Thanks. Here our my logs....
ComboFix 08-01-23.1C - Jason 2008-01-26 0:36:13.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.94 [GMT -8:00]
Running from: C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\8X670XQF\ComboFix[1].exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Jason\Application Data\SCURIT~1
C:\Documents and Settings\Jason\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Jason\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Jason\err.log
C:\Program Files\Common Files\mcroso~1.net
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\My Documents\ECURIT~1
C:\Program Files\My Documents\MCROSO~1
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WA6P
C:\WINDOWS\b147.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N99M2908NetInstaller.exe
C:\WINDOWS\FONTS\acrsecB.fon
C:\WINDOWS\FONTS\acrsecI.fon
C:\WINDOWS\mwinsys.ini
C:\WINDOWS\notedad.exe
C:\WINDOWS\System\AlxRes071109.exe
C:\WINDOWS\SYSTEM32\aasmelfr.ini
C:\WINDOWS\system32\adibfsei.dll
C:\WINDOWS\system32\agopvgdx.dll
C:\WINDOWS\system32\aitoiwju.dll
C:\WINDOWS\SYSTEM32\aqfjgfye.ini
C:\WINDOWS\system32\auto.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\SYSTEM32\bfpwnbys.ini
C:\WINDOWS\system32\cbxurpo.dll
C:\WINDOWS\system32\cujjptau.dll
C:\WINDOWS\SYSTEM32\dllmylgm.ini
C:\WINDOWS\system32\dmyhvnmy.dll
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\SYSTEM32\dwhwregl.ini
C:\WINDOWS\SYSTEM32\dwhwregl.ini2
C:\WINDOWS\SYSTEM32\ecrtbxox.ini
C:\WINDOWS\system32\edlbeqel.dll
C:\WINDOWS\system32\ejfiflav.dll
C:\WINDOWS\system32\eooribyy.dll
C:\WINDOWS\system32\epyelauu.dll
C:\WINDOWS\system32\etfxhaci.dll
C:\WINDOWS\system32\eudswsrs.dll
C:\windows\system32\explorer.exe
C:\WINDOWS\system32\eyalaxfk.exe
C:\WINDOWS\system32\eyfgjfqa.dll
C:\WINDOWS\SYSTEM32\fagmgeky.ini
C:\WINDOWS\SYSTEM32\feeaamet.ini
C:\WINDOWS\SYSTEM32\fehjl.ini
C:\WINDOWS\SYSTEM32\fehjl.ini2
C:\WINDOWS\system32\fohwoybq.dll
C:\WINDOWS\system32\fpfnmhkk.dll
C:\WINDOWS\system32\fthcikxv.dll
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G3\wr725.exe
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\G9
C:\WINDOWS\SYSTEM32\gijwdwqh.ini
C:\WINDOWS\system32\hggdayw.dll
C:\WINDOWS\system32\hqwdwjig.dll
C:\WINDOWS\SYSTEM32\icahxfte.ini
C:\WINDOWS\SYSTEM32\iesfbida.ini
C:\WINDOWS\system32\iliaoghu.dll
C:\WINDOWS\system32\inf\scrsys071109.scr
C:\WINDOWS\system32\inf\scrsys080122.scr
C:\WINDOWS\system32\inf\scrsys16_071109.dll
C:\WINDOWS\system32\inf\scrsys16_080122.dll
C:\WINDOWS\system32\inf\svchost.exe
C:\WINDOWS\SYSTEM32\jgcuniys.ini
C:\WINDOWS\system32\jhumwtgn.dll
C:\WINDOWS\system32\k1
C:\WINDOWS\system32\k1\IKtzudll2.exe
C:\WINDOWS\system32\katzppd.exe
C:\WINDOWS\system32\khfdbbc.dll
C:\WINDOWS\system32\khffcde.dll
C:\WINDOWS\SYSTEM32\leqeblde.ini
C:\WINDOWS\system32\lgerwhwd.dll
C:\WINDOWS\SYSTEM32\lklnn.bak1
C:\WINDOWS\SYSTEM32\lklnn.bak2
C:\WINDOWS\SYSTEM32\lklnn.ini
C:\WINDOWS\system32\lwisys16_080122.dll
C:\WINDOWS\system32\mglymlld.dll
C:\WINDOWS\SYSTEM32\mhuqxakw.ini
C:\WINDOWS\SYSTEM32\mmfgrcrs.ini
C:\WINDOWS\system32\mp43.exe
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\SYSTEM32\ngtwmuhj.ini
C:\WINDOWS\SYSTEM32\nmoqr.ini
C:\WINDOWS\SYSTEM32\nmoqr.ini2
C:\WINDOWS\system32\nnlkl.dll
C:\WINDOWS\system32\nxqwcbyy.dll
C:\WINDOWS\system32\oiwwxumo.exe
C:\WINDOWS\system32\okaastqo.dll
C:\WINDOWS\SYSTEM32\oqtsaako.ini
C:\WINDOWS\system32\ovnffsbp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pbsffnvo.ini
C:\WINDOWS\system32\pmnljjh.dll
C:\WINDOWS\system32\qacxpmyx.dll
C:\WINDOWS\system32\qvijrrot.dll
C:\WINDOWS\system32\rflemsaa.dll
C:\WINDOWS\SYSTEM32\rstwa.ini
C:\WINDOWS\SYSTEM32\rstwa.ini2
C:\WINDOWS\system32\srcrgfmm.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\sybnwpfb.dll
