Something with Registry

Computing.Net > Forums > Security and Virus > Something with Registry

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Something with Registry

Name: Boogyman
Date: May 4, 2007 at 16:53:26 Pacific
OS: Win Xp Pro
CPU/Ram: E6300 / 1 GB
Product: Myself

Comment:

Well, I was just removing spyware and installing programs when something happened. I no longer have to ability to click shutdown in my startmenu and I don't have the run command either. I don't know if this is a virus or third-party program but I can still access both while using the program Process Explorer. I've tried to enable the services but they are still disabled.
Intel E6300 Core 2 Duo
G.Skill 1GB DDR26400
Sapphire Radeon X1900XT
Seagate 320GB HDD
Windows XP Professional

Sponsored Link

Ads by Google

Response Number 1

Name: Tufenuf
Date: May 4, 2007 at 19:29:02 Pacific

Reply:

Boogyman, Go to the link below and on line 57 (right column) click on "Restore the Run Command" to download a reg fix. Also do the same on line 267 (left column) click on "Restore "Turn Off and Log Off" - Start Menu to download a reg fix.
Save the REG Files to your hard disk. Double click each one and answer yes to the import prompt. After this is completed restart your computer.
http://www.kellys-korner-xp.com/xp_...
Tufenuf

Response Number 2

Name: jabuck
Date: May 4, 2007 at 19:32:22 Pacific

Reply:

This regedit may get them back for you, but you problem have a virus causing the problem.
Post a Hijack This log if you want.
Open notepad (Start Menu > Run > Type notepad and press "ok".
Copy and paste everything into notepad between the x's making regedit4 the top line.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoClose"=dword:0000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoLogOff"=dword:0000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRun"=dword:00000000
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it Fix.reg then save it to your desktop.
Double click Fix.reg (or right click and choose Merge) and it will ask if you want to merge the contents into the registry, choose Yes.

Response Number 3

Name: jabuck
Date: May 4, 2007 at 19:33:52 Pacific

Reply:

Reboot the computer after you do the registry edit.

Response Number 4

Name: Boogyman
Date: May 5, 2007 at 12:11:28 Pacific

Reply:

Thanks...worked like a charm, however, everytime I open Internet Explorer my Anti-virus pops up telling me that C:\Windows\temp\$_3472452.tmp is infected with Win32/PSW.Sinowal.NAN trojan. Then it gives me a comment saying "Event occurred on a new file created by the application: C:\Windows\System32\svchost.exe. The file was moved to quarantine. You may close this window.
Intel E6300 Core 2 Duo
G.Skill 1GB DDR26400
Sapphire Radeon X1900XT
Seagate 320GB HDD
Windows XP Professional

Response Number 5

Name: jabuck
Date: May 5, 2007 at 12:45:00 Pacific

Reply:

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified.
Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

0516-034 driver cache fltmgr.sys	disdn alcrmv.exe mshearts.exe
See More

Response Number 6

Name: Boogyman
Date: May 7, 2007 at 11:16:33 Pacific

Reply:

I'm pretty familiar with the program Hijackthis so I already did a scan a few days ago, but this is a scan from just now, perhaps I missed something.
Logfile of HijackThis v1.99.1
Scan saved at 2:15:03 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDFEB43C-8121-4A8A-B38B-96DF1533C7A5}: NameServer = 205.152.132.23,205.152.37.23
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Also, im about to run SmitfraudFix...I will give the results of that.
Intel E6300 Core 2 Duo
G.Skill 1GB DDR26400
Sapphire Radeon X1900XT
Seagate 320GB HDD
Windows XP Professional

Response Number 7

Name: Boogyman
Date: May 7, 2007 at 11:33:36 Pacific

Reply:

Ok, here is the log from SmitfraudFix:
SmitFraudFix v2.176
Scan done at 14:32:15.31, Mon 05/07/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
Intel E6300 Core 2 Duo
G.Skill 1GB DDR26400
Sapphire Radeon X1900XT
Seagate 320GB HDD
Windows XP Professional

Response Number 8

Name: jabuck
Date: May 7, 2007 at 14:16:26 Pacific

Reply:

There are some smitrem files still on your computer and you should do some cleanup if you have not done so.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.
Run Hijack this in normal mode, close all windows and browsers except Hijack This, place a check to the left of the following it and press "fix checked":
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.exe
Exit Hijack This.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download and install AVG Anti-Spyware We will need this later in safe mode
Be sure to update AVG Anti- Spyware
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Next, please reboot into safe mode again.
Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces and the AVG Anti Spyware report.
. You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Response Number 9

Name: Boogyman
Date: May 8, 2007 at 18:06:41 Pacific

Reply:

AVG Anti-Spyware - Scan Report

+ Created at: 8:59:25 PM 5/8/2007
+ Scan result:
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\d1obiqv3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end
SmitFraudFix v2.176
Scan done at 18:59:18.89, Tue 05/08/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDFEB43C-8121-4A8A-B38B-96DF1533C7A5}: NameServer=205.152.132.23,205.152.37.23
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDFEB43C-8121-4A8A-B38B-96DF1533C7A5}: NameServer=205.152.132.23,205.152.37.23
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BDFEB43C-8121-4A8A-B38B-96DF1533C7A5}: NameServer=205.152.132.23,205.152.37.23
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDFEB43C-8121-4A8A-B38B-96DF1533C7A5}: NameServer=205.152.132.23,205.152.37.23

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

"Administrator" - 2007-05-08 21:00:33 Service Pack 2 [SAFE MODE]
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Administrator\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

2007-05-08 19:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-08 14:16 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-05-07 14:19 1,546 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-05 16:18 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Wal-Mart Digital Photo Viewer
2007-05-05 15:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-05 10:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-05-04 20:10 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\Move Networks
2007-05-04 19:46 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-05-04 19:40 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-05-04 19:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-04 19:11 1,076 ---hs---- C:\WINDOWS\system32\gebcd.exe
2007-05-04 19:05 <DIR> d-------- C:\WINDOWS\Web Download
2007-05-04 18:56 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe
2007-05-04 18:56 69,632 --------- C:\WINDOWS\soundman.exe
2007-05-04 18:56 57,344 --a------ C:\WINDOWS\ALCXMNTR.exe
2007-05-04 18:56 40,448 --------- C:\WINDOWS\system32\ChCfg.exe
2007-05-04 18:56 208,896 --------- C:\WINDOWS\alcupd.exe
2007-05-04 18:56 2,279,424 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-05-04 18:56 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-05-04 18:56 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-05-04 18:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-04 18:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-05-04 18:50 <DIR> d-------- C:\Program Files\Yahoo!
2007-05-04 18:50 <DIR> d-------- C:\Program Files\CCleaner
2007-05-04 18:42 <DIR> d-------- C:\Program Files\DAMN NFO Viewer
2007-05-03 14:43 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-05-03 14:43 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
2007-05-03 14:43 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
2007-05-03 14:43 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
2007-05-03 14:43 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2007-05-03 14:41 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-05-03 14:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SlySoft
2007-05-03 14:38 456,768 -ra------ C:\WINDOWS\system32\drivers\WPN311.sys
2007-05-03 14:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-01 09:38 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-04-30 20:42 31,744 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-30 20:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-30 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-04-30 19:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-04-30 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-04-30 17:26 <DIR> d-------- C:\Program Files\DVD Shrink
2007-04-30 17:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-04-30 13:10 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-04-30 13:04 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-04-30 13:04 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-04-30 13:04 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-04-30 13:01 81,136 --a------ C:\WINDOWS\system32\adwfil.dll
2007-04-30 13:01 592 --a------ C:\WINDOWS\system32\snetfil.dll
2007-04-30 13:01 5,180 --a------ C:\WINDOWS\system32\iawfil.dll
2007-04-30 13:01 400 --a------ C:\WINDOWS\bsnlst.dll
2007-04-30 13:01 4,826 --a------ C:\WINDOWS\system32\vgamfil.dll
2007-04-30 13:01 4,442 --a------ C:\WINDOWS\system32\hatfil.dll
2007-04-30 13:01 334,174 --a------ C:\WINDOWS\sqlite3.dll
2007-04-30 13:01 306 --a------ C:\WINDOWS\system32\picsfil.dll
2007-04-30 13:01 3,818 --a------ C:\WINDOWS\system32\viofil.dll
2007-04-30 13:01 3,444 --a------ C:\WINDOWS\system32\srchin.dll
2007-04-30 13:01 28 --a------ C:\WINDOWS\liccyval.dat
2007-04-30 13:01 258 --a------ C:\WINDOWS\system32\srchout.dll
2007-04-30 13:01 2,902 --a------ C:\WINDOWS\system32\lgwfil.dll
2007-04-30 13:01 159,744 --a------ C:\WINDOWS\system32\lspcs.dll
2007-04-30 13:01 13,034 --a------ C:\WINDOWS\system32\gblfil.dll
2007-04-30 13:01 121,856 --a------ C:\WINDOWS\system32\mslspc.exe
2007-04-30 13:01 11,264 --a------ C:\WINDOWS\system32\Sporder.dll
2007-04-30 13:01 10,834 --a------ C:\WINDOWS\system32\chtfil.dll
2007-04-30 13:01 1,830 --a------ C:\WINDOWS\system32\cultfil.dll
2007-04-30 13:01 1,352 --a------ C:\WINDOWS\system32\gdwfil.dll
2007-04-30 13:01 1,100 --a------ C:\WINDOWS\system32\imgfil.dll
2007-04-30 13:01 <DIR> d-a------ C:\WINDOWS\system32\Logs
2007-04-30 13:01 <DIR> d-------- C:\WINDOWS\NISDocs
2007-04-30 12:55 <DIR> d-------- C:\Program Files\uTorrent
2007-04-30 12:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-04-30 12:51 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-30 12:46 <DIR> d-------- C:\WINDOWS\pss
2007-04-30 11:24 <DIR> d--hs---- C:\RECYCLER
2007-04-30 10:30 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-30 08:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-04-30 08:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-30 08:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-28 18:27 241,664 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-28 18:27 241,664 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-28 18:27 2,097,152 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-28 18:27 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-28 18:24 241,664 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-28 18:24 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-28 18:24 0 -rahs---- C:\MSDOS.SYS
2007-04-28 18:24 0 -rahs---- C:\IO.SYS
2007-04-28 18:24 0 --a------ C:\CONFIG.SYS
2007-04-28 18:24 0 --a------ C:\AUTOEXEC.BAT
2007-04-28 18:23 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-28 18:23 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-28 18:23 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-28 18:23 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-28 18:23 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-28 18:22 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-28 18:22 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-28 18:22 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-28 18:22 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-28 18:22 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-28 18:22 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-28 18:22 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-28 18:22 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-28 18:22 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-28 18:22 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-28 18:22 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-28 18:22 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-28 18:22 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-28 18:22 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-28 18:22 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-28 18:22 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-28 18:22 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-28 18:22 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-28 18:22 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-28 18:22 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-28 18:22 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-28 18:22 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-28 18:22 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-28 18:22 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-28 18:22 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-28 18:22 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-28 18:22 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-28 18:22 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-28 18:22 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-28 18:22 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-28 18:22 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-28 18:22 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-28 18:22 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-28 18:22 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-28 18:22 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-28 18:22 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-28 18:22 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-28 18:22 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-28 18:22 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-28 18:22 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-28 18:22 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-28 18:22 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-28 18:22 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-28 18:22 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-28 18:22 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-28 18:22 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-28 18:22 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-28 18:22 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-28 18:22 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-28 18:22 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-28 18:22 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-28 18:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-28 18:21 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-04-28 18:21 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-28 18:21 <DIR> d-------- C:\WINDOWS\Registration
2007-04-28 18:21 <DIR> d-------- C:\Program Files\Online Services
2007-04-28 18:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-28 18:21 <DIR> d-------- C:\Program Files\Messenger
2007-04-28 18:20 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-28 18:20 946,448 --a------ C:\WINDOWS\system32\calc.exe
2007-04-28 18:20 945,152 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-28 18:20 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-28 18:20 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-28 18:20 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-28 18:20 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-28 18:20 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-28 18:20 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-28 18:20 753,664 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-28 18:20 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-28 18:20 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-28 18:20 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-28 18:20 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-28 18:20 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-28 18:20 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-28 18:20 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-28 18:20 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-28 18:20 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-28 18:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-28 18:20 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-28 18:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-28 18:20 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-28 18:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-28 18:20 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-28 18:20 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-28 18:20 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-28 18:20 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-28 18:20 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-28 18:20 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-28 18:20 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-28 18:20 420,352 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-28 18:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-28 18:20 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-28 18:20 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-28 18:20 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-28 18:20 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-28 18:20 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-28 18:20 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-28 18:20 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-28 18:20 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-28 18:20 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-28 18:20 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-28 18:20 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-28 18:20 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-28 18:20 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-28 18:20 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-28 18:20 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-28 18:20 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-28 18:20 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-28 18:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-28 18:20 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-28 18:20 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-28 18:20 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-28 18:20 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-28 18:20 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-28 18:20 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-28 18:20 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-28 18:20 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-28 18:20 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-28 18:20 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-28 18:20 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-28 18:20 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-28 18:20 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-28 18:20 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-28 18:20 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-28 18:20 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-28 18:20 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-28 18:20 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-28 18:20 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-28 18:20 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-28 18:20 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-28 18:20 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-28 18:20 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-28 18:20 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-28 18:20 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-28 18:20 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-28 18:20 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-28 18:20 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-28 18:20 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-28 18:20 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-28 18:20 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-28 18:20 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-28 18:20 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-28 18:20 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-28 18:20 <DIR> d-------- C:\Program Files\Windows NT
2007-04-28 17:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-28 17:02 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-28 17:02 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-04-28 17:01 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-28 17:00 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-28 16:58 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-28 16:58 <DIR> d-------- C:\Program Files\Trillian Pro
2007-04-28 16:58 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-28 16:57 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2007-04-28 16:57 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-04-28 16:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-28 16:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-28 16:57 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-28 16:57 3,286 --a------ C:\WINDOWS\mozver.dat
2007-04-28 16:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-28 16:57 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-28 16:57 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-04-28 16:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-28 16:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-28 16:57 <DIR> d-------- C:\Program Files\CyberLink
2007-04-28 16:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-28 16:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-28 16:57 <DIR> d-------- C:\Program Files\Ahead
2007-04-28 16:56 <DIR> d-------- C:\Program Files\MagicISO
2007-04-28 16:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-28 16:56 <DIR> d-------- C:\Program Files\Jasc Software Inc
2007-04-28 16:56 <DIR> d-------- C:\Program Files\Google
2007-04-28 16:56 <DIR> d-------- C:\Program Files\DVD2one
2007-04-28 16:56 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-04-28 16:55 843,776 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-28 16:55 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-28 16:55 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-28 16:55 245,408 --a------ C:\WINDOWS\system32\unicows.dll
2007-04-28 16:55 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-28 16:55 2,024,448 --a------ C:\WINDOWS\system32\divx.dll
2007-04-28 16:55 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
2007-04-28 16:55 157,696 --a------ C:\WINDOWS\system32\unrar.dll
2007-04-28 16:55 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2007-04-28 16:55 1,024,000 --a------ C:\WINDOWS\system32\3ivx.dll
2007-04-28 16:55 <DIR> d-------- C:\Program Files\Real Alternative
2007-04-28 16:55 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-04-28 16:55 <DIR> d-------- C:\Program Files\Media Player Classic
2007-04-28 16:55 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-04-28 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-04-28 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-28 16:55 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-04-28 16:54 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-28 16:54 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-28 16:54 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-28 16:54 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-28 16:54 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-28 16:54 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-28 16:54 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-28 16:54 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-28 16:54 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-28 16:54 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-28 16:54 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-28 16:54 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-28 16:54 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-28 16:54 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-28 16:54 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-28 16:54 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-28 16:54 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-28 16:54 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-28 16:47 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-04-28 16:44 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-04-28 11:11 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-28 11:11 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-28 11:11 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-28 11:11 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-28 11:11 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-28 11:11 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-28 11:11 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-28 11:11 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-28 11:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-28 11:11 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-28 11:11 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-28 11:11 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-28 11:08 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-28 11:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-28 11:08 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-28 11:08 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-28 11:08 46,464 --a------ C:\WINDOWS\system32\drivers\GAGP30KX.SYS
2007-04-28 11:08 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-04-28 11:08 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-28 11:08 145,920 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-28 11:08 1,897,408 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-28 11:08 <DIR> d-------- C:\WINDOWS\SiS
2007-04-28 11:06 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-28 11:06 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-28 11:06 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-28 11:06 <DIR> dr------- C:\Program Files
2007-04-28 11:06 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-28 11:06 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-28 11:06 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-28 11:05 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-28 11:05 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-28 11:05 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-28 11:05 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-28 11:05 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-28 11:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-28 11:05 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-28 11:05 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-28 11:05 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-28 11:05 69,120 --a------ C:\WINDOWS\NOTEPAD.exe
2007-04-28 11:05 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-28 11:05 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-28 11:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-28 11:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-28 11:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-28 11:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-28 11:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-28 11:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-28 11:05 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-28 11:05 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-28 11:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-28 11:05 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-28 11:05 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-28 11:05 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-28 11:05 15,360 --a------ C:\WINDOWS\TASKMAN.exe
2007-04-28 11:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-28 11:05 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-28 11:05 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-28 11:05 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-28 11:05 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-28 11:05 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-28 11:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-28 11:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-28 11:04 917,504 --a------ C:\WINDOWS\system\cmids3d.dll
2007-04-28 11:04 815,296 --a------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-04-28 11:04 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-04-28 11:04 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-28 11:04 32,768 --a------ C:\WINDOWS\system32\udaprop.dll
2007-04-28 11:04 28,672 --a------ C:\WINDOWS\system32\cmirmdrv.dll
2007-04-28 11:04 233,472 --a------ C:\WINDOWS\system32\cmirmdrv.exe
2007-04-28 11:04 147,456 --a------ C:\WINDOWS\system32\cmuda.dll
2007-04-28 11:04 1,458,176 --a------ C:\WINDOWS\system\SmWizard.exe
2007-04-28 11:03 48,128 --a------ C:\WINDOWS\system32\drivers\SiSRaid.sys
2007-04-28 11:03 32,768 --a------ C:\WINDOWS\system32\drivers\sisnicxp.sys
2007-04-28 11:03 135,168 --a------ C:\WINDOWS\system32\property.dll
2007-04-28 11:02 36,352 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-04-28 11:02 <DIR> d--hs---- C:\System Volume Information
2007-04-28 11:02 <DIR> d-------- C:\Documents and Settings
2007-04-28 10:57 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-28 10:57 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-28 10:57 <DIR> dr------- C:\WINDOWS\Web
2007-04-28 10:57 <DIR> d--h----- C:\WINDOWS\inf
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system32
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\system
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\security
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Resources
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\repair
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\mui
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\msapps
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\msagent
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Media
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\ime
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Help
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\ehome
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Debug
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\Config
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS\addins
2007-04-28 10:57 <DIR> d-------- C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-15 22:42:09 77,000 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-02-28 23:05:26 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoClose"=dword:00000000
"NoLogOff"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs
"C:\Program Files\Messenger\msmsgs.exe" /background
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck
C:\WINDOWS\system32\NeroCheck.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 21:01:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************
Completion time: 2007-05-08 21:01:15
C:\ComboFix-quarantined-files.txt ... 2007-05-08 21:01
C:\ComboFix2.txt ... 2007-05-05 15:58

Intel E6300 Core 2 Duo
G.Skill 1GB DDR26400
Sapphire Radeon X1900XT
Seagate 320GB HDD
Windows XP Professional

Response Number 10

Name: jabuck
Date: May 8, 2007 at 19:02:37 Pacific

Reply:

Set up the computer to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside "show hidden files and folders" and untick the box beside "hide extensions of known file types" and "hide protected system operating files">apply>ok.
Reboot into safe mode.
Navigate to and delete this file if found:
C:\WINDOWS\system32\gebcd.exe
Reboot to normal mode, rehide the hidden files.
You should run a check for Vundo to be on the safe side. Please download VundoFix.exe to your C:\.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Post the log located at C:Vundofix.txt.

Sponsored Link

Ads by Google

Big Problem

A Virus or Something.

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Something with Registry

So many problems with computer, virus =.

Summary

www.computing.net/answers/security/so-many-problems-with-computer-virus-/27965.html

What to delete with Ad-aware

Summary

www.computing.net/answers/security/what-to-delete-with-adaware/6547.html

spyblaster, registry keys, AWTool

Summary

www.computing.net/answers/security/spyblaster-registry-keys-awtool/15442.html

From the Geek Dictionary
SSD - Solid State Drive - A disk drive that is made from flash memory, like memor...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Completely deleting a rootkit REG key

@Justin: Subject Line Code

I need mega help

hotmail log on

lower ping

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE