WARNING! Win32/Adware/Virtumonde [CLOSED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

WARNING! Win32/Adware/Virtumonde [CLOSED]

Options

SkyeBTCH View Member Profile	Aug 29 2008, 01:03 PM Post #1
New Member Posts: 6 OS: Windows XP Pro	Hi, this is my first time here so I'm not too sure if this is the section where this is going to go... but anyways just recently... (this morning) i restarted my computer up after doing a disk defrag with Tune Up Tools, and i got this message as my wallpaper, Warning! Win32/Adware.Virtumonde has been deteced : Danger and another one... i looked all over the web to find some clues on how to remove it, they all lead to finding the process', registry, and DLL's, i don't know how to even do all the steps they gave out, and the sites told me that if i can't understand how to do all the steps, i should use the SpyHunter3 program, i did but nothing changed.... eventually i popped up onto this site and found that someone else has the same problem as me... SO! heres my hjt log, hope you guys can help me here. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:03:19 PM, on 8/29/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal (Unable to list running processes) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://video.msn.com/video.aspx?mkt=en-ca&...1317&fg=rss F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\taskrgm.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340" O4 - HKLM\..\Run: [KONICA MINOLTA magicolor 2400W STD] C:\WINDOWS\system32\MSTMON_S.EXE STARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [lphc32hj0ep9g] C:\WINDOWS\system32\lphc32hj0ep9g.exe O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220011636636 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1220011371995 O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: rqRJCSMc - C:\WINDOWS\ O20 - Winlogon Notify: winkrg32 - winkrg32.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 11390 bytes

Rorschach112 View Member Profile	Aug 29 2008, 03:32 PM Post #2
GeekU Teacher Posts: 19,711 From: Dublin OS: XP	Hello CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES Please go here: The Spy Killer Forum Click on "New Topic" Put your name, e-mail address, and this as the title: "C:\WINDOWS\system32\taskrgm.exe" Put a link to this topic in the description box. Then next to the file box, at the bottom, click the browse button, then navigate to this file: C:\WINDOWS\system32\taskrgm.exe Click Open. Click Post. Thank you! Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Rorschach112 View Member Profile	Aug 30 2008, 05:17 AM Post #3
GeekU Teacher Posts: 19,711 From: Dublin OS: XP	Do this Now we need to reconfigure Windows XP to show hidden files: Double-click the My Computer icon on the Windows desktop. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select "Show hidden files and folders". Uncheck the "Hide protected operating system files (recommended)" option. Uncheck the "Hide file extensions for known file types" option. Click Yes to confirm. Click OK. Then try find it again

SkyeBTCH View Member Profile	Aug 30 2008, 11:07 AM Post #4
New Member Posts: 6 OS: Windows XP Pro	Sorry, but I did all that, but I still can't find it...

Rorschach112 View Member Profile	Aug 30 2008, 12:24 PM Post #5
GeekU Teacher Posts: 19,711 From: Dublin OS: XP	Go and run ComboFix

SkyeBTCH View Member Profile	Aug 31 2008, 10:16 PM Post #6
New Member Posts: 6 OS: Windows XP Pro	heres the combofix log ComboFix 08-08-29.02 - Skye 2008-08-29 23:28:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.487 [GMT -4:00] Running from: C:\Documents and Settings\Skye\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Skye\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\Documents and Settings\Printer\Application Data\macromedia\Flash Player\#SharedObjects\PS2CN3BE\static.youku.com C:\Documents and Settings\Printer\Application Data\macromedia\Flash Player\#SharedObjects\PS2CN3BE\static.youku.com\v\swf\qplayer.swf\youku.sol C:\Documents and Settings\Printer\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com C:\Documents and Settings\Printer\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\bin.clearspring.com C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\static.youku.com C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\static.youku.com\v1.0.0288\v\swf\qplayer.swf\qplayer.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\static.youku.com\v1.0.0290\v\swf\qplayer.swf\qplayer.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\#SharedObjects\WAK545FE\static.youku.com\v1.0.0291\v\swf\qplayer.swf\qplayer.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com C:\Documents and Settings\Skye\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol C:\Documents and Settings\Skye\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\Documents and Settings\Skye\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat C:\Documents and Settings\Skye\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe C:\Program Files\Internet Explorer\setupapi.dll C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\blphc32hj0ep9g.scr C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\phc32hj0ep9g.bmp C:\WINDOWS\system32\winitn.dll C:\WINDOWS\system32\yayyVllM.dll C:\WINDOWS\Temp\1027176185.exe C:\WINDOWS\Temp\1101337142.exe C:\WINDOWS\Temp\1157689012.exe C:\WINDOWS\Temp\1316892191.exe C:\WINDOWS\Temp\1420974817.exe C:\WINDOWS\Temp\1745585898.exe C:\WINDOWS\Temp\85062374.exe C:\WINDOWS\Temp\95080989.exe F:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FCI -------\Legacy_ICF -------\Service_FCI -------\Service_ICF ((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))) . 2008-08-29 15:02 . 2008-08-29 15:02 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-29 10:12 . 2008-08-29 10:12 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-08-29 10:06 . 2008-08-29 10:06 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\Windows Search 2008-08-29 08:09 . 2008-08-29 08:09 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-08-29 08:09 . 2008-08-29 08:09 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared 2008-08-29 08:08 . 2004-03-03 13:02 163,840 --a------ C:\WINDOWS\system32\nvumpu.exe 2008-08-29 08:07 . 2008-08-29 08:07 <DIR> d-------- C:\NVIDIA 2008-08-29 03:35 . 2008-08-29 03:35 2 --a------ C:\546071056 2008-08-29 03:35 . 2008-08-29 03:35 0 --a------ C:\d1.exe 2008-08-29 03:34 . 2008-08-29 03:34 34,816 --a------ C:\accq.exe 2008-08-29 01:52 . 2008-08-29 01:53 <DIR> d-------- C:\Program Files\The Rosetta Stone 2008-08-29 01:44 . 2008-08-29 01:45 <DIR> d-------- C:\Program Files\MagicISO 2008-08-29 01:43 . 2008-08-29 01:43 <DIR> d-------- C:\Program Files\7-Zip 2008-08-29 01:12 . 2008-08-29 01:27 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2008-08-28 21:58 . 2008-08-28 21:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\Windows Desktop Search 2008-08-28 21:56 . 2008-08-28 21:56 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-08-28 21:56 . 2008-08-28 21:56 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-08-28 21:53 . 2008-03-07 13:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-08-28 21:53 . 2008-03-07 13:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-08-28 21:53 . 2008-03-07 13:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-08-28 21:48 . 2008-07-22 10:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb 2008-08-28 21:48 . 2008-07-22 10:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb 2008-08-28 21:48 . 2008-07-22 10:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb 2008-08-27 23:37 . 2008-08-29 05:20 <DIR> d-------- C:\Program Files\Internet Download Manager 2008-08-27 23:37 . 2008-08-29 05:20 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\DMCache 2008-08-25 23:05 . 2008-08-29 01:10 45 --a------ C:\TEST.XML 2008-08-25 09:16 . 2008-08-25 09:16 <DIR> d-------- C:\WINDOWS\system32\unknown 2008-08-22 22:43 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll 2008-08-22 22:43 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll 2008-08-22 22:43 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll 2008-08-22 22:42 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll 2008-08-22 22:42 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll 2008-08-22 22:42 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll 2008-08-19 20:52 . 2008-08-19 20:52 92 --a------ C:\WINDOWS\mp3wavcon.ini 2008-08-19 20:38 . 2008-08-19 20:52 <DIR> d-------- C:\My Music 2008-08-19 20:37 . 2008-08-19 20:37 <DIR> d-------- C:\Program Files\HiFisoftware 2008-08-19 20:37 . 2003-12-15 12:43 1,871,872 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll 2008-08-19 20:37 . 2003-12-08 12:19 425,984 --a------ C:\WINDOWS\system32\NCTAudioTransform2.dll 2008-08-19 20:37 . 2004-12-01 14:43 315,392 --a------ C:\WINDOWS\system32\NCTAudioPlayer2.dll 2008-08-19 03:21 . 2008-08-29 03:41 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\BitTorrent 2008-08-19 03:20 . 2008-08-29 23:23 <DIR> d-------- C:\Program Files\DNA 2008-08-19 03:20 . 2008-08-19 03:20 <DIR> d-------- C:\Program Files\BitTorrent 2008-08-19 03:20 . 2008-08-29 23:44 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\DNA 2008-08-18 23:54 . 2008-08-18 23:54 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-08-18 23:54 . 2008-08-18 23:54 <DIR> d-------- C:\WINDOWS\system32\en 2008-08-18 23:54 . 2008-08-18 23:54 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-18 23:54 . 2008-08-18 23:54 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-18 23:49 . 2008-08-18 23:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-18 23:41 . 2008-08-28 21:58 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-08-18 23:24 . 2008-04-13 20:12 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll 2008-08-18 23:23 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2008-08-18 23:22 . 2008-04-13 20:11 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll 2008-08-18 16:50 . 2008-08-18 16:50 <DIR> d-------- C:\Program Files\MSECache 2008-08-15 15:38 . 2008-08-15 15:38 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-14 03:15 . 2008-08-14 03:16 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-08-14 03:15 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-08-14 03:11 . 2008-08-14 03:11 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\TuneUp Software 2008-08-14 03:11 . 2008-08-14 03:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-08-14 03:10 . 2008-08-14 03:16 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-08-14 03:07 . 2008-08-14 03:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-13 03:24 . 2008-04-11 15:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-12 03:58 . 2008-08-12 03:59 <DIR> d-------- C:\Program Files\Windows Live Safety Center 2008-08-10 00:22 . 2008-08-10 00:22 <DIR> d-------- C:\Program Files\TGTSoft 2008-08-09 03:47 . 2008-08-09 03:47 <DIR> d-------- C:\Program Files\iPod 2008-08-07 21:07 . 2008-08-15 01:33 <DIR> d-------- C:\Program Files\Google 2008-08-06 23:35 . 2008-08-06 23:35 <DIR> d-------- C:\Program Files\Seagate 2008-08-06 23:35 . 2008-08-06 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Seagate 2008-08-06 23:34 . 2008-08-06 23:34 <DIR> d-------- C:\Program Files\MSXML 6.0 2008-08-06 01:20 . 2008-08-06 01:20 152,920 --a------ C:\WINDOWS\system32\vghd.scr 2008-08-06 01:19 . 2008-08-06 01:26 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\vghd 2008-08-06 01:11 . 2008-08-06 01:11 <DIR> d-------- C:\Program Files\Common Files\Totem Shared 2008-08-06 01:11 . 2008-08-06 01:12 4 --a------ C:\WINDOWS\info147.sys 2008-08-05 01:20 . 2008-08-05 01:20 <DIR> d---s---- C:\Documents and Settings\Skye\UserData 2008-07-31 16:27 . 2008-08-10 23:46 <DIR> d-------- C:\SKYE (F) 2008-07-31 13:37 . 2008-08-14 15:00 <DIR> d-------- C:\Program Files\lg_fwupdate 2008-07-31 13:37 . 1998-07-22 00:00 102,160 --a------ C:\WINDOWS\system32\VB6KO.DLL 2008-07-31 13:37 . 2008-08-14 15:00 0 --a------ C:\WINDOWS\lgfwup.ini 2008-07-31 13:34 . 2008-08-03 01:02 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\AdobeUM 2008-07-31 07:49 . 2008-07-31 07:49 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\Ashampoo 2008-07-31 07:49 . 2008-07-31 07:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ashampoo 2008-07-31 03:42 . <DIR> C:\Program Files\xyr0x Security 2008-07-31 00:30 . 2008-07-31 00:30 <DIR> d-------- C:\Program Files\Rapid Hacker 2008-07-31 00:22 . 2008-07-31 00:23 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-07-29 14:20 . 2008-07-29 14:20 <DIR> d-------- C:\Program Files\Gpotato 2008-07-29 04:57 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2008-07-29 04:55 . 2008-07-29 04:56 <DIR> d--h----- C:\WINDOWS\msdownld.tmp 2008-07-29 02:29 . 2008-07-29 02:29 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-07-29 02:23 . 2008-07-29 02:23 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-07-29 02:23 . 2008-07-29 02:23 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-07-29 02:23 . 2008-07-29 02:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-07-29 02:23 . 2008-07-29 02:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-07-29 01:23 . 2008-07-29 01:23 <DIR> d-------- C:\WINDOWS\Logs 2008-07-22 20:18 . 2008-07-22 20:18 80,642 -----c--- C:\WINDOWS\system32\dllcache\apps.chm 2008-07-22 20:14 . 2008-07-22 20:14 218,362 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb 2008-07-13 05:42 . 2008-07-13 05:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd 2008-07-13 05:41 . 2008-08-29 23:52 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-07-13 05:41 . 2008-08-29 23:52 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-07-13 05:39 . 2008-08-29 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-07-13 05:39 . 2008-08-29 23:45 6,562,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-07-13 05:39 . 2008-08-29 23:45 1,187,872 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-07-13 05:39 . 2008-08-29 23:45 53,396 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-07-13 05:39 . 2008-08-29 23:45 6,188 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-07-13 05:32 . 2008-07-13 05:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-07-13 05:14 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll 2008-07-13 05:13 . 2008-07-13 05:15 <DIR> d-------- C:\Program Files\Common Files\Logishrd 2008-07-13 05:13 . 2008-07-13 05:13 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\InstallShield 2008-07-07 16:26 . 2008-07-07 16:26 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-07-02 02:28 . 2008-07-02 02:28 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\vlc 2008-07-02 02:18 . 2008-07-02 02:18 <DIR> d-------- C:\Program Files\VideoLAN 2008-07-01 04:00 . 2008-07-01 04:15 <DIR> d-------- C:\VideoConvert 2008-07-01 03:59 . 2008-07-01 03:59 <DIR> d-------- C:\Program Files\OJOsoft 2008-07-01 03:50 . 2008-07-01 03:50 <DIR> d-------- C:\Program Files\AML Products 2008-07-01 03:50 . 2008-07-01 03:50 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll 2008-07-01 03:50 . 2002-01-05 06:48 974,848 --a------ C:\WINDOWS\system32\mfc70.dll 2008-07-01 03:50 . 2008-07-01 03:50 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll 2008-07-01 03:50 . 2008-07-01 03:50 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll 2008-07-01 03:50 . 2003-08-07 14:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll 2008-07-01 03:50 . 2008-07-01 03:50 90,112 --a------ C:\WINDOWS\system32\agsaami.dll 2008-07-01 03:50 . 2008-07-01 03:50 53,760 --a------ C:\WINDOWS\system\ppacklib.dll 2008-07-01 03:50 . 2005-06-21 17:48 1 --a------ C:\WINDOWS\sslzdlt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-29 18:34 --------- d-----w C:\Program Files\SetUp 2008-08-29 12:09 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-29 07:35 --------- d-----w C:\Program Files\Opera 2008-08-29 05:07 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-08-29 04:53 --------- d-----w C:\Documents and Settings\Skye\Application Data\LimeWire 2008-08-25 03:37 98,304 ----a-w C:\WINDOWS\DUMPd690.tmp 2008-08-24 02:25 98,304 ----a-w C:\WINDOWS\DUMPcc1f.tmp 2008-08-19 03:24 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2008-08-09 07:48 --------- d-----w C:\Program Files\iTunes 2008-08-09 07:44 --------- d-----w C:\Program Files\QuickTime 2008-08-09 05:04 --------- d-----w C:\Program Files\Microsoft Works 2008-08-08 03:40 --------- d-----w C:\Program Files\Java 2008-07-31 23:13 --------- d-----w C:\Program Files\CyberLink 2008-07-31 17:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-31 07:42 --------- d-----w C:\Program Files\ xyr0x Security 2008-07-29 08:50 --------- d-----w C:\Program Files\ATI Technologies 2008-07-29 06:23 --------- d-----w C:\Program Files\Common Files\Teleca Shared 2008-07-29 06:23 --------- d-----w C:\Documents and Settings\Skye\Application Data\Teleca 2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-13 09:34 --------- d-----w C:\Program Files\Network Associates 2008-07-13 09:34 --------- d-----w C:\Program Files\Common Files\Network Associates 2008-07-13 09:14 --------- d-----w C:\Program Files\Common Files\Logitech 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-01 21:26 --------- d--h--w C:\Documents and Settings\Skye\Application Data\ijjigame 2008-07-01 07:53 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-07-01 07:35 --------- d-----w C:\Documents and Settings\Skye\Application Data\Apple Computer 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-05-30 18:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 18:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 18:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 18:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 18:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 18:11 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll 2008-05-30 18:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-27 02:21 1,582,592 ----a-w C:\WINDOWS\system32\tquery.dll 2008-05-27 02:21 1,418,240 ----a-w C:\WINDOWS\system32\mssrch.dll 2008-05-27 02:19 97,792 ----a-w C:\WINDOWS\system32\UncCplExt.dll 2008-05-27 02:19 273,408 ----a-w C:\WINDOWS\system32\oeph.dll 2008-05-27 02:19 2,048 ----a-w C:\WINDOWS\system32\UncRes.dll 2008-05-27 02:19 143,872 ----a-w C:\WINDOWS\system32\UncDMS.dll 2008-05-27 02:19 131,072 ----a-w C:\WINDOWS\system32\UncPH.dll 2008-05-27 02:19 11,264 ----a-w C:\WINDOWS\system32\oephRes.dll 2008-05-27 02:19 108,032 ----a-w C:\WINDOWS\system32\UncNE.dll 2008-05-27 02:18 71,680 ----a-w C:\WINDOWS\system32\propdefs.dll 2008-05-27 02:18 56,320 ----a-w C:\WINDOWS\system32\xmlfilter.dll 2008-05-27 02:18 44,032 ----a-w C:\WINDOWS\system32\msstrc.dll 2008-05-27 02:18 439,808 ----a-w C:\WINDOWS\system32\searchindexer.exe 2008-05-27 02:18 38,400 ----a-w C:\WINDOWS\system32\rtffilt.dll 2008-05-27 02:18 350,208 ----a-w C:\WINDOWS\system32\mssph.dll 2008-05-27 02:18 231,936 ----a-w C:\WINDOWS\system32\msshsq.dll 2008-05-27 02:18 203,776 ----a-w C:\WINDOWS\system32\mssphtb.dll 2008-05-27 02:18 184,832 ----a-w C:\WINDOWS\system32\searchprotocolhost.exe 2008-05-27 02:17 87,552 ----a-w C:\WINDOWS\system32\searchfilterhost.exe 2008-05-27 02:17 87,552 ----a-w C:\WINDOWS\system32\mssitlb.dll 2008-05-27 02:17 754,176 ----a-w C:\WINDOWS\system32\propsys.dll 2008-05-27 02:17 60,416 ----a-w C:\WINDOWS\system32\msscntrs.dll 2008-05-27 02:17 34,816 ----a-w C:\WINDOWS\system32\msscb.dll 2008-05-27 02:17 32,768 ----a-w C:\WINDOWS\system32\mssprxy.dll 2008-05-27 02:17 301,568 ----a-w C:\WINDOWS\system32\srchadmin.dll 2008-05-27 02:17 11,776 ----a-w C:\WINDOWS\system32\msshooks.dll 2008-05-27 01:59 18,904 ----a-w C:\WINDOWS\system32\structuredqueryschematrivial.bin 2008-05-27 01:59 106,605 ----a-w C:\WINDOWS\system32\structuredqueryschema.bin 2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-02 06:40 84,496 ----a-w C:\WINDOWS\system32\KemXML.dll 2008-05-02 06:40 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll 2008-05-02 06:39 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll 2008-05-02 06:39 145,936 ----a-w C:\WINDOWS\system32\KemUtil.dll 2006-12-08 06:44 88,576 -c-ha-w C:\Documents and Settings\~FiBi~\Application Data\rbap550.dll 2005-10-26 04:02 7,727,944 ----a-w C:\Program Files\McAcrobatsInstaller.exe 2005-10-06 18:58 1,593,219 ----a-w C:\Program Files\KellyChen_Installer.exe 2005-05-04 16:21 7,351,496 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE 2005-04-23 15:40 457 -c--a-w C:\Program Files\INSTALL.LOG 2005-04-07 01:53 5,244,336 -c--a-w C:\Program Files\SetupDl.exe 2004-10-01 19:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe 2006-05-03 09:06 163,328 -csha-r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 -csha-r C:\WINDOWS\system32\msfDX.dll 2007-12-17 12:43 27,648 -csha-w C:\WINDOWS\system32\Smab0.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360] "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 14:31 1372160] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-08-19 03:20 342336] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2004-04-28 02:53 69632] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 21:10 339968] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-25 23:28 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-25 23:28 499712] "iRiver Updater"="C:\Program Files\iRiver\iRiver Manager\Updater\Updater.exe" [2004-03-10 17:16 204800] "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 02:08 483328] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 10:25 1397760] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "EPSON Stylus Photo R340 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-25 17:00 98304] "KONICA MINOLTA magicolor 2400W STD"="C:\WINDOWS\system32\MSTMON_S.EXE" [2005-06-22 03:38 184320] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-05 20:25 180269] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 16:59 374688] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920] "basicsmssmenu"="C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 16:21 169328] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064] "NvMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 14:30 131072] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 16:48 851968] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-13 20:12 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\~FiBi~\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-23 01:19:25 110592] Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-03-17 00:38:40 344064] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ 802.11b+g USB Wireless LAN Utility.lnk - C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe [2005-09-20 02:42:35 430080] Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-10-31 23:12:26 25214] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-23 01:19:25 110592] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-06-07 19:17:16 805392] Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoInstrumentation"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i420vfw.dll "vidc.XVID"= xvid.dll "vidc.3ivx"= 3ivxVfWCodec.dll "msacm.divxa32"= DivXa32.acm "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2006-11-08 14:27 222208 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-03-28 01:07 593920 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"= "C:\\Program Files\\Autodesk VIZ 2006\\3dsviz.exe"= "C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"= "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "C:\\Program Files\\backburner 2\\manager.exe"= "C:\\Program Files\\Autodesk\\backburner\\manager.exe"= "C:\\Program Files\\backburner 2\\monitor.exe"= "C:\\Program Files\\Autodesk\\backburner\\monitor.exe"= "C:\\Program Files\\backburner 2\\server.exe"= "C:\\Program Files\\Autodesk\\backburner\\server.exe"= "C:\\Program Files\\ICQ\\Icq.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\WinMX\\WinMX.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10454:TCP"= 10454:TCP:BitComet 10454 TCP "10454:UDP"= 10454:UDP:BitComet 10454 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29] R0 rmedia;Ricoh MediaCard Driver;C:\WINDOWS\system32\DRIVERS\rmedia.sys [2003-10-20 19:09] R2 Basics Service;Basics Service;C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [2007-10-09 16:21] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-08-18 23:24] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-04-28 02:53] R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07] S3 ATKXPDisplayName;ATKXPDisplayName;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 05:58] S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 20:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 20:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 20:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 20:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 20:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 20:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 20:06] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-14 03:16] S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 16:53] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d3ae97-d8e2-11dc-9dbf-00112f581a31}] \Shell\1\command - sxs.exe \Shell\2\command - sxs.exe \Shell\3\command - sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe . Contents of the 'Scheduled Tasks' folder 2008-08-30 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59] 2008-08-20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-lphc32hj0ep9g - C:\WINDOWS\system32\lphc32hj0ep9g.exe ShellExecuteHooks-{C85BD9F1-5B95-46DA-9F39-979DB6B58484} - C:\WINDOWS\system32\rqRJCSMc.dll Notify-rqRJCSMc - (no file) Notify-winkrg32 - winkrg32.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Skye\Application Data\Mozilla\Firefox\Profiles\b5a56ym5.default\ FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM1.dll FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM2.dll FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM3.dll FF -: plugin - C:\Program Files\Opera\program\plugins\NP_IDM5.dll FF -: plugin - C:\Program Files\Opera\program\plugins\npdrmv2.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-30 00:31:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\ASWLSVC.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\ASWL2K.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************ . Completion time: 2008-08-30 0:38:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-30 04:38:11 Pre-Run: 1,153,994,752 bytes free Post-Run: 6,309,859,328 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 476

Rorschach112 View Member Profile	Sep 1 2008, 09:22 AM Post #7
GeekU Teacher Posts: 19,711 From: Dublin OS: XP	Hello 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE File:: C:\546071056 C:\d1.exe C:\accq.exe C:\WINDOWS\sslzdlt.dll Sysrst:: Folder:: Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8d3ae97-d8e2-11dc-9dbf-00112f581a31}] Driver:: Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\system32\svchost.exe Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply.

SkyeBTCH

Sep 1 2008, 03:45 PM

Post #8

New Member

Posts: 6
OS: Windows XP Pro

The New ComboFix log:

ComboFix 08-08-31.01 - Skye 2008-09-01 17:04:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.561 [GMT -4:00]
Running from: C:\Documents and Settings\Skye\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Skye\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\546071056
C:\accq.exe
C:\d1.exe
C:\WINDOWS\sslzdlt.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\546071056
C:\accq.exe
C:\d1.exe
C:\WINDOWS\sslzdlt.dll
C:\WINDOWS\system32\WgaLogon.dll
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-08-30 22:41 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-30 22:41 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-08-30 15:51 . 2008-08-30 15:51 <DIR> d-------- C:\WINDOWS\SWImport Xtra Cache
2008-08-30 15:51 . 2008-08-30 15:51 24 --a------ C:\WINDOWS\SWImport Xtra.PRF
2008-08-30 14:24 . 2008-08-30 14:24 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-30 14:22 . 2008-08-30 14:22 <DIR> d-------- C:\Program Files\Rosetta Stone
2008-08-30 14:22 . 2008-09-01 08:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-08-30 13:37 . 2008-08-30 13:38 <DIR> d-------- C:\Program Files\MagicDisc
2008-08-30 13:37 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-08-29 15:02 . 2008-08-29 15:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-29 10:12 . 2008-08-29 10:12 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-08-29 10:06 . 2008-08-29 10:06 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\Windows Search
2008-08-29 08:09 . 2008-08-29 08:09 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-08-29 08:09 . 2008-08-29 08:09 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-08-29 08:08 . 2004-03-03 13:02 163,840 --a------ C:\WINDOWS\system32\nvumpu.exe
2008-08-29 08:07 . 2008-08-29 08:07 <DIR> d-------- C:\NVIDIA
2008-08-29 01:44 . 2008-08-29 01:45 <DIR> d-------- C:\Program Files\MagicISO
2008-08-29 01:43 . 2008-08-29 01:43 <DIR> d-------- C:\Program Files\7-Zip
2008-08-29 01:12 . 2008-08-29 01:27 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-08-28 21:58 . 2008-08-28 21:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-08-28 21:57 . 2008-08-28 21:57 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\Windows Desktop Search
2008-08-28 21:56 . 2008-08-28 21:56 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-28 21:56 . 2008-08-28 21:56 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-28 21:53 . 2008-03-07 13:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-28 21:53 . 2008-03-07 13:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-28 21:53 . 2008-03-07 13:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-28 21:48 . 2008-07-22 10:45 1,214,526 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-28 21:48 . 2008-07-22 10:45 790,846 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-28 21:48 . 2008-07-22 10:45 9,696 -----c--- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-27 23:37 . 2008-08-29 05:20 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-08-27 23:37 . 2008-08-29 05:20 <DIR> d-------- C:\Documents and Settings\Skye\Application Data\DMCache
2008-08-25 23:05 . 2008