Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help with trojan

Started by crashboat , Feb 12 2007 12:43 AM

This topic is locked

#1
crashboat

Posted 12 February 2007 - 12:43 AM

New Member

Member
9 posts

Logfile of HijackThis v1.99.1
Scan saved at 2:42:08 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Crash boat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yah...rer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {815A6C95-3EDA-4FE0-922E-300C6EC06926} - C:\WINDOWS\system32\ddabb.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\pmnmkhh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)
O20 - Winlogon Notify: pmnmkhh - C:\WINDOWS\SYSTEM32\pmnmkhh.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#2
Rawe

Posted 12 February 2007 - 06:49 AM

Visiting Staff

Member
4,746 posts

Hello and welcome aboard :whistling:

First things first... You have two Anti-virus clients installed. This is NOT recommended. You should remove either AVG or avast. If I had to choose, I would go with AVG but that's your choise. You also may leave the other installed, as long as they aren't running active at the same time. (as an on-demand scanner is fine)

Please run a scan with HijackThis and check the following objects for removal:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {815A6C95-3EDA-4FE0-922E-300C6EC06926} - C:\WINDOWS\system32\ddabb.dll (file missing)
O4 - HKLM\..\RunServices: [WinSystems] C:\WINDOWS\system32\winsystems16.exe
O20 - Winlogon Notify: ddabb - C:\WINDOWS\system32\ddabb.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

------

Please navigate to, and delete the following file if present:

C:\WINDOWS\system32\winsystems16.exe

If you aren't able to see it, please check again with hidden files enabled. If you aren't able to delete it (errors, in use), please try again in Safe Mode.

------

Finally....

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a fresh HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#3
crashboat

Posted 12 February 2007 - 08:57 AM

New Member

Topic Starter
Member
9 posts

Thank you for the welcome and here's the hijack log and vundo txt.

Logfile of HijackThis v1.99.1
Scan saved at 10:52:02 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Crash boat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yah...rer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\pmnmkhh.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Scan started at 10:37:11 AM 2/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\ljjghff.dll
C:\WINDOWS\system32\mljgheb.dll
C:\WINDOWS\system32\pmnllll.dll
C:\WINDOWS\system32\pmnmkhh.dll
C:\WINDOWS\system32\ssqronl.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjghff.dll
C:\WINDOWS\system32\ljjghff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgheb.dll
C:\WINDOWS\system32\mljgheb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnllll.dll
C:\WINDOWS\system32\pmnllll.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmkhh.dll
C:\WINDOWS\system32\pmnmkhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqronl.dll
C:\WINDOWS\system32\ssqronl.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.6

Checking Java version...

Java version is 1.5.0.3

Scan started at 10:47:51 AM 2/12/2007

Listing files found while scanning....

No infected files were found.

Edited by crashboat, 12 February 2007 - 08:58 AM.

#4
Rawe

Posted 12 February 2007 - 10:03 AM

Visiting Staff

Member
4,746 posts

Hi again,

Please run a scan with HijackThis and check the following object for removal:

O2 - BHO: (no name) - {D7B374C3-8DED-4CB1-820B-413FF0C71FC6} - C:\WINDOWS\system32\pmnmkhh.dll (file missing)

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

----

You may go ahead and delete VundoFix if you wish.

Let's take another look.. Do you still have the same issues?

Please download Combofix to your desktop:

Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#5
crashboat

Posted 12 February 2007 - 10:14 AM

New Member

Topic Starter
Member
9 posts

Thanks again

"Crash boat" - 07-02-12 12:09:54 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Crash boat\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))

2007-02-12 10:37 <DIR> d-------- C:\VundoFix Backups
2007-02-12 09:12 277,187 ---hs---- C:\WINDOWS\system32\pmkjk.dll
2007-02-12 02:30 <DIR> d-------- C:\backreg
2007-02-12 02:24 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Regrun
2007-02-12 02:22 <DIR> d-------- C:\Program Files\Greatis
2007-02-11 12:32 277,276 ---hs---- C:\WINDOWS\system32\jkkjg.dll
2007-02-10 21:57 277,105 ---hs---- C:\WINDOWS\system32\pmkjh.dll
2007-02-10 17:34 12,291,831 --------- C:\AVG7QT.DAT
2007-02-10 17:31 18,432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-10 17:21 <DIR> dr-h----- C:\$VAULT$.AVG
2007-02-10 17:13 839,936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-10 17:13 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-10 17:13 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-10 17:13 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-10 17:13 <DIR> d-------- C:\Program Files\Grisoft
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\AVG7
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-10 15:31 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-02-10 15:29 <DIR> d-------- C:\WINDOWS\ie7updates
2007-02-10 14:14 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-02-10 14:06 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-02-10 13:14 494,268 --ahs---- C:\WINDOWS\system32\bbadd.bak1
2007-02-10 13:08 8,108,928 --a------ C:\WINDOWS\system32\exec1.exe
2007-02-10 13:08 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\PC Tools
2007-02-10 12:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-10 11:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-02-08 19:56 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-02-08 19:56 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-02-08 19:56 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-02-08 19:56 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-02-08 19:56 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-02-08 19:56 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2007-02-08 19:56 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-02-08 19:56 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-02-08 19:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-02-08 19:41 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Lavasoft
2007-02-08 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\LOADBLUE32FIRST
2007-02-08 19:09 <DIR> d-------- C:\Program Files\SpamUploadDownload
2007-02-08 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-02-08 17:05 <DIR> d-------- C:\Program Files\CyberLink
2007-02-08 15:34 <DIR> d-------- C:\Program Files\Newsgroup-XPAT-Search
2007-02-08 11:28 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-02-08 11:28 <DIR> d-------- C:\Program Files\WinCustomize
2007-02-08 11:28 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-02-08 11:12 <DIR> d-------- C:\Program Files\Kristanix
2007-02-06 15:52 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Help
2007-02-06 15:40 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-02-06 15:38 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-02-06 15:38 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-06 15:37 163,840 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll
2007-02-06 15:37 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-02-06 15:37 <DIR> d-------- C:\Program Files\ATI Technologies
2007-02-05 22:34 <DIR> d-------- C:\Program Files\IconTweaker
2007-02-05 22:34 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\IconTweaker
2007-02-05 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\IconTweaker
2007-02-05 22:24 <DIR> d-------- C:\Program Files\Lavalys
2007-02-05 22:24 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-02-05 20:51 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-05 20:44 <DIR> d-------- C:\Program Files\X-Projects
2007-02-05 20:44 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\X-Projects
2007-02-05 20:15 <DIR> d-------- C:\Program Files\MagicISO
2007-02-05 20:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\ImgBurn
2007-02-05 19:58 <DIR> d-------- C:\Program Files\ImgBurn
2007-02-05 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-02-05 18:56 <DIR> d-------- C:\Program Files\XLink Kai Evolution VII
2007-02-05 18:47 <DIR> d-------- C:\Program Files\Xbox Backup Creator
2007-02-05 18:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-05 18:40 <DIR> d-------- C:\ProgramFiles
2007-02-05 18:38 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2007-02-05 18:38 <DIR> d-------- C:\Program Files\Folder Lock
2007-02-05 18:32 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-02-05 18:32 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-02-05 18:28 <DIR> d-------- C:\WINDOWS\pss
2007-02-05 18:22 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-02-05 18:21 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-02-05 18:21 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-02-05 18:21 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Azureus
2007-02-05 18:17 <DIR> d-------- C:\Program Files\Azureus
2007-02-05 18:11 <DIR> d-------- C:\Program Files\SlySoft
2007-02-05 18:09 <DIR> d-------- C:\Program Files\Google
2007-02-05 18:09 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Google
2007-02-05 18:07 <DIR> d-------- C:\Program Files\Smart Projects
2007-02-05 18:06 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-02-05 18:05 <DIR> d-------- C:\Program Files\MTV Networks
2007-02-05 18:03 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-02-05 17:36 <DIR> d-------- C:\Program Files\TechSmith
2007-02-05 17:26 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-05 17:26 249,856 --------- C:\WINDOWS\Setup1.exe
2007-02-05 17:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-05 17:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-02-05 17:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-02-05 17:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-05 17:21 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Incomplete
2007-02-05 17:16 <DIR> d-------- C:\Program Files\Java
2007-02-05 17:14 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-02-05 17:14 <DIR> d-------- C:\WINDOWS\Profiles
2007-02-05 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-05 17:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\InterTrust
2007-02-05 17:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Adobe
2007-02-05 17:09 <DIR> d-------- C:\Program Files\Common Files\Java
2007-02-05 17:07 <DIR> d-------- C:\Program Files\LimeWire
2007-02-05 17:04 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-02-05 17:03 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-02-05 17:03 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-02-05 17:03 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-02-05 17:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-02-05 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-05 17:02 <DIR> d-------- C:\DOCUME~1\CRASHB~1\.limewire
2007-02-05 17:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-05 17:01 <DIR> d-------- C:\Program Files\Real
2007-02-05 17:01 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Contacts
2007-02-05 17:00 <DIR> d-------- C:\Program Files\MSN Messenger
2007-02-05 16:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-02-05 16:57 <DIR> d-------- C:\WINDOWS\WBEM
2007-02-05 16:57 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-02-05 16:57 <DIR> d-------- C:\Program Files\Yahoo!
2007-02-05 16:56 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-02-05 16:55 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-05 16:55 121,856 --a------ C:\WINDOWS\system32\xmllite.dll
2007-02-05 16:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-02-05 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-05 16:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-05 16:53 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-02-05 16:51 <DIR> d-------- C:\Program Files\DVD Shrink
2007-02-05 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-02-05 16:47 <DIR> dr--s---- C:\WINDOWS\assembly
2007-02-05 16:47 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-02-05 16:46 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Ahead
2007-02-05 16:44 <DIR> d-------- C:\Program Files\Nero
2007-02-05 16:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-02-05 16:42 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft Works
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-02-05 16:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-02-05 16:38 <DIR> dr-h----- C:\MSOCache
2007-02-05 16:34 73,600 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-02-05 16:31 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-02-05 16:28 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-02-05 16:28 672,128 -ra------ C:\WINDOWS\system32\drivers\Cap713x.sys
2007-02-05 16:28 57,344 -ra------ C:\WINDOWS\system32\Prop713x.dll
2007-02-05 16:28 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-02-05 16:28 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-02-05 16:28 40,960 --a------ C:\WINDOWS\p3xunist.exe
2007-02-05 16:28 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-02-05 16:28 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-02-05 16:28 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-02-05 16:28 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-02-05 16:28 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-02-05 16:28 <DIR> d-------- C:\Program Files\KWorld Multimedia
2007-02-05 15:52 124,160 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-02-05 15:46 <DIR> d--hs---- C:\RECYCLER
2007-02-05 15:45 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-02-05 15:45 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-05 15:45 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-05 15:45 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-05 15:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-05 15:45 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-05 15:44 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2007-02-05 15:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-02-05 15:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-05 15:44 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll
2007-02-05 15:44 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-02-05 15:44 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-05 15:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-05 15:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-05 15:44 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-02-05 15:44 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-02-05 15:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-05 15:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-05 15:44 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-02-05 15:44 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2007-02-05 15:44 220,992 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-02-05 15:44 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-05 15:44 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-05 15:44 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-05 15:44 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-02-05 15:44 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2007-02-05 15:44 <DIR> d-------- C:\WINDOWS\VirtualEar
2007-02-05 15:44 <DIR> d-------- C:\Program Files\Analog Devices
2007-02-05 15:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-02-05 15:43 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-02-05 15:43 <DIR> d-------- C:\Program Files\On-line Help Console
2007-02-05 15:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-02-05 15:42 17,505 -ra------ C:\DBI.EXE
2007-02-05 15:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-02-05 15:35 3,407,872 --ah----- C:\DOCUME~1\CRASHB~1\NTUSER.DAT
2007-02-05 15:34 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-02-05 15:34 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-02-05 15:34 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-02-05 15:34 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-05 15:31 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-02-05 15:31 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-02-05 15:30 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-02-05 15:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-05 15:30 0 -rahs---- C:\MSDOS.SYS
2007-02-05 15:30 0 -rahs---- C:\IO.SYS
2007-02-05 15:30 0 --a------ C:\CONFIG.SYS
2007-02-05 15:30 0 --a------ C:\AUTOEXEC.BAT
2007-02-05 15:29 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-02-05 15:29 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-02-05 15:29 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-02-05 15:29 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-02-05 15:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-05 15:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-02-05 15:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-05 15:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-02-05 15:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-05 15:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-05 15:28 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-05 15:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-05 15:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-05 15:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-05 15:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-05 15:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-05 15:28 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-05 15:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-05 15:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-05 15:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-05 15:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-05 15:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-05 15:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-05 15:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-05 15:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-05 15:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-05 15:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-05 15:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-05 15:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-05 15:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-05 15:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-05 15:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-05 15:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-05 15:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-05 15:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-05 15:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-05 15:28 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-05 15:28 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-05 15:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-05 15:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-05 15:28 <DIR> d---s---- C:\WINDOWS\Tasks
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\srchasst
2007-02-05 15:28 <DIR> d-------- C:\Program Files\Movie Maker
2007-02-05 15:28 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-02-05 15:27 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-05 15:27 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-05 15:27 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-05 15:27 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-05 15:27 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-05 15:27 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-05 15:27 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-05 15:27 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-05 15:27 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-05 15:27 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-05 15:27 <DIR> d-------- C:\WINDOWS\Registration
2007-02-05 15:27 <DIR> d-------- C:\Program Files\Online Services
2007-02-05 15:26 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-05 15:26 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-05 15:26 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-05 15:26 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-05 15:26 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-05 15:26 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-05 15:26 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-05 15:26 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-05 15:26 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-05 15:26 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-05 15:26 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-05 15:26 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-05 15:26 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-05 15:26 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-05 15:26 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-05 15:26 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-05 15:26 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-05 15:26 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-05 15:26 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-05 15:26 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-05 15:26 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-05 15:26 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-05 15:26 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-05 15:26 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-05 15:26 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-05 15:26 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-02-05 15:26 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-05 15:26 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-05 15:26 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-05 15:26 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-05 15:26 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-05 15:26 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-05 15:26 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-05 15:26 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-05 15:26 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-05 15:26 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-05 15:26 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-05 15:26 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-05 15:26 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-05 15:26 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-05 15:26 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-05 15:26 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-05 15:26 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-05 15:26 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-05 15:26 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-05 15:26 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-05 15:26 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-05 15:26 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-05 15:26 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-05 15:26 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-05 15:26 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-05 15:26 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-05 15:26 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-05 15:26 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-05 15:26 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-05 15:26 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-05 15:26 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-05 15:26 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-05 15:26 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-05 15:26 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-05 15:26 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-05 15:26 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-05 15:26 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-05 15:26 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-05 15:26 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-05 15:26 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-05 15:26 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-05 15:26 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-05 15:26 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-05 15:26 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-05 15:26 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-05 15:26 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-05 15:26 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-05 15:26 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-05 15:26 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-05 15:26 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-05 15:26 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-05 15:26 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-05 15:26 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-05 15:26 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-05 15:26 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-05 15:26 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-02-05 15:26 <DIR> d-------- C:\WINDOWS\system32\Com
2007-02-05 15:26 <DIR> d-------- C:\Program Files\Windows NT
2007-02-05 15:26 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-02-05 15:26 <DIR> d-------- C:\Program Files\Messenger
2007-02-05 11:23 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-05 11:22 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-02-05 11:22 800,256 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-05 11:22 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-05 11:22 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-05 11:22 479,840 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-05 11:22 245,760 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-05 11:22 216,576 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-05 11:22 2,254,560 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-05 11:20 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-05 11:20 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-05 11:20 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-05 11:20 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-05 11:20 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-05 11:20 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-05 11:20 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-05 11:20 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-05 11:20 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-05 11:20 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-02-05 11:20 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-05 11:20 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-05 11:20 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-05 11:20 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-05 11:20 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-05 11:20 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-05 11:20 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-05 11:20 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-05 11:20 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-05 11:20 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-05 11:20 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-05 11:20 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-05 11:20 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-05 11:20 <DIR> dr------- C:\Program Files
2007-02-05 11:20 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-02-05 11:20 <DIR> d--hs---- C:\WINDOWS\Installer
2007-02-05 11:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-02-05 11:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-02-05 11:20 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-02-05 11:20 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-02-05 11:19 <DIR> d--hs---- C:\System Volume Information
2007-02-05 11:19 <DIR> d-------- C:\Documents and Settings
2007-02-05 11:11 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-02-05 11:11 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-02-05 11:11 <DIR> dr------- C:\WINDOWS\Web
2007-02-05 11:11 <DIR> d--h----- C:\WINDOWS\inf
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\WinSxS
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\twain_32
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\wins
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\spool
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ras
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\npp
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\mui
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\IME
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ias
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\export
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\config
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\3076
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\2052
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1054
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1042
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1041
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1037
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1033
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1031
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1028
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1025
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\security
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Resources
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\repair
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Provisioning
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\PeerNet
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\pchealth
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\mui
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\msapps
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\msagent
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Media
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\java
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\ime
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Help
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\ehome
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Debug
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Cursors
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Config
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\AppPatch
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\addins
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-11 11:32 -------- d---s---- C:\DOCUME~1\CRASHB~1\Application Data\microsoft
2007-02-08 12:38 2716672 --a------ C:\WINDOWS\system32\logonuix.exe
2007-02-05 19:15 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\macromedia
2007-02-05 16:53 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\mozilla
2007-02-05 15:35 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\identities
2007-02-05 11:20 62 --ahs---- C:\DOCUME~1\CRASHB~1\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KWORLD~1\\PVR-TV~1\\P3XRCtl.exe "
"item"="Remote Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk"
"backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe "
"item"="SnagIt 7"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Crash boat^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Crash boat\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smax4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMax4PNP"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\That Hold]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SettingsTonsThunk"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\CRASHB~1\\APPLIC~1\\SPAMUP~1\\SettingsTonsThunk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AA1DE61790D69A5F.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\sccfg.sys 4096 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

********************************************************************

Completion time: 07-02-12 12:11:27

#6
crashboat

Posted 12 February 2007 - 10:51 AM

New Member

Topic Starter
Member
9 posts

Forgot to add that everything seems to be running well. (impressive indeed) Thanks again.

#7
Rawe

Posted 12 February 2007 - 11:03 AM

Visiting Staff

Member
4,746 posts

Looks like you still have some Vundo files left.

Please go to Start -> Run and copy & paste this in:

"C:\Documents and Settings\Crash boat\Desktop\combofix.exe" /v pmkjk jkkjg pmkjh

Now click OK and it should start ComboFix (it should delete the files). It should also reboot. Post back with it's log.

-------

Then lets have a check for Lop, I'm not sure if it's there or not:

Please download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

Double-click NoLop.exe to run it.
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, click OK.
Now click the "REBOOT" button.
A message should popup from NoLop. If not, double-click the program again and it will finish. Please post the contents of C:\NoLop.log along with a fresh HijackThis log.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Edited by Rawe, 12 February 2007 - 11:04 AM.

#8
crashboat

Posted 12 February 2007 - 11:21 AM

New Member

Topic Starter
Member
9 posts

"Crash boat" - 07-02-12 13:07:46 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Crash boat\Desktop"
Command switches used :: /v pmkjk jkkjg pmkjh

((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))

2007-02-12 10:37 <DIR> d-------- C:\VundoFix Backups
2007-02-12 02:30 <DIR> d-------- C:\backreg
2007-02-12 02:24 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Regrun
2007-02-12 02:22 <DIR> d-------- C:\Program Files\Greatis
2007-02-10 17:34 12,291,831 --------- C:\AVG7QT.DAT
2007-02-10 17:31 18,432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-02-10 17:21 <DIR> dr-h----- C:\$VAULT$.AVG
2007-02-10 17:13 839,936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-02-10 17:13 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-02-10 17:13 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-02-10 17:13 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-02-10 17:13 <DIR> d-------- C:\Program Files\Grisoft
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\AVG7
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-02-10 17:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-02-10 15:31 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-02-10 15:29 <DIR> d-------- C:\WINDOWS\ie7updates
2007-02-10 14:14 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-02-10 14:06 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-02-10 13:14 494,268 --ahs---- C:\WINDOWS\system32\bbadd.bak1
2007-02-10 13:08 8,108,928 --a------ C:\WINDOWS\system32\exec1.exe
2007-02-10 13:08 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\PC Tools
2007-02-10 12:00 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-02-10 11:29 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-02-08 19:56 48,000 --a------ C:\WINDOWS\system32\drivers\OVCam2.sys
2007-02-08 19:56 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2007-02-08 19:56 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2007-02-08 19:56 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2007-02-08 19:56 351,616 --a------ C:\WINDOWS\system32\drivers\OVCodek2.sys
2007-02-08 19:56 28,032 --a------ C:\WINDOWS\system32\drivers\OVCD.sys
2007-02-08 19:56 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2007-02-08 19:56 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2007-02-08 19:41 <DIR> d-------- C:\Program Files\Lavasoft
2007-02-08 19:41 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Lavasoft
2007-02-08 19:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\LOADBLUE32FIRST
2007-02-08 19:09 <DIR> d-------- C:\Program Files\SpamUploadDownload
2007-02-08 17:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\CyberLink
2007-02-08 17:05 <DIR> d-------- C:\Program Files\CyberLink
2007-02-08 15:34 <DIR> d-------- C:\Program Files\Newsgroup-XPAT-Search
2007-02-08 11:28 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-02-08 11:28 <DIR> d-------- C:\Program Files\WinCustomize
2007-02-08 11:28 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-02-08 11:12 <DIR> d-------- C:\Program Files\Kristanix
2007-02-06 15:52 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Help
2007-02-06 15:40 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-02-06 15:38 516,096 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-02-06 15:38 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-02-06 15:37 163,840 -ra------ C:\WINDOWS\system32\ATIDEMGR.dll
2007-02-06 15:37 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-02-06 15:37 <DIR> d-------- C:\Program Files\ATI Technologies
2007-02-05 22:34 <DIR> d-------- C:\Program Files\IconTweaker
2007-02-05 22:34 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\IconTweaker
2007-02-05 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\IconTweaker
2007-02-05 22:24 <DIR> d-------- C:\Program Files\Lavalys
2007-02-05 22:24 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-02-05 20:51 1,168 --a------ C:\WINDOWS\mozver.dat
2007-02-05 20:44 <DIR> d-------- C:\Program Files\X-Projects
2007-02-05 20:44 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\X-Projects
2007-02-05 20:15 <DIR> d-------- C:\Program Files\MagicISO
2007-02-05 20:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\ImgBurn
2007-02-05 19:58 <DIR> d-------- C:\Program Files\ImgBurn
2007-02-05 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo! Companion
2007-02-05 18:56 <DIR> d-------- C:\Program Files\XLink Kai Evolution VII
2007-02-05 18:47 <DIR> d-------- C:\Program Files\Xbox Backup Creator
2007-02-05 18:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-05 18:40 <DIR> d-------- C:\ProgramFiles
2007-02-05 18:38 73,728 --a------ C:\WINDOWS\system32\FLKill.exe
2007-02-05 18:38 <DIR> d-------- C:\Program Files\Folder Lock
2007-02-05 18:32 53,248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-02-05 18:32 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-02-05 18:28 <DIR> d-------- C:\WINDOWS\pss
2007-02-05 18:22 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-02-05 18:21 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2007-02-05 18:21 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-02-05 18:21 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Azureus
2007-02-05 18:17 <DIR> d-------- C:\Program Files\Azureus
2007-02-05 18:11 <DIR> d-------- C:\Program Files\SlySoft
2007-02-05 18:09 <DIR> d-------- C:\Program Files\Google
2007-02-05 18:09 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Google
2007-02-05 18:07 <DIR> d-------- C:\Program Files\Smart Projects
2007-02-05 18:06 <DIR> d-------- C:\Program Files\PhotoFiltre
2007-02-05 18:05 <DIR> d-------- C:\Program Files\MTV Networks
2007-02-05 18:03 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-02-05 17:36 <DIR> d-------- C:\Program Files\TechSmith
2007-02-05 17:26 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-05 17:26 249,856 --------- C:\WINDOWS\Setup1.exe
2007-02-05 17:26 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-05 17:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-02-05 17:25 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-02-05 17:25 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-05 17:21 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Incomplete
2007-02-05 17:16 <DIR> d-------- C:\Program Files\Java
2007-02-05 17:14 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-02-05 17:14 <DIR> d-------- C:\WINDOWS\Profiles
2007-02-05 17:14 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-02-05 17:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\InterTrust
2007-02-05 17:14 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Adobe
2007-02-05 17:09 <DIR> d-------- C:\Program Files\Common Files\Java
2007-02-05 17:07 <DIR> d-------- C:\Program Files\LimeWire
2007-02-05 17:04 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-02-05 17:03 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-02-05 17:03 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-02-05 17:03 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-02-05 17:03 <DIR> d-------- C:\Program Files\Alwil Software
2007-02-05 17:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-02-05 17:02 <DIR> d-------- C:\DOCUME~1\CRASHB~1\.limewire
2007-02-05 17:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-02-05 17:01 <DIR> d-------- C:\Program Files\Real
2007-02-05 17:01 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Contacts
2007-02-05 17:00 <DIR> d-------- C:\Program Files\MSN Messenger
2007-02-05 16:57 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-02-05 16:57 <DIR> d-------- C:\WINDOWS\WBEM
2007-02-05 16:57 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-02-05 16:57 <DIR> d-------- C:\Program Files\Yahoo!
2007-02-05 16:56 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-02-05 16:55 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-05 16:55 121,856 --a------ C:\WINDOWS\system32\xmllite.dll
2007-02-05 16:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-02-05 16:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-05 16:53 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-05 16:53 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-02-05 16:51 <DIR> d-------- C:\Program Files\DVD Shrink
2007-02-05 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\DVD Shrink
2007-02-05 16:47 <DIR> dr--s---- C:\WINDOWS\assembly
2007-02-05 16:47 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-02-05 16:46 <DIR> d-------- C:\DOCUME~1\CRASHB~1\Application Data\Ahead
2007-02-05 16:44 <DIR> d-------- C:\Program Files\Nero
2007-02-05 16:44 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-02-05 16:42 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft Works
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-02-05 16:41 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-02-05 16:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-02-05 16:38 <DIR> dr-h----- C:\MSOCache
2007-02-05 16:34 73,600 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys
2007-02-05 16:31 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-02-05 16:28 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-02-05 16:28 672,128 -ra------ C:\WINDOWS\system32\drivers\Cap713x.sys
2007-02-05 16:28 57,344 -ra------ C:\WINDOWS\system32\Prop713x.dll
2007-02-05 16:28 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-02-05 16:28 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-02-05 16:28 40,960 --a------ C:\WINDOWS\p3xunist.exe
2007-02-05 16:28 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-02-05 16:28 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-02-05 16:28 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-02-05 16:28 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-02-05 16:28 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-02-05 16:28 <DIR> d-------- C:\Program Files\KWorld Multimedia
2007-02-05 15:52 124,160 -ra------ C:\WINDOWS\system32\drivers\SiSGbeXP.sys
2007-02-05 15:46 <DIR> d--hs---- C:\RECYCLER
2007-02-05 15:45 88,960 --a------ C:\WINDOWS\system32\drivers\MidiSyn.sys
2007-02-05 15:45 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-05 15:45 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-05 15:45 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-05 15:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-05 15:45 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-05 15:44 991,232 --a------ C:\WINDOWS\system32\virtear.dll
2007-02-05 15:44 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-02-05 15:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-05 15:44 65,536 --a------ C:\WINDOWS\system32\Audio3d.dll
2007-02-05 15:44 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-02-05 15:44 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-05 15:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-05 15:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-05 15:44 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-02-05 15:44 45,056 --a------ C:\WINDOWS\system32\CleanUp.exe
2007-02-05 15:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-05 15:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-05 15:44 392,704 --a------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-02-05 15:44 30,208 --a------ C:\WINDOWS\system32\wdmioctl.dll
2007-02-05 15:44 220,992 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2007-02-05 15:44 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-05 15:44 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-05 15:44 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-05 15:44 127,872 --a------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-02-05 15:44 1,285,632 --a------ C:\WINDOWS\system32\SMMedia.dll
2007-02-05 15:44 <DIR> d-------- C:\WINDOWS\VirtualEar
2007-02-05 15:44 <DIR> d-------- C:\Program Files\Analog Devices
2007-02-05 15:43 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-02-05 15:43 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-02-05 15:43 <DIR> d-------- C:\Program Files\On-line Help Console
2007-02-05 15:43 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-02-05 15:42 17,505 -ra------ C:\DBI.EXE
2007-02-05 15:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-02-05 15:35 3,407,872 --ah----- C:\DOCUME~1\CRASHB~1\NTUSER.DAT
2007-02-05 15:34 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-02-05 15:34 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-02-05 15:34 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-02-05 15:34 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-05 15:31 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-02-05 15:31 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-02-05 15:30 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-02-05 15:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-05 15:30 0 -rahs---- C:\MSDOS.SYS
2007-02-05 15:30 0 -rahs---- C:\IO.SYS
2007-02-05 15:30 0 --a------ C:\CONFIG.SYS
2007-02-05 15:30 0 --a------ C:\AUTOEXEC.BAT
2007-02-05 15:29 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-02-05 15:29 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-02-05 15:29 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-02-05 15:29 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-02-05 15:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-05 15:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-02-05 15:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-05 15:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-02-05 15:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-05 15:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-05 15:28 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-05 15:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-05 15:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-05 15:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-05 15:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-05 15:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-05 15:28 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-05 15:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-05 15:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-05 15:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-05 15:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-05 15:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-05 15:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-05 15:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-05 15:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-05 15:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-05 15:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-05 15:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-05 15:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-05 15:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-05 15:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-05 15:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-05 15:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-05 15:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-05 15:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-05 15:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-05 15:28 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-05 15:28 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-05 15:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-05 15:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-05 15:28 <DIR> d---s---- C:\WINDOWS\Tasks
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-02-05 15:28 <DIR> d-------- C:\WINDOWS\srchasst
2007-02-05 15:28 <DIR> d-------- C:\Program Files\Movie Maker
2007-02-05 15:28 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-02-05 15:27 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-05 15:27 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-05 15:27 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-05 15:27 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-05 15:27 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-05 15:27 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-05 15:27 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-05 15:27 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-02-05 15:27 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-05 15:27 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-05 15:27 <DIR> d-------- C:\WINDOWS\Registration
2007-02-05 15:27 <DIR> d-------- C:\Program Files\Online Services
2007-02-05 15:26 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-05 15:26 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-05 15:26 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-05 15:26 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-05 15:26 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-05 15:26 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-05 15:26 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-05 15:26 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-05 15:26 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-05 15:26 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-05 15:26 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-05 15:26 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-05 15:26 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-05 15:26 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-05 15:26 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-05 15:26 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-05 15:26 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-05 15:26 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-05 15:26 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-05 15:26 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-05 15:26 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-05 15:26 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-05 15:26 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-05 15:26 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-05 15:26 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-05 15:26 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-02-05 15:26 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-05 15:26 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-05 15:26 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-05 15:26 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-05 15:26 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-05 15:26 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-05 15:26 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-05 15:26 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-05 15:26 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-05 15:26 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-05 15:26 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-05 15:26 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-05 15:26 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-05 15:26 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-05 15:26 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-05 15:26 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-05 15:26 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-05 15:26 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-05 15:26 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-05 15:26 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-05 15:26 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-05 15:26 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-05 15:26 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-05 15:26 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-05 15:26 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-05 15:26 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-05 15:26 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-05 15:26 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-05 15:26 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-05 15:26 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-05 15:26 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-05 15:26 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-05 15:26 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-05 15:26 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-05 15:26 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-05 15:26 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-05 15:26 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-05 15:26 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-05 15:26 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-05 15:26 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-05 15:26 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-05 15:26 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-05 15:26 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-05 15:26 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-05 15:26 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-05 15:26 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-05 15:26 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-05 15:26 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-05 15:26 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-05 15:26 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-05 15:26 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-05 15:26 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-05 15:26 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-05 15:26 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-05 15:26 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-05 15:26 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-05 15:26 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-02-05 15:26 <DIR> d-------- C:\WINDOWS\system32\Com
2007-02-05 15:26 <DIR> d-------- C:\Program Files\Windows NT
2007-02-05 15:26 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-02-05 15:26 <DIR> d-------- C:\Program Files\Messenger
2007-02-05 11:23 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-05 11:22 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-02-05 11:22 800,256 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-05 11:22 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-05 11:22 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-05 11:22 479,840 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-05 11:22 245,760 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-05 11:22 216,576 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-05 11:22 2,254,560 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-05 11:20 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-05 11:20 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-05 11:20 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-05 11:20 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-05 11:20 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-05 11:20 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-05 11:20 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-05 11:20 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-05 11:20 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-05 11:20 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-02-05 11:20 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-05 11:20 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-05 11:20 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-05 11:20 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-05 11:20 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-05 11:20 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-05 11:20 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-05 11:20 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-05 11:20 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-05 11:20 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-05 11:20 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-05 11:20 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-05 11:20 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-05 11:20 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-05 11:20 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-05 11:20 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-05 11:20 <DIR> dr------- C:\Program Files
2007-02-05 11:20 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-02-05 11:20 <DIR> d--hs---- C:\WINDOWS\Installer
2007-02-05 11:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-02-05 11:20 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-02-05 11:20 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-02-05 11:20 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-02-05 11:19 <DIR> d--hs---- C:\System Volume Information
2007-02-05 11:19 <DIR> d-------- C:\Documents and Settings
2007-02-05 11:11 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-02-05 11:11 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-02-05 11:11 <DIR> dr------- C:\WINDOWS\Web
2007-02-05 11:11 <DIR> d--h----- C:\WINDOWS\inf
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\WinSxS
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\twain_32
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\wins
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\spool
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ras
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\npp
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\mui
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\IME
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\ias
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\export
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\config
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\3076
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\2052
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1054
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1042
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1041
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1037
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1033
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1031
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1028
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32\1025
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system32
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\system
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\security
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Resources
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\repair
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Provisioning
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\PeerNet
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\pchealth
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\mui
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\msapps
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\msagent
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Media
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\java
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\ime
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Help
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\ehome
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Debug
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Cursors
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\Config
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\AppPatch
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS\addins
2007-02-05 11:11 <DIR> d-------- C:\WINDOWS
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-11 11:32 -------- d---s---- C:\DOCUME~1\CRASHB~1\Application Data\microsoft
2007-02-08 12:38 2716672 --a------ C:\WINDOWS\system32\logonuix.exe
2007-02-05 19:15 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\macromedia
2007-02-05 16:53 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\mozilla
2007-02-05 15:35 -------- d-------- C:\DOCUME~1\CRASHB~1\Application Data\identities
2007-02-05 11:20 62 --ahs---- C:\DOCUME~1\CRASHB~1\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LogonStudio"="\"C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe\" /RANDOM"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KWORLD~1\\PVR-TV~1\\P3XRCtl.exe "
"item"="Remote Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 7.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\SnagIt 7.lnk"
"backup"="C:\\WINDOWS\\pss\\SnagIt 7.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\TECHSM~1\\SNAGIT~1\\SnagIt32.exe "
"item"="SnagIt 7"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Crash boat^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Crash boat\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Language"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smax4"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMax4PNP"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\That Hold]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SettingsTonsThunk"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\CRASHB~1\\APPLIC~1\\SPAMUP~1\\SettingsTonsThunk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D7B374C3-8DED-4CB1-820B-413FF0C71FC6}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AA1DE61790D69A5F.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\sccfg.sys 4096 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

********************************************************************

Completion time: 07-02-12 13:09:11
C:\ComboFix2.txt ... 07-02-12 12:11

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Crash boat\Desktop
[2/12/2007]
[1:11:21 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\AA1DE61790D69A5F.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Icontweaker
C:\Documents and Settings\All Users\Application Data\Loadblue32first
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Crash Boat\Application Data\Adobe
C:\Documents and Settings\Crash Boat\Application Data\Ahead
C:\Documents and Settings\Crash Boat\Application Data\Avg7
C:\Documents and Settings\Crash Boat\Application Data\Azureus
C:\Documents and Settings\Crash Boat\Application Data\Google
C:\Documents and Settings\Crash Boat\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Crash Boat\Application Data\Icontweaker
C:\Documents and Settings\Crash Boat\Application Data\Identities
C:\Documents and Settings\Crash Boat\Application Data\Imgburn
C:\Documents and Settings\Crash Boat\Application Data\Intertrust
C:\Documents and Settings\Crash Boat\Application Data\Lavasoft
C:\Documents and Settings\Crash Boat\Application Data\Macromedia
C:\Documents and Settings\Crash Boat\Application Data\Microsoft
C:\Documents and Settings\Crash Boat\Application Data\Mozilla
C:\Documents and Settings\Crash Boat\Application Data\Pc Tools
C:\Documents and Settings\Crash Boat\Application Data\Regrun
C:\Documents and Settings\Crash Boat\Application Data\X-projects
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

Logfile of HijackThis v1.99.1
Scan saved at 1:21:02 PM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Crash boat\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yah...rer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#9
Rawe

Posted 12 February 2007 - 11:32 AM

Visiting Staff

Member
4,746 posts

It does look much better now :whistling:

Good job!

Please navigate to, and tell me, does this folder have any files inside? And their filenames if there are any.

C:\Documents and Settings\All Users\Application Data\Loadblue32first

You may need to set hidden files to be shown.

And also... Just for fun, lets see if there's anything the other scans or I missed.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

#10
crashboat

Posted 12 February 2007 - 03:21 PM

New Member

Topic Starter
Member
9 posts

C:\Documents and Settings\All Users\Application Data\Loadblue32first folder contents:

Linkwipe application

That's all thanks alot for all the help you have given me. (Very fast replies as well my friend) :whistling:

#11
Rawe

Posted 13 February 2007 - 01:51 AM

Visiting Staff

Member
4,746 posts

What's the name of the file? Linkwipe.exe ?

Do you know whats it for? We might need to check it. Could you post the Panda log too, please :whistling:

#12
crashboat

Posted 13 February 2007 - 03:39 PM

New Member

Topic Starter
Member
9 posts

Panda scan says I'm cleaner then soap. 0 infections... and the linkwipe is a .exe. Do not have any ideas why it's there.

Gracias (thanks) my friend.

Pc running as fast as the first day I made it.

#13
crashboat

Posted 13 February 2007 - 03:46 PM

New Member

Topic Starter
Member
9 posts

Out of curiosty I clicked in the linkwipe.exe file and 2 to 3 minutes later a partyfinder (adultfinder) window poped up. just in case your wondering I did not enter no XXX sites.

I clicked on the linkwipe.exe file like 5 minutes before writing this message.

#14
crashboat

Posted 13 February 2007 - 07:07 PM

New Member

Topic Starter
Member
9 posts

I deleted the linkwipe.exe and no more problems have occured. :whistling:

#15
Rawe

Posted 14 February 2007 - 06:04 AM

Visiting Staff

Member
4,746 posts

Great!

Updating Java and Clearing Cache

Go to Start > Control Panel double-click on the Software icon > Add/Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
It should have next icon next to it:
Select it and click Remove.
- Now please install the Java Runtime Environment (JRE) 6 manually..
- Note to reboot the computer after updating:http://java.sun.com/javase/downloads/index.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded Applets
Downloaded Applications
Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

Please read here how to clear old restore points and create a new one.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:

How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer

Other necessary Programs:

AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
Firewall <= A firewall is definitely a must have. Two good free versions are Kerio Personal Firewall and ZoneLabs. (Note to only use 1 at-the-time)
More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.