608 "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 35,840 "C:\WINDOWS\system32\nvcod.dll"
2006-06-01 17:22:00 7,618,560 "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 1,466,368 "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1,257,472 "C:\WINDOWS\system32\nvwss.dll"
2006-07-02 21:14:52 5,245 "C:\WINDOWS\mozver.dat"


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-29 19:31:08 234193 ( ..S.R ) "C:\WINDOWS\system32\t0r8la9u1d.dll"
2006-07-29 19:08:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-29 16:51:02 ( .D... ) "C:\Program Files\PTDD Group"
2006-07-29 16:21:46 236088 ( ..S.R ) "C:\WINDOWS\system32\m8rm0i91e8.dll"
2006-07-29 13:35:40 ( .D... ) "C:\Program Files\Windows Defender"
2006-07-28 21:22:54 1064 ( A.... ) "C:\WINDOWS\system32\fck38295.sys"
2006-07-28 21:22:54 1064 ( A.... ) "C:\WINDOWS\system32\fck38295.sys"
2006-07-28 21:17:52 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Lavasoft"
2006-07-28 21:12:22 ( .D... ) "C:\Program Files\Spyware Doctor"
2006-07-28 21:12:22 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\PC Tools"
2006-07-28 21:03:50 ( .D... ) "C:\Program Files\Webroot"
2006-07-28 21:03:50 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Webroot"
2006-07-28 21:03:14 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-28 21:02:56 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-28 21:02:46 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-28 20:59:08 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-07-28 20:58:44 235134 ( A.... ) "C:\WINDOWS\srvegwkvhm.exe"
2006-07-28 20:58:44 184829 ( A.... ) "C:\WINDOWS\srvhjrpoie.exe"
2006-07-28 20:57:32 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Sun"
2006-07-28 20:57:08 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
2006-07-28 20:57:06 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-28 20:56:24 ( .D... ) "C:\Program Files\Common Files\{7413C223-08A3-1033-0602-050902040001}"
2006-07-27 19:51:10 ( .D... ) "C:\Program Files\poc"
2006-07-27 08:43:34 ( .D... ) "C:\Program Files\Hitman Pro"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-20 18:07:04 ( .D... ) "C:\Program Files\Activision"
2006-07-09 14:23:42 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-07-07 11:24:34 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AdobeUM"
2006-07-07 11:24:22 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Adobe"
2006-07-07 11:24:20 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-07 09:35:32 ( .D... ) "C:\Program Files\Adobe"
2006-07-07 09:35:12 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Leadertech"
2006-07-07 09:35:06 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-07-07 09:33:06 ( .D... ) "C:\Program Files\Atari"
2006-07-06 17:35:42 ( .D... ) "C:\Program Files\BitComet"
2006-07-06 17:22:16 ( .D... ) "C:\Program Files\Sierra On-Line"
2006-07-06 15:43:40 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\LimeWire"
2006-07-06 15:42:40 ( .D... ) "C:\Program Files\Java"
2006-07-06 15:42:24 ( .D... ) "C:\Program Files\Common Files\Java"
2006-07-06 15:42:08 ( .D... ) "C:\Program Files\LimeWire"
2006-07-05 20:49:00 ( .D... ) "C:\Program Files\Sid Meiers SimGolf on Hathor"
2006-07-02 22:00:52 ( .D... ) "C:\Program Files\UT2004"
2006-07-02 21:54:22 ( .D... ) "C:\Program Files\Strategy First"
2006-07-02 21:51:26 ( .D... ) "C:\Program Files\Sierra"
2006-07-02 21:46:36 ( .D... ) "C:\Program Files\LucasArts"
2006-07-02 21:41:16 ( .D... ) "C:\Program Files\Alcohol Soft"
2006-07-02 21:36:04 ( .D... ) "C:\Program Files\mIRC"
2006-07-02 21:33:58 ( .D... ) "C:\Program Files\CCP"
2006-07-02 21:23:56 ( .D... ) "C:\Program Files\Bethesda Softworks"
2006-07-02 21:16:08 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Talkback"
2006-07-02 21:15:02 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Thunderbird"
2006-07-02 21:14:48 ( .D... ) "C:\Program Files\Mozilla Thunderbird"
2006-07-02 21:13:28 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Macromedia"
2006-07-02 21:10:50 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-07-02 21:10:50 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla"
2006-07-02 21:10:02 ( .D... ) "C:\Program Files\14 Degrees East"
2006-07-02 20:58:22 ( .D... ) "C:\Program Files\DIFX"
2006-07-02 20:37:44 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-02 20:37:44 ( .D... ) "C:\Program Files\AvRack"
2006-07-02 20:37:40 ( .D... ) "C:\Program Files\Realtek AC97"
2006-07-02 20:01:16 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-02 20:00:24 ( .D... ) "C:\Program Files\NVIDIA Corporation"
2006-07-02 19:57:06 ( .D... ) "C:\Program Files\WinRAR"
2006-07-02 19:56:10 ( .D... ) "C:\Program Files\Marvell"
2006-07-02 19:56:00 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-02 19:52:06 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-02 19:52:06 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Identities"
2006-07-02 19:52:02 ( .DS.. ) "C:\Documents and Settings\Administrator\Application Data\Microsoft"
2006-07-02 19:47:08 ( .D... ) "C:\Program Files\xerox"
2006-07-02 19:47:08 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-02 19:46:52 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-02 19:45:36 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-02 19:44:58 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-02 19:44:56 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-02 19:44:46 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-02 19:44:38 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-02 19:44:36 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-02 19:44:32 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-02 19:44:30 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-02 19:44:00 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-02 19:43:44 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-02 19:43:44 ( .D... ) "C:\Program Files\Online Services"
2006-07-02 19:43:38 ( .D... ) "C:\Program Files\Messenger"
2006-07-02 19:43:34 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-02 19:43:10 ( .D... ) "C:\Program Files\Windows NT"
2006-07-02 19:43:10 ( .D... ) "C:\Program Files\MSN"
2006-07-02 15:35:46 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files"
2006-07-02 15:35:22 62 ( A.SH. ) "C:\Documents and Settings\Administrator\Application Data\desktop.ini"
2006-06-29 10:07:36 61440 ( A.... ) "C:\WINDOWS\system32\BattyRun.dll"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvusmb.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-29 19:31 234,193 C:\WINDOWS\system32\t0r8la9u1d.dll
2006-07-29 16:21 236,088 C:\WINDOWS\system32\m8rm0i91e8.dll
2006-07-28 21:12 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-28 21:12 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-28 21:03 8,192 C:\WINDOWS\system32\ssiefr.EXE
2006-07-28 21:03 684,032 C:\WINDOWS\libeay32.dll
2006-07-28 21:03 492,544 C:\WINDOWS\system32\WRLogonNtf.dll
2006-07-28 21:03 478,720 C:\WINDOWS\WRUninstall.dll
2006-07-28 21:03 17,920 C:\WINDOWS\system32\wrlzma.dll
2006-07-28 21:03 155,648 C:\WINDOWS\ssleay32.dll
2006-07-28 21:03 102,912 C:\WINDOWS\system32\islzma.dll
2006-07-28 21:02 118,784 C:\WINDOWS\system32\MSSTDFMT.DLL
2006-07-28 20:59 38,412 C:\WINDOWS\ssqbn.exe
2006-07-28 20:59 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-28 20:58 235,134 C:\WINDOWS\srvegwkvhm.exe
2006-07-28 20:58 184,829 C:\WINDOWS\srvhjrpoie.exe
2006-07-28 20:58 1,064 C:\WINDOWS\system32\fck38295.sys
2006-07-28 20:57 28,672 C:\WINDOWS\system32bez6n4r21.exe
2006-07-28 20:57 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-27 19:51 368,912 C:\WINDOWS\system32\vbar332.dll
2006-07-27 19:51 143,360 C:\WINDOWS\system32\Stamin32.Dll
2006-07-18 18:08 49,250 C:\WINDOWS\system32\javaw.exe
2006-07-18 18:08 49,248 C:\WINDOWS\system32\java.exe
2006-07-18 18:08 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-09 14:23 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-06 17:26 231,936 C:\WINDOWS\system32\Snwvalid.dll
2006-07-06 17:26 12,800 C:\WINDOWS\system32\WING32.DLL
2006-07-06 17:26 1,022,976 C:\WINDOWS\system32\Sierranw.dll
2006-07-06 17:20 306,688 C:\WINDOWS\IsUninst.exe
2006-07-02 21:32 266,360 C:\WINDOWS\system32\TweakUI.exe
2006-07-02 21:24 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-02 21:22 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-02 21:19 18,200 C:\WINDOWS\system32\wups2.dll
2006-07-02 20:42 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-07-02 20:37 9,410,048 C:\WINDOWS\system32\RTLCPL.EXE
2006-07-02 20:37 77,824 C:\WINDOWS\SOUNDMAN.EXE
2006-07-02 20:37 40,960 C:\WINDOWS\system32\ChCfg.exe
2006-07-02 20:37 294,912 C:\WINDOWS\alcupd.exe
2006-07-02 20:37 200,704 C:\WINDOWS\alcrmv.exe
2006-07-02 20:37 156,672 C:\WINDOWS\system32\RTLCPAPI.dll
2006-07-02 19:58 454,656 C:\WINDOWS\system32\CapabilityTable.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\nvusmb.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\nvunrm.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\NVUNINST.EXE
2006-07-02 19:57 9,728 C:\WINDOWS\system32\bdco1ins.dll
2006-07-02 19:57 9,728 C:\WINDOWS\system32\bdco1.dll
2006-07-02 19:57 32,256 C:\WINDOWS\system32\nvconrm.dll
2006-07-02 19:57 300,032 C:\WINDOWS\system32\idecoi.dll
2006-07-02 19:57 201,728 C:\WINDOWS\system32\fdco1ins.dll
2006-07-02 19:57 201,728 C:\WINDOWS\system32\fdco1.dll
2006-07-02 19:46 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-02 19:46 0 C:\MSDOS.SYS
2006-07-02 19:46 0 C:\IO.SYS
2006-07-02 19:46 0 C:\CONFIG.SYS
2006-07-02 19:46 0 C:\AUTOEXEC.BAT
2006-07-02 19:45 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-02 19:44 81,920 C:\WINDOWS\system32\isign32.dll
2006-07-02 19:44 81,920 C:\WINDOWS\system32\ils.dll
2006-07-02 19:44 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-07-02 19:44 73,728 C:\WINDOWS\system32\icwdial.dll
2006-07-02 19:44 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-02 19:44 69,632 C:\WINDOWS\system32\msconf.dll
2006-07-02 19:44 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-07-02 19:44 67,584 C:\WINDOWS\system32\srclient.dll
2006-07-02 19:44 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-07-02 19:44 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-02 19:44 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-07-02 19:44 48,128 C:\WINDOWS\system32\inetres.dll
2006-07-02 19:44 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-02 19:44 45,568 C:\WINDOWS\system32\safrslv.dll
2006-07-02 19:44 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-07-02 19:44 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-07-02 19:44 41,240 C:\WINDOWS\system32\wups.dll
2006-07-02 19:44 382,464 C:\WINDOWS\system32\qmgr.dll
2006-07-02 19:44 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-07-02 19:44 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-02 19:44 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-07-02 19:44 29,696 C:\WINDOWS\system32\safrdm.dll
2006-07-02 19:44 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-07-02 19:44 274,944 C:\WINDOWS\system32\mstask.dll
2006-07-02 19:44 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-07-02 19:44 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-07-02 19:44 239,104 C:\WINDOWS\system32\srrstr.dll
2006-07-02 19:44 22,528 C:\WINDOWS\system32\fltMc.exe
2006-07-02 19:44 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-02 19:44 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-07-02 19:44 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-02 19:44 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-02 19:44 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-02 19:44 170,496 C:\WINDOWS\system32\srsvc.dll
2006-07-02 19:44 16,896 C:\WINDOWS\system32\fltlib.dll
2006-07-02 19:44 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-02 19:44 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-02 19:44 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-02 19:44 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-02 19:44 12,288 C:\WINDOWS\system32\mstinit.exe
2006-07-02 19:44 105,984 C:\WINDOWS\system32\msoert2.dll
2006-07-02 19:44 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-02 19:43 97,792 C:\WINDOWS\system32\comrepl.dll
2006-07-02 19:43 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-07-02 19:43 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-02 19:43 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-07-02 19:43 9,728 C:\WINDOWS\system32\reset.exe
2006-07-02 19:43 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-07-02 19:43 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-02 19:43 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-02 19:43 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-02 19:43 67,072 C:\WINDOWS\system32\rdshost.exe
2006-07-02 19:43 655,360 C:\WINDOWS\system32\mstscax.dll
2006-07-02 19:43 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-07-02 19:43 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-07-02 19:43 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-02 19:43 60,416 C:\WINDOWS\system32\remotepg.dll
2006-07-02 19:43 60,416 C:\WINDOWS\system32\colbact.dll
2006-07-02 19:43 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-02 19:43 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-07-02 19:43 56,832 C:\WINDOWS\system32\sol.exe
2006-07-02 19:43 56,320 C:\WINDOWS\system32\servdeps.dll
2006-07-02 19:43 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-02 19:43 540,160 C:\WINDOWS\system32\comuid.dll
2006-07-02 19:43 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-02 19:43 538,624 C:\WINDOWS\system32\spider.exe
2006-07-02 19:43 5,632 C:\WINDOWS\system32\write.exe
2006-07-02 19:43 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-02 19:43 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-07-02 19:43 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-07-02 19:43 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-02 19:43 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-07-02 19:43 407,552 C:\WINDOWS\system32\mstsc.exe
2006-07-02 19:43 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-02 19:43 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-02 19:43 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-07-02 19:43 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-02 19:43 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-07-02 19:43 343,040 C:\WINDOWS\system32\mspaint.exe
2006-07-02 19:43 33,792 C:\WINDOWS\system32\regini.exe
2006-07-02 19:43 295,424 C:\WINDOWS\system32\termsrv.dll
2006-07-02 19:43 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-02 19:43 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-02 19:43 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-02 19:43 225,792 C:\WINDOWS\system32\catsrv.dll
2006-07-02 19:43 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-02 19:43 20,992 C:\WINDOWS\system32\msg.exe
2006-07-02 19:43 20,480 C:\WINDOWS\system32\qprocess.exe
2006-07-02 19:43 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-02 19:43 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-07-02 19:43 183,808 C:\WINDOWS\system32\accwiz.exe
2006-07-02 19:43 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-02 19:43 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-02 19:43 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-02 19:43 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-02 19:43 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-02 19:43 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-02 19:43 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-02 19:43 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-02 19:43 147,968 C:\WINDOWS\system32\rdchost.dll
2006-07-02 19:43 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-02 19:43 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-02 19:43 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-02 19:43 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-07-02 19:43 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-07-02 19:43 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-02 19:43 123,392 C:\WINDOWS\system32\mplay32.exe
2006-07-02 19:43 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-02 19:43 114,688 C:\WINDOWS\system32\calc.exe
2006-07-02 19:43 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-07-02 19:43 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-07-02 19:43 11,264 C:\WINDOWS\system32\icaapi.dll
2006-07-02 19:43 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-07-02 19:43 1,267,200 C:\WINDOWS\system32\comsvcs.dll
2006-07-02 19:43 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-02 19:42 58,880 C:\WINDOWS\system32\licwmi.dll
2006-07-02 19:42 185,344 C:\WINDOWS\system32\cmprops.dll
2006-07-02 19:42 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-07-02 15:37 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-02 15:36 74,240 C:\WINDOWS\system32\usbui.dll
2006-07-02 15:35 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-02 15:35 8,704 C:\WINDOWS\system32\batt.dll
2006-07-02 15:35 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-02 15:35 74,752 C:\WINDOWS\system32\storprop.dll
2006-07-02 15:35 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-02 15:35 69,120 C:\WINDOWS\NOTEPAD.EXE
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-02 15:35 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-02 15:35 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-02 15:35 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-02 15:35 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-02 15:35 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-02 15:31 2,145,386,496 C:\pagefile.sys
2006-06-29 10:07 61,440 C:\WINDOWS\system32\BattyRun.dll
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\popo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\memego.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^kmxxm.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\kmxxm.exe"
"backup"="C:\\WINDOWS\\pss\\kmxxm.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\kmxxm.exe"
"item"="kmxxm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad8rIU3s]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cvn0"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\cvn0.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rwintpez"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\rwintpez.exe CORN003"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="System"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\System Files\\System.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskswitch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\taskswitch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrfg_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrfg_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fck38295]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w0210a6f.dll,n 00238293000000030210a6f"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdfg_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdfg_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms044519391947]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ms044519391947"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ms044519391947.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmfg_7"
"hkey"="HKLM"
"command"="c:\\\\nwnmfg_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nTrayFw"
"hkey"="HKLM"
"command"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oswph]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sfmwgd"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\sfmwgd.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="outlook"
"hkey"="HKLM"
"command"="C:\\Program Files\\outlook\\outlook.exe /auto"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSHope]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSHope"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\PSHope\\PSHope.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rvqogb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sfmwgd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\sfmwgd.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys024745193919]
"key"="SOFTWARE\\Microsoft\\Windows\\Current

#4 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2006 - 06:43 PM

Ewido Log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:28:03 PM 7/29/2006

+ Scan result:



C:\WINDOWS\system32\aallplnl.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\fijipjgc.dll -> Adware.Agent : No action taken.
C:\WINDOWS\system32\fck38295.dll -> Adware.IEHelper : No action taken.
C:\WINDOWS\system32\f82m0if1e82.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\guard.tmp_tobedeleted -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32\mpdtctm.dll -> Adware.Look2Me : No action taken.
[2820] C:\WINDOWS\system32\wdi.dll -> Adware.Look2Me : No action taken.
[904] C:\WINDOWS\system32\wdi.dll -> Adware.Look2Me : No action taken.
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : No action taken.
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : No action taken.
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : No action taken.
C:\!KillBox\Ssk.exe -> Adware.SurfSide : No action taken.
C:\!KillBox\Ssk.exe( 1) -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-854245398-448539723-839522115-500\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-854245398-448539723-839522115-500\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc20.exe -> Downloader.Agent.aaf : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc21.exe -> Downloader.Agent.ala : No action taken.
C:\WINDOWS\pss\kmxxm.exeCommon Startup -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\system32\xcbar.dat -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\system32\ymlwwmw.dll -> Downloader.Qoologic.bj : No action taken.
C:\WINDOWS\lt.exe -> Downloader.Small.ajc : No action taken.
C:\WINDOWS\uicsa.dll -> Downloader.Small.ajc : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc18.exe -> Downloader.Small.cyh : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc27\wioip.exe -> Downloader.TSUpdate.f : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc27\wioia.exe -> Downloader.TSUpdate.l : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc27\wioim.exe -> Downloader.TSUpdate.n : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc27\wioil.exe -> Downloader.TSUpdate.r : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc28.exe -> Downloader.VB.aga : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc136.exe -> Downloader.VB.aik : No action taken.
C:\WINDOWS\system32\setup.exe.tmp -> Downloader.VB.aik : No action taken.
C:\WINDOWS\offun.exe -> Downloader.VB.nw : No action taken.
C:\WINDOWS\wxoygveA.exe -> Downloader.VB.nw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc25.exe -> Dropper.Agent.aie : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc23.exe -> Dropper.Agent.hl : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc26.exe -> Dropper.Agent.hl : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc17.exe -> Dropper.Agent.mu : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc16.exe -> Hijacker.Small : No action taken.
:mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.275:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.276:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.416:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.538:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.539:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.540:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@www.adtrak[1].txt -> TrackingCookie.Adtrak : No action taken.
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.520:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.521:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.522:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : No action taken.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Enhance : No action taken.
:mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.298:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.299:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.312:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.313:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.314:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.315:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.502:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.503:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.504:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.507:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Goclick : No action taken.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.387:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.235:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.209:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.301:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.302:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.303:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.304:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.440:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.441:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.442:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.339:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.19:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.300:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.462:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.501:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@media.top-banners[1].txt -> TrackingCookie.Top-banners : No action taken.
:mozilla.471:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.473:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.474:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.475:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.477:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.478:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.480:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.481:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.482:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.483:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.484:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.451:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.452:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.454:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.455:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\redist.dll -> Trojan.Agent.sx : No action taken.
C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : No action taken.
C:\Program Files\Common Files\{7413C223-08A3-1033-0602-050902040001}\Update.exe -> Trojan.Starter.65 : No action taken.
C:\Documents and Settings\Administrator\My Documents\Ships\cracktro.exe -> Worm.Mytob.bt : No action taken.
C:\Program Files\BitComet\Downloads\New Folder\cracktro.exe -> Worm.Mytob.bt : No action taken.
C:\Program Files\BitComet\Downloads\Ship.Simulator.2006-RiTUEL\cracktro.exe -> Worm.Mytob.bt : No action taken.
C:\Program Files\BitComet\Downloads\Ship.Simulator.2006-RiTUEL\r-shis01.zip/cracktro.exe -> Worm.Mytob.bt : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc100.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc101.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc102.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc103.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc104.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc105.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc106.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc107.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc108.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc109.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc110.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc111.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc112.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc113.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc114.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc115.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc116.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc117.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc118.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc119.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc120.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc121.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc122.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc123.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc124.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc125.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc126.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc127.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc128.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc129.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc130.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc131.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc132.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc133.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc134.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc135.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc15.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc29.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc30.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc31.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc32.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc33.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc34.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc35.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc36.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc37.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc38.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc39.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc40.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc41.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc42.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc43.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc44.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc45.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc46.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc47.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc48.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc49.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc50.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc51.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc52.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc53.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc54.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc55.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc65.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc66.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc67.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc68.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc69.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc70.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc71.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc72.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc73.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc74.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc75.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc76.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc77.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc78.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc79.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc80.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc81.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc82.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc83.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc84.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc85.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc86.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc87.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc88.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc89.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc90.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc91.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc92.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc93.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc94.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc95.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc96.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc97.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc98.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\RECYCLER\S-1-5-21-854245398-448539723-839522115-500\Dc99.zip/Setup.exe -> Worm.VB.dw : No action taken.


::Report end


HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:42:08 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\Thelas Setup\Anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889545718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889541078
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 29 July 2006 - 06:49 PM

Hello,

I am afraid we have to do this again though, because I see you didn't perform the ewido scan as described... Because Ewido didn't delete anything.

Most probably you forgot next step:

# Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.......


and/or

# Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.


So perform all my above steps again, because the logs don't make sense now.
Then post a new combofix log, a new hijackthislog and the log from ewido in your next reply.

Edited by miekiemoes, 29 July 2006 - 06:50 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2006 - 07:10 PM

Right, scanning now. The odd thing is that the Ewido program shows all of the issues as having been dumped into quarantine. Even though the logs don't show that.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 29 July 2006 - 07:13 PM

Ok, after the Ewido scan and before combofix, perform next steps..

don't miss a step and perform everything in the right order.

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^kmxxm.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ad8rIU3s]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAS2]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fck38295]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms044519391947]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oswph]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSHope]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rvqogb]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys024745193919]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Open Hijackthis and check and fix next entry:

O20 - AppInit_DLLs: repairs303169590.dll

Ignore the error you'll get while fixing above...

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folders and files if still present:

C:\Program Files\Common Files\{7413C223-08A3-1033-0602-050902040001} <== folder
C:\WINDOWS\system32\t0r8la9u1d.dll
C:\WINDOWS\system32\m8rm0i91e8.dll
C:\WINDOWS\ssqbn.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\srvegwkvhm.exe
C:\WINDOWS\srvhjrpoie.exe
C:\WINDOWS\system32\fck38295.sys
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\BattyRun.dll
C:\WINDOWS\pss\kmxxm.exeCommon Startup
C:\Program Files\Windows NT\memego.html
C:\Program Files\MSN Gaming Zone\popo.html
C:\Program Files\PSHope <== folder
C:\Program Files\Internet Optimizer <== folder
C:\Program Files\System Files <== folder
C:\Program Files\Batty <== folder

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog , the log from Ewido and a new combofixlog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 29 July 2006 - 07:53 PM

Combo Fix Log:
Start Time= Sat 07/29/2006 20:50:54.96
Running from: C:\Documents and Settings\Administrator

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-29 19:08:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-29 16:51:02 ( .D... ) "C:\Program Files\PTDD Group"
2006-07-29 13:35:40 ( .D... ) "C:\Program Files\Windows Defender"
2006-07-28 21:17:52 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Lavasoft"
2006-07-28 21:12:22 ( .D... ) "C:\Program Files\Spyware Doctor"
2006-07-28 21:12:22 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\PC Tools"
2006-07-28 21:03:50 ( .D... ) "C:\Program Files\Webroot"
2006-07-28 21:03:50 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Webroot"
2006-07-28 21:03:14 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-28 21:02:56 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-28 21:02:46 ( .D... ) "C:\Program Files\SpywareBlaster"
2006-07-28 20:57:32 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Sun"
2006-07-27 19:51:10 ( .D... ) "C:\Program Files\poc"
2006-07-27 08:43:34 ( .D... ) "C:\Program Files\Hitman Pro"
2006-07-20 18:07:04 ( .D... ) "C:\Program Files\Activision"
2006-07-09 14:23:42 98304 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2006-07-07 11:24:34 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\AdobeUM"
2006-07-07 11:24:22 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Adobe"
2006-07-07 11:24:20 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-07 09:35:32 ( .D... ) "C:\Program Files\Adobe"
2006-07-07 09:35:12 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Leadertech"
2006-07-07 09:35:06 ( .D... ) "C:\Program Files\GameSpy Arcade"
2006-07-07 09:33:06 ( .D... ) "C:\Program Files\Atari"
2006-07-06 17:35:42 ( .D... ) "C:\Program Files\BitComet"
2006-07-06 17:22:16 ( .D... ) "C:\Program Files\Sierra On-Line"
2006-07-06 15:43:40 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\LimeWire"
2006-07-06 15:42:40 ( .D... ) "C:\Program Files\Java"
2006-07-06 15:42:24 ( .D... ) "C:\Program Files\Common Files\Java"
2006-07-06 15:42:08 ( .D... ) "C:\Program Files\LimeWire"
2006-07-05 20:49:00 ( .D... ) "C:\Program Files\Sid Meiers SimGolf on Hathor"
2006-07-02 22:00:52 ( .D... ) "C:\Program Files\UT2004"
2006-07-02 21:54:22 ( .D... ) "C:\Program Files\Strategy First"
2006-07-02 21:51:26 ( .D... ) "C:\Program Files\Sierra"
2006-07-02 21:46:36 ( .D... ) "C:\Program Files\LucasArts"
2006-07-02 21:41:16 ( .D... ) "C:\Program Files\Alcohol Soft"
2006-07-02 21:36:04 ( .D... ) "C:\Program Files\mIRC"
2006-07-02 21:33:58 ( .D... ) "C:\Program Files\CCP"
2006-07-02 21:23:56 ( .D... ) "C:\Program Files\Bethesda Softworks"
2006-07-02 21:16:08 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Talkback"
2006-07-02 21:15:02 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Thunderbird"
2006-07-02 21:14:48 ( .D... ) "C:\Program Files\Mozilla Thunderbird"
2006-07-02 21:13:28 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Macromedia"
2006-07-02 21:10:50 ( .D... ) "C:\Program Files\Mozilla Firefox"
2006-07-02 21:10:50 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Mozilla"
2006-07-02 21:10:02 ( .D... ) "C:\Program Files\14 Degrees East"
2006-07-02 20:58:22 ( .D... ) "C:\Program Files\DIFX"
2006-07-02 20:37:44 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-02 20:37:44 ( .D... ) "C:\Program Files\AvRack"
2006-07-02 20:37:40 ( .D... ) "C:\Program Files\Realtek AC97"
2006-07-02 20:01:16 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-02 20:00:24 ( .D... ) "C:\Program Files\NVIDIA Corporation"
2006-07-02 19:57:06 ( .D... ) "C:\Program Files\WinRAR"
2006-07-02 19:56:10 ( .D... ) "C:\Program Files\Marvell"
2006-07-02 19:56:00 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-02 19:52:06 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-02 19:52:06 ( .D... ) "C:\Documents and Settings\Administrator\Application Data\Identities"
2006-07-02 19:52:02 ( .DS.. ) "C:\Documents and Settings\Administrator\Application Data\Microsoft"
2006-07-02 19:47:08 ( .D... ) "C:\Program Files\xerox"
2006-07-02 19:47:08 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-02 19:46:52 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-02 19:45:36 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-02 19:44:58 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-02 19:44:56 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-02 19:44:46 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-02 19:44:38 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-02 19:44:36 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-02 19:44:32 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-02 19:44:30 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-02 19:44:00 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-02 19:43:44 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-02 19:43:44 ( .D... ) "C:\Program Files\Online Services"
2006-07-02 19:43:38 ( .D... ) "C:\Program Files\Messenger"
2006-07-02 19:43:34 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-02 19:43:10 ( .D... ) "C:\Program Files\Windows NT"
2006-07-02 19:43:10 ( .D... ) "C:\Program Files\MSN"
2006-07-02 15:35:46 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-02 15:35:42 ( .D... ) "C:\Program Files\Common Files"
2006-07-02 15:35:22 62 ( A.SH. ) "C:\Documents and Settings\Administrator\Application Data\desktop.ini"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvusmb.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvunrm.exe"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-29 20:41 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-29 20:41 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-28 21:12 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-28 21:12 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-28 21:03 8,192 C:\WINDOWS\system32\ssiefr.EXE
2006-07-28 21:03 684,032 C:\WINDOWS\libeay32.dll
2006-07-28 21:03 492,544 C:\WINDOWS\system32\WRLogonNtf.dll
2006-07-28 21:03 478,720 C:\WINDOWS\WRUninstall.dll
2006-07-28 21:03 17,920 C:\WINDOWS\system32\wrlzma.dll
2006-07-28 21:03 155,648 C:\WINDOWS\ssleay32.dll
2006-07-28 21:03 102,912 C:\WINDOWS\system32\islzma.dll
2006-07-28 21:02 118,784 C:\WINDOWS\system32\MSSTDFMT.DLL
2006-07-27 19:51 368,912 C:\WINDOWS\system32\vbar332.dll
2006-07-27 19:51 143,360 C:\WINDOWS\system32\Stamin32.Dll
2006-07-18 18:08 49,250 C:\WINDOWS\system32\javaw.exe
2006-07-18 18:08 49,248 C:\WINDOWS\system32\java.exe
2006-07-18 18:08 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-09 14:23 98,304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-06 17:26 231,936 C:\WINDOWS\system32\Snwvalid.dll
2006-07-06 17:26 12,800 C:\WINDOWS\system32\WING32.DLL
2006-07-06 17:26 1,022,976 C:\WINDOWS\system32\Sierranw.dll
2006-07-06 17:20 306,688 C:\WINDOWS\IsUninst.exe
2006-07-02 21:32 266,360 C:\WINDOWS\system32\TweakUI.exe
2006-07-02 21:24 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-02 21:22 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-02 21:19 18,200 C:\WINDOWS\system32\wups2.dll
2006-07-02 20:42 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-07-02 20:37 9,410,048 C:\WINDOWS\system32\RTLCPL.EXE
2006-07-02 20:37 77,824 C:\WINDOWS\SOUNDMAN.EXE
2006-07-02 20:37 40,960 C:\WINDOWS\system32\ChCfg.exe
2006-07-02 20:37 294,912 C:\WINDOWS\alcupd.exe
2006-07-02 20:37 200,704 C:\WINDOWS\alcrmv.exe
2006-07-02 20:37 156,672 C:\WINDOWS\system32\RTLCPAPI.dll
2006-07-02 19:58 454,656 C:\WINDOWS\system32\CapabilityTable.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\nvusmb.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\nvunrm.exe
2006-07-02 19:58 208,896 C:\WINDOWS\system32\NVUNINST.EXE
2006-07-02 19:57 9,728 C:\WINDOWS\system32\bdco1ins.dll
2006-07-02 19:57 9,728 C:\WINDOWS\system32\bdco1.dll
2006-07-02 19:57 32,256 C:\WINDOWS\system32\nvconrm.dll
2006-07-02 19:57 300,032 C:\WINDOWS\system32\idecoi.dll
2006-07-02 19:57 201,728 C:\WINDOWS\system32\fdco1ins.dll
2006-07-02 19:57 201,728 C:\WINDOWS\system32\fdco1.dll
2006-07-02 19:46 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-02 19:46 0 C:\MSDOS.SYS
2006-07-02 19:46 0 C:\IO.SYS
2006-07-02 19:46 0 C:\CONFIG.SYS
2006-07-02 19:46 0 C:\AUTOEXEC.BAT
2006-07-02 19:45 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-02 19:44 81,920 C:\WINDOWS\system32\isign32.dll
2006-07-02 19:44 81,920 C:\WINDOWS\system32\ils.dll
2006-07-02 19:44 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-07-02 19:44 73,728 C:\WINDOWS\system32\icwdial.dll
2006-07-02 19:44 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-02 19:44 69,632 C:\WINDOWS\system32\msconf.dll
2006-07-02 19:44 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-07-02 19:44 67,584 C:\WINDOWS\system32\srclient.dll
2006-07-02 19:44 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-07-02 19:44 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-02 19:44 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-07-02 19:44 48,128 C:\WINDOWS\system32\inetres.dll
2006-07-02 19:44 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-02 19:44 45,568 C:\WINDOWS\system32\safrslv.dll
2006-07-02 19:44 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-07-02 19:44 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-07-02 19:44 41,240 C:\WINDOWS\system32\wups.dll
2006-07-02 19:44 382,464 C:\WINDOWS\system32\qmgr.dll
2006-07-02 19:44 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-07-02 19:44 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-02 19:44 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-07-02 19:44 29,696 C:\WINDOWS\system32\safrdm.dll
2006-07-02 19:44 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-07-02 19:44 274,944 C:\WINDOWS\system32\mstask.dll
2006-07-02 19:44 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-07-02 19:44 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-07-02 19:44 239,104 C:\WINDOWS\system32\srrstr.dll
2006-07-02 19:44 22,528 C:\WINDOWS\system32\fltMc.exe
2006-07-02 19:44 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-02 19:44 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-07-02 19:44 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-02 19:44 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-02 19:44 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-02 19:44 170,496 C:\WINDOWS\system32\srsvc.dll
2006-07-02 19:44 16,896 C:\WINDOWS\system32\fltlib.dll
2006-07-02 19:44 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-02 19:44 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-02 19:44 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-02 19:44 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-02 19:44 12,288 C:\WINDOWS\system32\mstinit.exe
2006-07-02 19:44 105,984 C:\WINDOWS\system32\msoert2.dll
2006-07-02 19:44 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-02 19:43 97,792 C:\WINDOWS\system32\comrepl.dll
2006-07-02 19:43 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-07-02 19:43 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-02 19:43 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-07-02 19:43 9,728 C:\WINDOWS\system32\reset.exe
2006-07-02 19:43 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-07-02 19:43 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-02 19:43 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-02 19:43 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-02 19:43 67,072 C:\WINDOWS\system32\rdshost.exe
2006-07-02 19:43 655,360 C:\WINDOWS\system32\mstscax.dll
2006-07-02 19:43 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-07-02 19:43 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-07-02 19:43 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-02 19:43 60,416 C:\WINDOWS\system32\remotepg.dll
2006-07-02 19:43 60,416 C:\WINDOWS\system32\colbact.dll
2006-07-02 19:43 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-02 19:43 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-07-02 19:43 56,832 C:\WINDOWS\system32\sol.exe
2006-07-02 19:43 56,320 C:\WINDOWS\system32\servdeps.dll
2006-07-02 19:43 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-02 19:43 540,160 C:\WINDOWS\system32\comuid.dll
2006-07-02 19:43 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-02 19:43 538,624 C:\WINDOWS\system32\spider.exe
2006-07-02 19:43 5,632 C:\WINDOWS\system32\write.exe
2006-07-02 19:43 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-02 19:43 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-07-02 19:43 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-07-02 19:43 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-02 19:43 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-07-02 19:43 407,552 C:\WINDOWS\system32\mstsc.exe
2006-07-02 19:43 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-02 19:43 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-02 19:43 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-07-02 19:43 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-02 19:43 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-07-02 19:43 343,040 C:\WINDOWS\system32\mspaint.exe
2006-07-02 19:43 33,792 C:\WINDOWS\system32\regini.exe
2006-07-02 19:43 295,424 C:\WINDOWS\system32\termsrv.dll
2006-07-02 19:43 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-02 19:43 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-02 19:43 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-02 19:43 225,792 C:\WINDOWS\system32\catsrv.dll
2006-07-02 19:43 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-02 19:43 20,992 C:\WINDOWS\system32\msg.exe
2006-07-02 19:43 20,480 C:\WINDOWS\system32\qprocess.exe
2006-07-02 19:43 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-02 19:43 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-07-02 19:43 183,808 C:\WINDOWS\system32\accwiz.exe
2006-07-02 19:43 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-02 19:43 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-02 19:43 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-02 19:43 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-02 19:43 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-02 19:43 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-02 19:43 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-02 19:43 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-02 19:43 147,968 C:\WINDOWS\system32\rdchost.dll
2006-07-02 19:43 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-02 19:43 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-02 19:43 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-02 19:43 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-02 19:43 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-07-02 19:43 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-07-02 19:43 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-02 19:43 123,392 C:\WINDOWS\system32\mplay32.exe
2006-07-02 19:43 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-02 19:43 114,688 C:\WINDOWS\system32\calc.exe
2006-07-02 19:43 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-07-02 19:43 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-07-02 19:43 11,264 C:\WINDOWS\system32\icaapi.dll
2006-07-02 19:43 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-07-02 19:43 1,267,200 C:\WINDOWS\system32\comsvcs.dll
2006-07-02 19:43 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-02 19:42 58,880 C:\WINDOWS\system32\licwmi.dll
2006-07-02 19:42 185,344 C:\WINDOWS\system32\cmprops.dll
2006-07-02 19:42 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-07-02 15:37 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-02 15:36 74,240 C:\WINDOWS\system32\usbui.dll
2006-07-02 15:35 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-02 15:35 8,704 C:\WINDOWS\system32\batt.dll
2006-07-02 15:35 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-02 15:35 74,752 C:\WINDOWS\system32\storprop.dll
2006-07-02 15:35 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-02 15:35 69,120 C:\WINDOWS\NOTEPAD.EXE
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-02 15:35 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-02 15:35 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-02 15:35 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-02 15:35 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-02 15:35 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-02 15:35 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-02 15:35 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-02 15:35 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-02 15:31 2,145,386,496 C:\pagefile.sys
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\popo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Windows NT\\memego.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="taskswitch"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\taskswitch.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nTrayFw"
"hkey"="HKLM"
"command"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDLL32"
"hkey"="HKLM"
"command"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0213f5a.dll]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w0213f5a.dll,I2 0023829300213f5a"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlog"
"hkey"="HKLM"
"command"="winlog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wioi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wioim"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\wioi\\wioim.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxoygveA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wxoygveA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\wxoygveA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{3C-C2-22-23-ZN}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dwdsregt"
"hkey"="HKLM"
"command"="c:\\windows\\system32\\dwdsregt.exe CORN003"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Windows Overlay Components"=dword:00000002
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\svcWRSSSDK
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sat 07/29/2006 20:51:00.20
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.193511.txt
ComboFix.2006-07-29.205054.txt

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:28:03 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Administrator\Desktop\Thelas Setup\Anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889545718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889541078
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Ewido:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:26:44 PM 7/29/2006

+ Scan result:



C:\WINDOWS\system32\m8rm0i91e8.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\t0r8la9u1d.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.283:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.416:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.538:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.539:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.540:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined).
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.520:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.521:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.522:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
:mozilla.186:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
:mozilla.352:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.302:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.315:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.316:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.317:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.318:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.502:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.503:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.504:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.507:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).
:mozilla.387:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.239:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k3j9fe3v.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.205:C:\Documents and Settings\

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 30 July 2006 - 04:37 AM

Hello,

You forgot this step, or didn't perform it properly.:

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Uncheck and delete everything you find in there. (except for "My current home page")
Hit ok below > apply in previous window.


Check and fix next entries in hijackthis again:

R3 - Default URLSearchHook is missing
O20 - AppInit_DLLs: repairs303169590.dll


Not sure if you forgot that step previously or not, and when you get an error after clicking the 'fix checked' button below in hijackthis, just click ok at the prompt and rescan with hijackthis and make sure above entries are gone.

Now I can also see the full log from combofix, because it was cut off before.
I see you disabled a lot of startupentries previously. Bad startupentries needs to get deleted, not disabled, because when you disable, the malware is still on the system.
So perform next to delete these entries..

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0213f5a.dll]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlog]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wioi]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxoygveA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{3C-C2-22-23-ZN}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Windows Overlay Components"=-
"Network Monitor"=-
"cmdService"=-

Save this as fix2.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Then go to start > run and copy and paste next commands in the field:

sc delete cmdservice Hit enter

sc delete "Windows Overlay Components" Hit enter

sc delete "Network Monitor" Hit enter

I also see that you didn't perform the Online Panda scan. I really need that log. So perform the Panda online scan and post the log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 30 July 2006 - 01:10 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:08:07 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\Thelas Setup\Anti-spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889545718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1151889541078
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

And now for the Panda:


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log


Now matter how hard I try, I can't find the Ssk.log file that it's talking about. Even did a full system search with system files included in the search, and nothing. I manualy checked the Temporary Internet Files folder as well for the Ssk.log file, and still nothing.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 30 July 2006 - 02:01 PM

Hello,

Yes, it's possible you can't find the Ssk.log, but an alternative way to get rid of it is performing next:

* Open hijackthis, click 'config' (bottom right)
Choose the tab 'misc Tools' on top.
Choose 'delete a file on reboot'
In the field, copy and paste next:

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Ssk.log

Click open.
Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/ok
Your system should reboot now.

Your hijackthislog looks clean again. How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 Keserian

Keserian
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:57 AM

Posted 30 July 2006 - 02:33 PM

Thanks, it's no longer appearing in any of the scans. And my comp is working perfectly, thanks for your help.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 30 July 2006 - 02:36 PM

Glad I could help. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Also read: Simple and easy ways to keep your computer safe and secure on the Internet

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:57 PM

Posted 30 July 2006 - 05:12 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users