C:\WINDOWS\system32\syinucgj.dll
C:\WINDOWS\system32\temaaeef.dll
C:\WINDOWS\SYSTEM32\torrjivq.ini
C:\WINDOWS\SYSTEM32\ujwiotia.ini
C:\WINDOWS\system32\ulrcvnwq.dll
C:\WINDOWS\system32\urqnlki.dll
C:\WINDOWS\system32\urqrqpn.dll
C:\WINDOWS\system32\vmmhcpap.dll
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
C:\WINDOWS\system32\vtuuusp.dll
C:\WINDOWS\SYSTEM32\vwvyb.ini2
C:\WINDOWS\SYSTEM32\vxkichtf.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\windows.scr
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\winsys16_071109.dll
C:\WINDOWS\system32\winsys32_071109.dll
C:\WINDOWS\system32\wkaxquhm.dll
C:\WINDOWS\system32\wtyxvukx.dll
C:\WINDOWS\SYSTEM32\xdgvpoga.ini
C:\WINDOWS\SYSTEM32\xkuvxytw.ini
C:\WINDOWS\system32\xoxbtrce.dll
C:\WINDOWS\system32\xyutwuig.dll
C:\WINDOWS\system32\yayvvuu.dll
C:\WINDOWS\system32\ykegmgaf.dll
C:\WINDOWS\system32\ymtfwjsv.dll
C:\WINDOWS\system32\ywysrnni.dll
C:\WINDOWS\SYSTEM32\yybcwqxn.ini
C:\WINDOWS\SYSTEM32\yybirooe.ini
C:\WINDOWS\system32\z8
C:\WINDOWS\system32\z8\srwv12drll.exe
C:\WINDOWS\tsitra1000106.exe
C:\WINDOWS\tsitra11.exe
C:\WINDOWS\tsitra572.exe
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\wr.txt
----- BITS: Possible infected sites -----
hxxp://resources.secureonlinegaming.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_MSUPDATE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.
2008-01-26 00:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-24 04:11 . 2008-01-24 04:18 6,724 --a------ C:\WINDOWS\SYSTEM32\mywehit.ini.tmp
2008-01-24 04:09 . 2008-01-24 04:10 211,456 --a------ C:\WINDOWS\SYSTEM32\mwisys32_080122.dll
2008-01-24 04:09 . 2008-01-24 04:09 113,008 --a------ C:\WINDOWS\SYSTEM\sslxpes080122.exe
2008-01-21 21:09 . 2008-01-21 21:09 <DIR> d-------- C:\Program Files\iPod
2008-01-21 21:08 . 2008-01-21 21:08 <DIR> d-------- C:\Program Files\iTunes
2008-01-21 01:27 . 2008-01-24 04:08 211,456 --------- C:\WINDOWS\SYSTEM32\mwisys32_080120.dll
2008-01-20 14:31 . 2008-01-21 01:02 1,071,406 ---hs---- C:\WINDOWS\SYSTEM32\wknoraob.ini
2008-01-18 10:57 . 2008-01-19 00:54 1,073,301 ---hs---- C:\WINDOWS\SYSTEM32\xnfnytpx.ini
2008-01-15 20:06 . 2008-01-21 01:01 321 ---hs---- C:\WINDOWS\SYSTEM32\xyxbc.ini
2008-01-15 01:11 . 2008-01-15 17:55 334,704 ---hs---- C:\WINDOWS\SYSTEM32\ortwa.ini
2008-01-14 17:13 . 2008-01-14 17:13 <DIR> d-------- C:\WINDOWS\SYSTEM32\URTTemp
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2008-01-06 17:30 . 2008-01-06 17:30 503 --a------ C:\office.lnk
2008-01-06 11:26 . 2008-01-10 21:33 321 ---hs---- C:\WINDOWS\SYSTEM32\orutv.ini
2008-01-03 17:22 . 2008-01-03 21:44 1,038,424 ---hs---- C:\WINDOWS\SYSTEM32\ilasjjyl.ini
2008-01-02 12:20 . 2008-01-02 17:15 1,031,458 ---hs---- C:\WINDOWS\SYSTEM32\ucpplgbt.ini
2007-12-30 21:08 . 2007-12-30 21:08 <DIR> d--hs---- C:\FOUND.028
2007-12-30 10:25 . 2007-12-30 20:22 1,031,517 ---hs---- C:\WINDOWS\SYSTEM32\bddtgjox.ini
2007-12-29 00:34 . 2008-01-04 17:22 6,627 ---hs---- C:\WINDOWS\SYSTEM32\ruvut.ini
2007-12-29 00:08 . 2007-12-29 00:08 <DIR> d-------- C:\Program Files\ConnectToCasino
2007-12-28 22:19 . 2007-12-29 22:20 1,031,379 ---hs---- C:\WINDOWS\SYSTEM32\khbevdaf.ini
2007-12-28 19:55 . 2007-12-28 22:19 1,031,199 ---hs---- C:\WINDOWS\SYSTEM32\tpjeurme.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 20:48 --------- d-----w C:\Program Files\LimeWire
2007-12-25 20:10 --------- d-----w C:\Program Files\Apple Software Update
2007-12-25 20:08 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-23 00:58 --------- d-----w C:\Program Files\Casino Share Flash Casino
2007-12-20 02:18 --------- d-----w C:\Program Files\BetRoyal Casino
2007-12-18 07:27 --------- d-----w C:\Program Files\Prism Casino
2007-12-16 06:37 --------- d-----w C:\Program Files\Virtual Casino
2007-12-16 00:52 --------- d-----w C:\Program Files\Millionaire Casino
2007-12-13 06:57 --------- d-----w C:\Program Files\Shark Casino
2007-12-11 06:23 --------- d-----w C:\Program Files\Slots of Vegas
2007-12-10 00:43 --------- d-----w C:\Program Files\MayanFortune
2007-12-09 02:51 --------- d-----w C:\Program Files\Golden Riviera Guest Play Flash Casino
2007-12-08 23:54 22,016 --sh--r C:\WINDOWS\SYSTEM32\wcheck.dll
2007-12-08 07:23 --------- d-----w C:\Program Files\Cirrus Casino
2007-12-05 07:10 28,168 --sh--r C:\WINDOWS\SYSTEM32\wincheck071204.exe
2007-12-05 07:10 27,136 --sh--r C:\WINDOWS\SYSTEM32\wincheck071204.dll
2007-12-05 02:30 --------- d-----w C:\Program Files\Common Files\Totem Shared
2007-11-27 22:19 28,052 --sh--r C:\WINDOWS\SYSTEM32\wincheck071128.exe
2007-11-27 22:19 27,136 --sh--r C:\WINDOWS\SYSTEM32\wincheck071128.dll
2007-11-27 06:08 --------- d-----w C:\Program Files\Paradise8
2007-11-25 20:56 204,800 ------w C:\WINDOWS\SYSTEM32\mwisys32_071124.dll
2007-11-10 08:23 3,072 ----a-w C:\WINDOWS\SYSTEM32\ SOUNDMAN.EXE
2002-11-09 21:50 128,975 ----a-w C:\Program Files\winmail.dat
2002-11-03 22:04 232,638 ----a-w C:\Program Files\42acplug_setup.exe
2001-06-21 23:06 271 --sh--w C:\Program Files\desktop.ini
2001-06-21 23:06 23,357 ---h--w C:\Program Files\folder.htt
2002-08-23 02:18 8 --sh--w C:\WINDOWS\DRM\pdrm.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 102,400 2002-06-10 22:21:32 C:\Program Files\Common Files\Logitech\QCDriver\bak\LVCOMS.EXE
----a-w 102,400 2002-06-10 22:21:32 C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
----a-w 45,056 2002-06-20 20:25:56 C:\Program Files\Logitech\ImageStudio\bak\LogiTray.exe
----a-w 45,056 2002-06-20 20:25:56 C:\Program Files\Logitech\ImageStudio\LogiTray.exe
----a-w 4,662,776 2006-10-25 00:10:18 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe
----a-w 4,670,968 2007-03-27 23:22:56 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
----a-w 282,624 2006-12-16 02:24:38 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 385,024 2008-01-10 23:27:36 C:\Program Files\QuickTime\QTTask.exe
----a-w 311,350 2000-08-08 21:00:00 C:\Program Files\Microsoft Works\bak\WksSb.exe
----a-w 311,350 2000-08-08 21:00:00 C:\Program Files\Microsoft Works\WksSb.exe
----a-r 307,200 2005-10-24 23:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe
----a-w 1,310,720 2007-01-22 07:14:20 C:\Program Files\SUPERAntiSpyware\bak\SUPERAntiSpyware.exe
----a-w 75,520 2006-12-15 11:23:28 C:\Program Files\Java\jre1.5.0_11\bin\bak\jusched.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 13:00:00 24633]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"MyUserinit"= C:\WINDOWS\system32\inf\svchosts.exe C:\WINDOWS\system32\lwisys16_080122.dll start
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"mscheck"= rundll32.exe C:\WINDOWS\system32\wincheck071204.dll mymain
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LDM"=\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"AtiPTA"=Atiptaxx.exe
"SVAPlayer"=C:\Program Files\SVA Player\SVAPLAYER.EXE
"NVQuickTweak"=RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
"Uninstall0001"="C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.virtuagay.com!StatsVirtuaGuy
"Uninstall0002"="C:\Program Files\Common Files\Totem Shared\Uninstall0002\upd.exe" LASTCALL!adverts.virtuagay.com!StatsVirtuaGuy
"MediaLoads Installer"="C:\Program Files\DownloadWare\dw.exe" /H
R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 04:00]
R3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS [2006-05-10 15:22]
S2 UMAXPCLS;Print Port Scanner Driver;C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 14:16]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 07:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2008-01-26 03:08:20 C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job"
- C:\WINDOWS\PCHEALTH\SUPPORT\PCHSCHD.EXE
"2008-01-23 09:00:28 C:\WINDOWS\Tasks\Maintenance-Defragment programs.job"
- C:\WINDOWS\DEFRAG.EXE
"2008-01-01 08:30:02 C:\WINDOWS\Tasks\Maintenance-Disk cleanup.job"
- C:\WINDOWS\CLEANMGR.EXE
"2005-02-05 18:58:30 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-01-26 09:00:02 C:\WINDOWS\Tasks\AB2A19A791119333.job"
- c:\docume~1\jason\applic~1\
01acid~1\Movesafeaxis.exe
"2008-01-20 02:11:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-26 00:59:32
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Program Files\AOL Games
C:\Program Files\GameHouse
C:\Program Files\PopCap Games
C:\Program Files\Raptisoft
C:\Program Files\SuperiorCasino
C:\Program Files\Vegas Strip
C:\Program Files\Orchid Online
C:\Program Files\Bonjour
C:\Program Files\Paradise8
C:\Program Files\Cirrus Casino
C:\Program Files\Golden Riviera Guest Play Flash Casino
C:\Program Files\MayanFortune
C:\Program Files\Slots of Vegas
C:\Program Files\Shark Casino
C:\Program Files\Millionaire Casino
C:\Program Files\Virtual Casino
C:\Program Files\Prism Casino
C:\Program Files\BetRoyal Casino
C:\Program Files\Casino Share Flash Casino
C:\Program Files\Apple Software Update
C:\Program Files\LimeWire
C:\Program Files\ConnectToCasino
C:\Program Files\iTunes
C:\Program Files\iPod
C:\WINDOWS\system32wcheck.dll 32768 bytes
C:\WINDOWS\system32jganxqla.ini 720896 bytes
C:\WINDOWS\system32umcibaff.ini 491520 bytes
C:\WINDOWS\system32khtnokbw.dll 98304 bytes
C:\WINDOWS\system32mwisys32_080120.dll 229376 bytes
C:\WINDOWS\system32mwisys32_080122.dll 229376 bytes
C:\WINDOWS\system32suusjcxg.dll 98304 bytes
C:\WINDOWS\system32unimdmat.dll 98304 bytes
C:\WINDOWS\system32unimdm.tsp 229376 bytes
C:\WINDOWS\system32umpnpmgr.dll 131072 bytes
C:\WINDOWS\system32umandlg.dll 65536 bytes
C:\WINDOWS\system32tracert.exe 32768 bytes
C:\WINDOWS\system32termsrv.dll 327680 bytes
C:\WINDOWS\system32termmgr.dll 360448 bytes
C:\WINDOWS\system32tcpmib.dll 32768 bytes
C:\WINDOWS\system32tapi32.dll 196608 bytes
C:\WINDOWS\system32tapi3.dll 884736 bytes
C:\WINDOWS\system32svchost.exe 32768 bytes
C:\WINDOWS\system32strmdll.dll 262144 bytes
C:\WINDOWS\system32stimon.exe 32768 bytes
C:\WINDOWS\system32sstext3d.scr 688128 bytes
C:\WINDOWS\system32ssdpapi.dll 65536 bytes
C:\WINDOWS\system32ssbezier.scr 32768 bytes
C:\WINDOWS\system32srrstr.dll 262144 bytes
C:\WINDOWS\system32sqlsrv32.rll 98304 bytes
C:\WINDOWS\system32sqlsrv32.dll 458752 bytes
C:\WINDOWS\system32spoolsv.exe 65536 bytes
C:\WINDOWS\system32spoolss.dll 98304 bytes
C:\WINDOWS\system32spider.exe 557056 bytes
C:\WINDOWS\system32skeys.exe 32768 bytes
C:\WINDOWS\system32shscrap.dll 32768 bytes
C:\WINDOWS\system32LTIMG12n.DLL 196608 bytes
C:\WINDOWS\system32LTKRN12n.DLL 425984 bytes
C:\WINDOWS\system32LTOCX12n.INF 32768 bytes
C:\WINDOWS\system32LTTWN12n.DLL 65536 bytes
C:\WINDOWS\system32wbkonthk.ini 491520 bytes
C:\WINDOWS\system32shimgvw.dll 458752 bytes
C:\WINDOWS\system32shimeng.dll 65536 bytes
C:\WINDOWS\system32shgina.dll 98304 bytes
C:\WINDOWS\system32VFind.exe 65536 bytes
C:\WINDOWS\system32shdoclc.dll 557056 bytes
C:\WINDOWS\system32sfcfiles.dll 1605632 bytes
C:\WINDOWS\system32sfc.dll 32768 bytes
C:\WINDOWS\system32setup.exe 32768 bytes
C:\WINDOWS\system32sens.dll 65536 bytes
C:\WINDOWS\system32sendmail.dll 65536 bytes
C:\WINDOWS\system32seclogon.dll 32768 bytes
C:\WINDOWS\system32sdbinst.exe 98304 bytes
C:\WINDOWS\system32scesrv.dll 327680 bytes
C:\WINDOWS\system32scecli.dll 196608 bytes
C:\WINDOWS\system32sccsccp.dll 196608 bytes
C:\WINDOWS\system32rtipxmib.dll 32768 bytes
C:\WINDOWS\system32jdekcxgl.ini 491520 bytes
C:\WINDOWS\system32rpcrt4.dll 589824 bytes
C:\WINDOWS\system32riched20.dll 458752 bytes
C:\WINDOWS\system32rexec.exe 32768 bytes
C:\WINDOWS\system32remotesp.tsp 98304 bytes
C:\WINDOWS\system32regapi.dll 65536 bytes
C:\WINDOWS\system32reg.exe 65536 bytes
C:\WINDOWS\system32rassapi.dll 32768 bytes
C:\WINDOWS\system32rasphone.exe 65536 bytes
C:\WINDOWS\system32raschap.dll 98304 bytes
C:\WINDOWS\system32rasadhlp.dll 32768 bytes
C:\WINDOWS\system32racpldlg.dll 65536 bytes
C:\WINDOWS\system32quartz.dll 1310720 bytes
C:\WINDOWS\system32qdvd.dll 393216 bytes
C:\WINDOWS\system32pstorec.dll 65536 bytes
C:\WINDOWS\system32psapi.dll 32768 bytes
C:\WINDOWS\system32proquota.exe 65536 bytes
C:\WINDOWS\system32proctexe.ocx 98304 bytes
C:\WINDOWS\system32powercfg.cpl 131072 bytes
C:\WINDOWS\system32ping.exe 32768 bytes
C:\WINDOWS\system32offfilt.dll 131072 bytes
C:\WINDOWS\system32odbcp32r.dll 32768 bytes
C:\WINDOWS\system32odbcjt32.dll 294912 bytes
C:\WINDOWS\system32odbccu32.dll 65536 bytes
C:\WINDOWS\system32odbccr32.dll 65536 bytes
C:\WINDOWS\system32odbccp32.dll 131072 bytes
C:\WINDOWS\system32odbccp32.cpl 32768 bytes
C:\WINDOWS\system32odbcconf.rsp 32768 bytes
C:\WINDOWS\system32odbcconf.dll 163840 bytes
C:\WINDOWS\system32odbcbcp.dll 32768 bytes
C:\WINDOWS\system32odbcad32.exe 32768 bytes
C:\WINDOWS\system32odbc32gt.dll 32768 bytes
C:\WINDOWS\system32odbc32.dll 262144 bytes
C:\WINDOWS\system32occache.dll 98304 bytes
C:\WINDOWS\system32nusrmgr.cpl 262144 bytes
C:\WINDOWS\system32ntmssvc.dll 458752 bytes
C:\WINDOWS\system32ntlanman.dll 65536 bytes
C:\WINDOWS\system32ntdsapi.dll 98304 bytes
C:\WINDOWS\system32npptools.dll 65536 bytes
C:\WINDOWS\system32newdev.dll 262144 bytes
C:\WINDOWS\system32netui1.dll 262144 bytes
C:\WINDOWS\system32netui0.dll 98304 bytes
C:\WINDOWS\system32netstat.exe 65536 bytes
C:\WINDOWS\system32netsh.exe 98304 bytes
C:\WINDOWS\system32netplwiz.dll 884736 bytes
C:\WINDOWS\system32netlogon.dll 425984 bytes
C:\WINDOWS\system32netid.dll 163840 bytes
C:\WINDOWS\system32netapi32.dll 360448 bytes
C:\WINDOWS\system32net1.exe 131072 bytes
C:\WINDOWS\system32nddenb32.dll 32768 bytes
C:\WINDOWS\system32ncobjapi.dll 65536 bytes
C:\WINDOWS\system32narrator.exe 65536 bytes
C:\WINDOWS\system32mtxclu.dll 98304 bytes
C:\WINDOWS\system32msxml2.dll 720896 bytes
C:\WINDOWS\system32msvcrt40.dll 65536 bytes
C:\WINDOWS\system32msvcp60.dll 425984 bytes
C:\WINDOWS\system32msvcirt.dll 65536 bytes
C:\WINDOWS\system32mstinit.exe 32768 bytes
C:\WINDOWS\system32mspaint.exe 360448 bytes
C:\WINDOWS\system32msorc32r.dll 32768 bytes
C:\WINDOWS\system32msoert2.dll 131072 bytes
C:\WINDOWS\system32msimtf.dll 163840 bytes
C:\WINDOWS\system32msimg32.dll 32768 bytes
C:\WINDOWS\system32ntmqodlt.ini 589824 bytes
C:\WINDOWS\system32msieftp.dll 262144 bytes
C:\WINDOWS\system32msidle.dll 32768 bytes
C:\WINDOWS\system32msident.dll 65536 bytes
C:\WINDOWS\system32mshtmler.dll 65536 bytes
C:\WINDOWS\system32mshta.exe 32768 bytes
C:\WINDOWS\system32msexcl40.dll 327680 bytes
C:\WINDOWS\system32msctfp.dll 98304 bytes
C:\WINDOWS\system32mscpx32r.dll 32768 bytes
C:\WINDOWS\system32msconf.dll 98304 bytes
C:\WINDOWS\system32msaud32.acm 294912 bytes
C:\WINDOWS\system32msasn1.dll 65536 bytes
C:\WINDOWS\system32msapsspc.dll 98304 bytes
C:\WINDOWS\system32msadds32.ax 229376 bytes
C:\WINDOWS\system32mprapi.dll 98304 bytes
C:\WINDOWS\system32mpr.dll 65536 bytes
C:\WINDOWS\system32mplay32.exe 131072 bytes
C:\WINDOWS\system32mobsync.exe 163840 bytes
C:\WINDOWS\system32miglibnt.dll 65536 bytes
C:\WINDOWS\system32mfcsubs.dll 32768 bytes
C:\WINDOWS\system32mfc42u.dll 1048576 bytes
C:\WINDOWS\system32mf3216.dll 65536 bytes
C:\WINDOWS\system32mciwave.dll 32768 bytes
C:\WINDOWS\system32lprhelp.dll 32768 bytes
C:\WINDOWS\system32licwmi.dll 65536 bytes
C:\WINDOWS\system32vtegjitf.ini 589824 bytes
C:\WINDOWS\system32keymgr.dll 163840 bytes
C:\WINDOWS\system32kd1394.dll 32768 bytes
C:\WINDOWS\system32joy.cpl 98304 bytes
C:\WINDOWS\system32ipsecsnp.dll 360448 bytes
C:\WINDOWS\system32ipconfig.exe 65536 bytes
C:\WINDOWS\system32intl.cpl 131072 bytes
C:\WINDOWS\system32inetmib1.dll 65536 bytes
C:\WINDOWS\system32imgutil.dll 65536 bytes
C:\WINDOWS\system32ils.dll 98304 bytes
C:\WINDOWS\system32icm32.dll 262144 bytes
C:\WINDOWS\system32iasrad.dll 131072 bytes
C:\WINDOWS\system32hidphone.tsp 32768 bytes
C:\WINDOWS\system32hid.dll 32768 bytes
C:\WINDOWS\system32hdwwiz.cpl 163840 bytes
C:\WINDOWS\system32grpconv.exe 65536 bytes
C:\WINDOWS\system32framebuf.dll 32768 bytes
C:\WINDOWS\system32eudcedit.exe 196608 bytes
C:\WINDOWS\system32es.dll 262144 bytes
C:\WINDOWS\system32ersvc.dll 32768 bytes
C:\WINDOWS\system32els.dll 196608 bytes
C:\WINDOWS\system32dumprep.exe 32768 bytes
C:\WINDOWS\system32dssec.dll 65536 bytes
C:\WINDOWS\system32dnsrslvr.dll 65536 bytes
C:\WINDOWS\system32dnsapi.dll 163840 bytes
C:\WINDOWS\system32dmutil.dll 65536 bytes
C:\WINDOWS\system32dmscript.dll 98304 bytes
C:\WINDOWS\system32ddeshare.exe 32768 bytes
C:\WINDOWS\system32dcache.bin 32768 bytes
C:\WINDOWS\system32dataclen.dll 65536 bytes
C:\WINDOWS\system32cscui.dll 327680 bytes
C:\WINDOWS\system32cscript.exe 98304 bytes
C:\WINDOWS\system32cryptui.dll 524288 bytes
C:\WINDOWS\system32cryptsvc.dll 65536 bytes
C:\WINDOWS\system32cryptnet.dll 65536 bytes
C:\WINDOWS\system32cryptext.dll 65536 bytes
C:\WINDOWS\system32cryptdlg.dll 98304 bytes
C:\WINDOWS\system32credui.dll 163840 bytes
C:\WINDOWS\system32corpol.dll 65536 bytes
C:\WINDOWS\system32comuid.dll 557056 bytes
C:\WINDOWS\system32comres.dll 819200 bytes
C:\WINDOWS\system32compstui.dll 229376 bytes
C:\WINDOWS\system32cnbjmon.dll 65536 bytes
C:\WINDOWS\system32cmutil.dll 65536 bytes
C:\WINDOWS\system32clipsrv.exe 65536 bytes
C:\WINDOWS\system32clbcatex.dll 131072 bytes
C:\WINDOWS\system32ciodm.dll 98304 bytes
C:\WINDOWS\system32cfgbkend.dll 65536 bytes
C:\WINDOWS\system32cdosys.dll 2097152 bytes
C:\WINDOWS\system32catsrvps.dll 98304 bytes
C:\WINDOWS\system32camocx.dll 65536 bytes
C:\WINDOWS\system32browsewm.dll 98304 bytes
C:\WINDOWS\system32nnpoq.ini 32768 bytes
C:\WINDOWS\system32browser.dll 98304 bytes
C:\WINDOWS\system32basesrv.dll 65536 bytes
C:\WINDOWS\system32avifil32.dll 98304 bytes
C:\WINDOWS\system32audiosrv.dll 65536 bytes
C:\WINDOWS\system32atmlib.dll 32768 bytes
C:\WINDOWS\system32atmadm.exe 32768 bytes
C:\WINDOWS\system32ati3d2ag.dll 1081344 bytes
C:\WINDOWS\system32apphelp.dll 131072 bytes
C:\WINDOWS\system32amstream.dll 98304 bytes
C:\WINDOWS\system32alg.exe 65536 bytes
C:\WINDOWS\system32adsnt.dll 294912 bytes
C:\WINDOWS\system32adsldp.dll 196608 bytes
C:\WINDOWS\system32actmovie.exe 32768 bytes
C:\WINDOWS\system32hpguapi.ini 32768 bytes
C:\WINDOWS\system32aclui.dll 131072 bytes
C:\WINDOWS\system32ntbackup.exe 1212416 bytes
C:\WINDOWS\system32xpob2res.dll 458752 bytes
C:\WINDOWS\system32xmlprov.dll 131072 bytes
C:\WINDOWS\system32wuauserv.dll 32768 bytes
C:\WINDOWS\system32wshbth.dll 131072 bytes
C:\WINDOWS\system32wscui.cpl 163840 bytes
C:\WINDOWS\system32wscsvc.dll 98304 bytes
C:\WINDOWS\system32wscntfy.exe 32768 bytes
C:\WINDOWS\system32ummjkmwn.ini 589824 bytes
C:\WINDOWS\system32wmp.dll 4882432 bytes
C:\WINDOWS\system32ikokyudt.ini 589824 bytes
C:\WINDOWS\system32winshfhc.dll 32768 bytes
C:\WINDOWS\system32winhttp.dll 360448 bytes
C:\WINDOWS\system32winbrand.dll 950272 bytes
C:\WINDOWS\system32xwvut.ini 32768 bytes
C:\WINDOWS\system32twext.dll 65536 bytes
C:\WINDOWS\system32strmfilt.dll 98304 bytes
C:\WINDOWS\system32spupdwxp.exe 32768 bytes
C:\WINDOWS\system32spnpinst.exe 32768 bytes
C:\WINDOWS\system32smbinst.exe 32768 bytes
C:\WINDOWS\system32slserv.exe 98304 bytes
C:\WINDOWS\system32slrundll.exe 65536 bytes
C:\WINDOWS\system32slgen.dll 196608 bytes
C:\WINDOWS\system32slextspk.dll 294912 bytes
C:\WINDOWS\system32slcoinst.dll 98304 bytes
C:\WINDOWS\system32sdhcinst.dll 32768 bytes
C:\WINDOWS\system32sbeio.dll 163840 bytes
C:\WINDOWS\system32qmgr.dll 393216 bytes
C:\WINDOWS\system32powercfg.exe 65536 bytes
C:\WINDOWS\system32pnrpnsp.dll 65536 bytes
C:\WINDOWS\system32p2psvc.dll 557056 bytes
C:\WINDOWS\system32p2pnetsh.dll 98304 bytes
C:\WINDOWS\system32p2pgraph.dll 327680 bytes
C:\WINDOWS\system32p2pgasvc.dll 98304 bytes
C:\WINDOWS\system32p2p.dll 131072 bytes
C:\WINDOWS\system32mtxparhd.dll 1769472 bytes
C:\WINDOWS\system32mssap.dll 163840 bytes
C:\WINDOWS\system32msftedit.dll 557056 bytes
C:\WINDOWS\system32msctfime.ime 196608 bytes
C:\WINDOWS\system32mdmxsdk.dll 98304 bytes
C:\WINDOWS\system32kbdukx.dll 32768 bytes
C:\WINDOWS\system32kbdsmsno.dll 32768 bytes
C:\WINDOWS\system32kbdsmsfi.dll 32768 bytes
C:\WINDOWS\system32kbdno1.dll 32768 bytes
C:\WINDOWS\system32kbdmlt48.dll 32768 bytes
C:\WINDOWS\system32kbdmlt47.dll 32768 bytes
C:\WINDOWS\system32kbdmaori.dll 32768 bytes
C:\WINDOWS\system32kbdinmal.dll 32768 bytes
C:\WINDOWS\system32kbdinben.dll 32768 bytes
C:\WINDOWS\system32kbdinbe1.dll 32768 bytes
C:\WINDOWS\system32kbdfi1.dll 32768 bytes
C:\WINDOWS\system32ivfsrc.ax 163840 bytes
C:\WINDOWS\system32ir50_qcx.dll 196608 bytes
C:\WINDOWS\system32iac25_32.ax 229376 bytes
C:\WINDOWS\system32httpapi.dll 32768 bytes
C:\WINDOWS\system32html.iec 425984 bytes
C:\WINDOWS\system32hsfcisp2.dll 32768 bytes
C:\WINDOWS\system32hccoin.dll 32768 bytes
C:\WINDOWS\system32fsquirt.exe 196608 bytes
C:\WINDOWS\system32fltmc.exe 32768 bytes
C:\WINDOWS\system32fltlib.dll 32768 bytes
C:\WINDOWS\system32firewall.cpl 98304 bytes
C:\WINDOWS\system32faxpatch.exe 32768 bytes
C:\WINDOWS\system32encdec.dll 196608 bytes
C:\WINDOWS\system32btpanui.dll 65536 bytes
C:\WINDOWS\system32bthserv.dll 32768 bytes
C:\WINDOWS\system32bthprops.cpl 131072 bytes
C:\WINDOWS\system32bthci.dll 32768 bytes
C:\WINDOWS\system32blastcln.exe 98304 bytes
C:\WINDOWS\system32bitsprx3.dll 32768 bytes
C:\WINDOWS\system32ativvaxx.dll 524288 bytes
C:\WINDOWS\system32ativtmxx.dll 32768 bytes
C:\WINDOWS\system32ativmvxx.ax 32768 bytes
C:\WINDOWS\system32ati3d1ag.dll 884736 bytes
C:\WINDOWS\system32wstpager.ax 196608 bytes
C:\WINDOWS\system32wstrenderer.ax 262144 bytes
C:\WINDOWS\system32vbicodec.ax 65536 bytes
C:\WINDOWS\system32secedit.exe 32768 bytes
C:\WINDOWS\system32spiisupd.exe 32768 bytes
C:\WINDOWS\system32asr_pfu.exe 32768 bytes
C:\WINDOWS\system32vhcqcmcc.ini 1245184 bytes
C:\WINDOWS\system32Camapi32.dll 65536 bytes
C:\WINDOWS\system32mywehit.ini 32768 bytes
C:\WINDOWS\system32dns-sd.exe 65536 bytes
C:\WINDOWS\system32orqru.ini 32768 bytes
C:\WINDOWS\system32klrxlpbo.ini 1114112 bytes
C:\WINDOWS\system32dnssd.dll 65536 bytes
C:\WINDOWS\system32E300.dll 327680 bytes
C:\WINDOWS\system32 SOUNDMAN.EXE 32768 bytes
C:\WINDOWS\system32Comm32.dll 32768 bytes
C:\WINDOWS\system32DC210V204_32.dll 65536 bytes
C:\WINDOWS\system32Dc50ip32.dll 131072 bytes
C:\WINDOWS\system32Dc50v11_32.dll 131072 bytes
C:\WINDOWS\system32E300str.dll 32768 bytes
C:\WINDOWS\system32ImgLibLead.dll 32768 bytes
C:\WINDOWS\system32LFCMP70n.DLL 229376 bytes
C:\WINDOWS\system32Lfbmp70n.dll 32768 bytes
C:\WINDOWS\system32Ltfil70n.dll 65536 bytes
C:\WINDOWS\system32Ltkrn70n.dll 360448 bytes
C:\WINDOWS\system32Nkdscsi.dll 65536 bytes
C:\WINDOWS\system32Nkdserl.dll 65536 bytes
C:\WINDOWS\system32mwisys32_071124.dll 229376 bytes
C:\WINDOWS\system32TWAIN_32.DLL 98304 bytes
C:\WINDOWS\system32msls2.dll 98304 bytes
C:\WINDOWS\system32hlp95en.dll 32768 bytes
C:\WINDOWS\system32ochlp30e.dll 65536 bytes
C:\WINDOWS\system32Ltwvc11n.dll 720896 bytes
C:\WINDOWS\system32ltkrn11n.dll 393216 bytes
C:\WINDOWS\system32ltimg11n.dll 131072 bytes
C:\WINDOWS\system32ltfil11n.DLL 131072 bytes
C:\WINDOWS\system32LTDIS11n.dll 294912 bytes
C:\WINDOWS\system32lfwmf11n.dll 65536 bytes
C:\WINDOWS\system32lftif11n.dll 163840 bytes
C:\WINDOWS\system32lftga11n.dll 32768 bytes
C:\WINDOWS\system32lfpsd11n.dll 65536 bytes
C:\WINDOWS\system32Lfpng11n.dll 196608 bytes
C:\WINDOWS\system32lfpcx11n.dll 65536 bytes
C:\WINDOWS\system32lfpcd11n.dll 32768 bytes
C:\WINDOWS\system32lfgif11n.dll 65536 bytes
C:\WINDOWS\system32lffax11n.dll 98304 bytes
C:\WINDOWS\system32lfeps11n.dll 32768 bytes
C:\WINDOWS\system32LFCMP11n.DLL 294912 bytes
C:\WINDOWS\system32lfbmp11n.dll 65536 bytes
C:\WINDOWS\system32Pubole32.dll 98304 bytes
C:\WINDOWS\system32yxxyb.ini 32768 bytes
C:\WINDOWS\system32MSRECR40.DLL 32768 bytes
C:\WINDOWS\system32TWUNK_16.EXE 65536 bytes
C:\WINDOWS\system32TWUNK_32.EXE 98304 bytes
C:\WINDOWS\system32VEN2232.OLB 65536 bytes
C:\WINDOWS\system32VBAEND32.OLB 32768 bytes
C:\WINDOWS\system32VBAEN32.OLB 32768 bytes
C:\WINDOWS\system32VBAME.DLL 65536 bytes
C:\WINDOWS\system32MFC42ENU.DLL 65536 bytes
C:\WINDOWS\system32rtsut.ini 32768 bytes
C:\WINDOWS\system32URTTemp
C:\WINDOWS\system32mkpollca.ini 819200 bytes
C:\WINDOWS\system32juditsto.ini 819200 bytes
C:\WINDOWS\system32NtmsData
C:\WINDOWS\system32phijwdvv.ini 819200 bytes
C:\WINDOWS\system32ZWebAuth.dll 32768 bytes
C:\WINDOWS\system32wincheck071128.exe 32768 bytes
C:\WINDOWS\system32qqrqr.ini 32768 bytes
C:\WINDOWS\system32wincheck071128.dll 32768 bytes
C:\WINDOWS\system32wincheck071204.exe 32768 bytes
C:\WINDOWS\system32dromqund.ini 851968 bytes
C:\WINDOWS\system32mhmufudh.ini 819200 bytes
C:\WINDOWS\system32cfhhk.ini 32768 bytes
C:\WINDOWS\system32hpgud32.dll 262144 bytes
C:\WINDOWS\system32hpguapi.dll 131072 bytes
C:\WINDOWS\system32hpg4400.dll 65536 bytes
C:\WINDOWS\system32rts8891u.dll 425984 bytes
C:\WINDOWS\system32hpgtpusd.dll 229376 bytes
C:\WINDOWS\system32hpsjvset.dll 131072 bytes
C:\WINDOWS\system32hpgtulbz.dll 262144 bytes
C:\WINDOWS\system32wincheck071204.dll 32768 bytes
C:\WINDOWS\system32edccf.ini 458752 bytes
C:\WINDOWS\system32ucpplgbt.ini 1048576 bytes
C:\WINDOWS\system32QuickTimeVR.qtx 98304 bytes
C:\WINDOWS\system32mywehit.ini.tmp 32768 bytes
C:\WINDOWS\system32hijlm.ini 458752 bytes
C:\WINDOWS\system32hhjjl.ini 32768 bytes
C:\WINDOWS\system32taenofcy.ini 983040 bytes
C:\WINDOWS\system32ilasjjyl.ini 1048576 bytes
C:\WINDOWS\system32DRVSTORE
C:\WINDOWS\system32ruvut.ini 32768 bytes
C:\Documents and Settings\Jason\Application DataInstaller352
C:\Documents and Settings\Jason\Application DataIconCache.db 2654208 bytes
C:\Documents and Settings\Jason\Application DataGiantPalace
C:\Documents and Settings\Jason\Application DataApple Computer
C:\Documents and Settings\Jason\Application DataRiverdeep Interactive Learning Limited
C:\Documents and Settings\Jason\Application Datafusioncache.dat 32768 bytes
C:\Documents and Settings\Jason\Application DataApple
scan completed successfully
hidden files: 404
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.2180]
-> C:\WINDOWS\system32\mwisys32_080122.dll
.
Completion time: 2008-01-26 1:02:39 - machine was rebooted
ComboFix3.txt 2007-04-07 05:59:50
ComboFix4.txt 2007-03-25 03:09:28
ComboFix2.txt 2007-05-19 05:39:24
ComboFix-quarantined-files.txt 2008-01-26 09:02:34
Logfile of HijackThis v1.99.1
Scan saved at 1:05:40 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\inf\svchosts.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\DRWATSON\Desktop\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://bellerock.mi...lay/FlashAX.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.shockwave...ploader_v10.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe