View Full Version : Can't delete a Lime wire .jpg file
guys, i m new here and need some help.
i m having the same problem with jericho on some previous thread.
i dowmloaded the system mechanic program but i donno how to use it.
i try to follow the step on the old thread but dont understand it.
plz help... thxxx
Budfred
10-27-2006, 08:59 AM
Welcome to http://www.pcguide.com/ubb/pcgubb.gif
Based on the info you have provided, I know that you have a file you don't want and very little else... That makes it very hard to help you... Please provide details about your problem... Also, since you indicate it has something to do with a P2P program (Limewire), it is likely you are infected... It would be a good idea to post a HijackThis log to help us see what is going on...
http://www.merijn.org/programs.php
To run HJT, extract it to a permanent folder such as one you create like C:\HJT or the Desktop. Close all open windows and
browsers and make sure that all programs are enabled if you use msconfig. Run it and Scan, then Save the log.
When the log window appears, Right click to Copy it, open your browser and come here to Paste the entire log. Do
not make any changes until it is checked since most items are either benign or essential to the computer.
the file has a real long name. something to do with porn. i think i clicked it while scan through searching for the correct title i wanted.
like the thread Jericho posted, it has only 5 commands if you right click it.
i try a whole bunch of ways i can find from the net but nothing works.
but then, when i was going to give up, i try one last time by taking out all the wanted files in the folder and i delete the whole folder and it's now gone.
but i'm still uncertain whether i has been 100% deleted. any ideas?
Budfred
10-27-2006, 09:33 AM
Did you see the part about posting a HJT log??
i kinda don't understand it.
is this the thing u were mentioning??
Logfile of HijackThis v1.99.1
Scan saved at 8:43:41 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Steven Tan\My Documents\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE PHILIPS PC Camera
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Budfred
10-27-2006, 08:51 PM
Yes, that is what I was asking for... And I am afraid you have a really nasty infection here unless you are using a chinese or japanese version of Windows... Please let me know...
Meanwhile, please do this:
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...
Take as many posts as needed to post the whole log...
Steven Tan - 06-10-28 23:11:50.01 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Steven Tan\My Documents\New Folder"
((((((((((((((((((((((((((((((( Files Created from 2006-09-28 to 2006-10-28 ))))))))))))))))))))))))))))))))))
2006-10-25 10:40 69,120 --a------ C:\command.exe
2006-10-20 14:46 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2006-10-20 14:46 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2006-10-20 13:57 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-10-12 22:54 99,584 --------- C:\WINDOWS\system32\drivers\InCDfs.sys
2006-10-12 22:54 8,704 --------- C:\WINDOWS\system32\drivers\InCDrec.sys
2006-10-12 22:54 29,696 --------- C:\WINDOWS\system32\drivers\InCDpass.sys
2006-10-12 22:54 28,672 --------- C:\WINDOWS\system32\drivers\InCDrm.sys
2006-10-12 22:54 2,973,696 --------- C:\WINDOWS\NuNinst.exe
2006-10-12 22:39 5,248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2006-10-12 22:39 160,640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2006-10-12 21:55 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-12 21:55 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-12 21:55 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-12 21:55 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-12 21:55 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-12 21:55 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-12 21:55 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-12 21:55 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-12 21:50 90,559 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2006-10-12 21:50 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2006-10-12 21:50 53,248 --a------ C:\WINDOWS\StillCap.exe
2006-10-12 21:50 49,152 --a------ C:\WINDOWS\amcap.exe
2006-10-12 21:50 40,960 --a------ C:\WINDOWS\VM_STI.EXE
2006-10-12 21:50 307,200 --------- C:\WINDOWS\vidcap32.Exe
2006-10-12 21:50 147,456 --a------ C:\WINDOWS\VMCap.exe
2006-10-11 11:31 55,520 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2006-10-11 11:31 105,664 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-10-11 10:46 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-09 23:00 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-10-09 23:00 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-10-09 23:00 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-10-09 23:00 38,912 --------- C:\WINDOWS\system32\picn20.dll
2006-10-09 23:00 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-10-09 23:00 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-10-09 23:00 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-10-09 23:00 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-10-09 23:00 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-10-09 23:00 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-10-09 22:55 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-10-08 20:06 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-08 20:06 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-08 02:28 90,112 --a------ C:\WINDOWS\system32\dpl100.dll
2006-10-08 02:28 856,064 --a------ C:\WINDOWS\system32\xvidcore.dll
2006-10-08 02:28 593,938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-10-08 02:28 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll
2006-10-08 02:28 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-08 02:28 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-08 02:28 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-10-08 02:28 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
2006-10-08 02:28 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-10-08 02:28 200,704 --a------ C:\WINDOWS\system32\dtu100.dll
2006-10-08 02:28 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll
2006-10-08 02:28 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-10-07 10:26 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-10-07 10:26 299,008 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-10-07 10:11 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-07 10:11 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-07 10:11 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-07 10:11 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-07 10:11 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2006-10-07 10:11 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-07 10:11 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-07 10:10 90,112 --a------ C:\WINDOWS\soundman.exe
2006-10-07 10:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-07 10:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-07 10:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-07 10:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-07 10:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-07 10:10 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-07 10:10 307,200 --a------ C:\WINDOWS\alcupd.exe
2006-10-07 10:10 3,644,800 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2006-10-07 10:10 212,992 --a------ C:\WINDOWS\alcrmv.exe
2006-10-07 10:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-07 10:10 156,672 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2006-10-07 10:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-07 10:10 10,458,112 --a------ C:\WINDOWS\system32\RTLCPL.exe
2006-10-07 10:07 74,496 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2006-10-07 09:43 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-07 09:43 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-07 09:43 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-07 09:41 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-07 08:19 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-10-07 08:19 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-10-07 08:19 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-10-07 08:19 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-07 08:19 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-07 08:19 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-10-07 08:19 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-10-07 08:19 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-10-07 08:19 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-10-07 08:19 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-10-07 08:19 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-10-07 08:19 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-10-07 08:19 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-10-07 08:19 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-10-07 08:19 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-10-07 08:19 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-10-07 08:19 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-10-07 08:19 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-10-07 08:17 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-10-07 08:17 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-10-07 08:17 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-10-07 08:17 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-10-07 08:17 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-10-07 08:17 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-10-07 08:17 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-10-07 08:17 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-07 08:16 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-07 08:16 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-07 08:16 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-10-07 08:15 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-07 08:15 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-10-07 08:15 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2006-10-07 08:14 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-07 08:14 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-07 08:14 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-07 08:14 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-07 08:14 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-07 08:14 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-07 08:14 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-07 08:14 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-07 08:14 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-07 08:14 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-07 08:14 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-07 08:14 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-07 08:14 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-07 08:14 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-07 08:14 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-07 00:29 0 -rahs---- C:\MSDOS.SYS
2006-10-07 00:29 0 -rahs---- C:\IO.SYS
2006-10-07 00:29 0 --a------ C:\CONFIG.SYS
2006-10-07 00:29 0 --a------ C:\AUTOEXEC.BAT
2006-10-07 00:28 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-07 00:27 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-07 00:27 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-07 00:26 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-07 00:26 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-07 00:26 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-07 00:26 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-07 00:26 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-07 00:26 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-07 00:26 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-07 00:26 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-07 00:26 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-07 00:26 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-07 00:26 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-07 00:26 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-07 00:26 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-07 00:26 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-07 00:26 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-07 00:26 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-07 00:26 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-07 00:26 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-07 00:26 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-10-07 00:26 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-07 00:26 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-07 00:26 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-07 00:26 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-07 00:26 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-07 00:26 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-07 00:26 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-07 00:26 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-07 00:26 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-07 00:26 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-10-07 00:26 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-07 00:26 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-07 00:26 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-07 00:26 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-07 00:26 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-07 00:26 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-07 00:26 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-07 00:26 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-10-07 00:26 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-07 00:26 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-07 00:26 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-07 00:26 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-07 00:26 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-07 00:26 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-07 00:25 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-07 00:25 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-07 00:25 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-07 00:25 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-07 00:25 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-07 00:25 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-07 00:25 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-07 00:25 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-07 00:25 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-07 00:25 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-07 00:25 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-07 00:25 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-07 00:25 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-07 00:25 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-07 00:25 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-07 00:25 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-07 00:25 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-07 00:25 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-07 00:25 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-07 00:25 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-07 00:25 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-07 00:25 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-07 00:25 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-07 00:25 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-07 00:25 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-07 00:25 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-07 00:25 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-07 00:25 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-07 00:25 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-07 00:25 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-07 00:25 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-07 00:25 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-07 00:25 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-07 00:25 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-07 00:25 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-07 00:25 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-07 00:25 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-07 00:24 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-07 00:24 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-07 00:24 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-07 00:24 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-07 00:24 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-07 00:24 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-07 00:24 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-07 00:24 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-07 00:24 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-07 00:24 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-07 00:24 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-07 00:24 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-07 00:24 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-07 00:24 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-07 00:24 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-07 00:24 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-07 00:24 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-07 00:24 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-07 00:24 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-07 00:24 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-07 00:24 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-07 00:24 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-07 00:24 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-07 00:24 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-07 00:24 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-07 00:24 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-07 00:24 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-07 00:24 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-07 00:24 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-07 00:24 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-07 00:24 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-07 00:24 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-07 00:24 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-07 00:24 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-07 00:24 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-07 00:24 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-07 00:24 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-07 00:24 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-07 00:24 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-07 00:24 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-07 00:24 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-07 00:24 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-07 00:24 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-07 00:24 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-07 00:24 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-07 00:24 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-07 00:24 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))
2006-10-27 19:13 -------- d-------- C:\Program Files\iolo
2006-10-27 18:55 -------- d-------- C:\Program Files\SysMetrix
2006-10-27 15:41 -------- d-------- C:\Program Files\Common Files
2006-10-27 14:58 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Uniblue
2006-10-27 14:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-27 14:21 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Lavasoft
2006-10-26 11:16 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\AdobeUM
2006-10-25 17:01 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Datalayer
2006-10-25 16:48 -------- d---s---- C:\Documents and Settings\Steven Tan\Application Data\Microsoft
2006-10-25 15:31 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Adobe
2006-10-25 10:26 -------- d-------- C:\Program Files\DivX
2006-10-24 19:29 -------- d-------- C:\Program Files\BitComet
2006-10-24 17:38 -------- d-------- C:\Program Files\FlashGet
2006-10-24 14:57 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Skype
2006-10-23 04:15 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Rainlendar
2006-10-20 19:53 -------- d-------- C:\Program Files\Maxthon
2006-10-20 19:23 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Nokia Multimedia Player
2006-10-20 17:35 -------- d-------- C:\Program Files\Java
2006-10-20 17:20 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Macromedia
2006-10-20 15:03 -------- d-------- C:\Program Files\Stardock
2006-10-20 15:03 -------- d-------- C:\Program Files\Common Files\Stardock
2006-10-20 15:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 15:02 -------- d-------- C:\Program Files\Macromedia
2006-10-20 14:42 -------- d-------- C:\Program Files\CursorXP
2006-10-20 13:57 -------- d-------- C:\Program Files\Easy CD-DA Extractor 7
2006-10-18 21:20 -------- d-------- C:\Program Files\LimeWire
2006-10-12 23:03 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\CyberLink
2006-10-12 22:54 -------- d-------- C:\Program Files\CyberLink DVD Solution
2006-10-12 22:54 -------- d-------- C:\Program Files\Ahead
2006-10-12 22:42 -------- d-------- C:\Program Files\Logon Loader
2006-10-12 22:39 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-12 22:36 -------- d-------- C:\Program Files\Nokia
2006-10-12 22:36 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\PC Suite
2006-10-12 22:35 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-10-12 22:35 -------- d-------- C:\Program Files\Common Files\Nokia
2006-10-12 22:21 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Sun
2006-10-12 22:18 -------- d-------- C:\Program Files\Lavalys
2006-10-12 22:16 -------- d-------- C:\Program Files\Common Files\Java
2006-10-12 22:11 -------- d-------- C:\Program Files\Skype
2006-10-12 22:08 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Yahoo! Messenger
2006-10-12 22:07 -------- d-------- C:\Program Files\Yahoo!
2006-10-12 22:02 -------- d-------- C:\Program Files\Winamp
2006-10-12 21:52 -------- d-------- C:\Program Files\Microsoft IntelliPoint
2006-10-12 21:51 -------- d-------- C:\Program Files\Microsoft IntelliType Pro
2006-10-12 21:50 -------- d-------- C:\Program Files\Vimicro
2006-10-11 12:01 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Real
2006-10-11 11:31 -------- d-------- C:\Program Files\Network Associates
2006-10-11 11:31 -------- d-------- C:\Program Files\Common Files\Network Associates
2006-10-11 11:31 -------- d-------- C:\Program Files\Common Files\Cisco Systems
2006-10-11 10:48 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-11 10:48 -------- d-------- C:\Program Files\Adobe
2006-10-09 23:00 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-09 18:18 -------- d-------- C:\Program Files\Rainlendar
2006-10-08 02:29 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Media Player Classic
2006-10-08 02:28 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-08 00:33 -------- d-------- C:\Program Files\MSN Messenger
2006-10-07 22:58 -------- d-------- C:\Program Files\ATI Technologies
2006-10-07 10:30 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Help
2006-10-07 10:10 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-10-07 10:10 -------- d-------- C:\Program Files\Realtek AC97
2006-10-07 10:10 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-07 10:10 -------- d-------- C:\Program Files\AvRack
2006-10-07 10:08 -------- d-------- C:\Program Files\Intel
2006-10-07 10:06 -------- d-------- C:\Program Files\WinRAR
2006-10-07 10:05 -------- d-------- C:\Program Files\7-Zip
2006-10-07 09:40 -------- d-------- C:\Program Files\Microsoft Office
2006-10-07 09:40 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-07 09:40 -------- d-------- C:\Program Files\Common Files\System
2006-10-07 09:40 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-07 09:40 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-10-07 09:28 -------- d-------- C:\Program Files\Online Services
2006-10-07 08:14 62 --ahs---- C:\Documents and Settings\Steven Tan\Application Data\desktop.ini
2006-10-07 08:14 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-07 08:14 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-07 00:34 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-07 00:34 -------- d-------- C:\Documents and Settings\Steven Tan\Application Data\Identities
2006-10-07 00:29 -------- d-------- C:\Program Files\xerox
2006-10-07 00:29 -------- d-------- C:\Program Files\Windows Media Player
2006-10-07 00:29 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-07 00:27 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-07 00:27 -------- d-------- C:\Program Files\NetMeeting
2006-10-07 00:27 -------- d-------- C:\Program Files\Internet Explorer
2006-10-07 00:26 -------- d-------- C:\Program Files\Outlook Express
2006-10-07 00:26 -------- d-------- C:\Program Files\Movie Maker
2006-10-07 00:26 -------- d-------- C:\Program Files\Common Files\Services
2006-10-07 00:26 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-07 00:25 -------- d-------- C:\Program Files\Windows NT
2006-10-07 00:25 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-07 00:25 -------- d-------- C:\Program Files\MSN
2006-10-07 00:25 -------- d-------- C:\Program Files\Messenger
2006-10-07 00:25 -------- d-------- C:\Program Files\ComPlus Applications
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"PowerBar"=""
"CursorXP"="C:\\Program Files\\CursorXP\\CursorXP.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SysMetrix"="C:\\Program Files\\SysMetrix\\SysMetrix.exe"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE PHILIPS PC Camera"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00, 00,00,04,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00, 00,e2,02,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1. EXE "
"item"="Adobe Gamma Loader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1. EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=dword:00000002
"Ati HotKey Poller"=dword:00000002
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: 06-10-28 23:12:33.82
C:\ComboFix.txt ... 06-10-28 23:12
Is this the thing?? Chinese or Japanse programs?? I don't think there is any of those program in my pc although I am a chinese.
Budfred
10-28-2006, 12:38 PM
These include Chinese characters and there are some nasty Chinese infections going around...
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
I didn't go through every file in that log, but it looks like there is no huge infection anyway... For the HJT log, I also don't see any clear indication of infection... To be more sure, try this:
* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
er... i clicked the link but i can't click on the 'Accept' button on the lisence term pop-up. how come??
Budfred
10-28-2006, 12:51 PM
er... i clicked the link but i can't click on the 'Accept' button on the lisence term pop-up. how come??
If you are using FireFox with NoScript running, you probably need to allow a script to run... If you are using IE, it is possible you have ActiveX blocked... I don't know without looking at your system for sure, but you may need to check out different settings...
i m using Maxthon Browser. but how do i change the settings??
Budfred
10-28-2006, 12:55 PM
Use your straight IE browser for this....
IE also block. i donno how to undo the settings...
i manage to change the setting already but here comes a new problem. it keep poping a message out at the download step saying there is an erros on my scanning......... what is this all about??
Scanning Report
Sunday, October 29, 2006 00:24:03 - 01:09:16
Computer name: COOLER-5F30DAC2
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ N:\
--------------------------------------------------------------------------------
Result: 10 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
W32/DLoader.NRD (virus)
N:\SYSTEM VOLUME INFORMATION\_RESTORE{9A713F5E-15F3-4683-93B6-80CAAB9FF635}\RP128\A0042172.EXE (Submitted)
W32/Keylog.AYS (virus)
C:\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\BASS.DLL (Submitted)
W32/Zapchast.P (virus)
N:\SYSTEM VOLUME INFORMATION\_RESTORE{96521D2D-F16F-45A4-A19F-013A9B516353}\RP380\A0146847.DLL (Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 20503
System: 4195
Not scanned: 16
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 9
Submitted: 3
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
C:\DOCUMENTS AND SETTINGS\STEVEN TAN\RECENT\PROOF[2005]DVDRIP[ENG]-AXXO.LNK
C:\DOCUMENTS AND SETTINGS\STEVEN TAN\LOCAL SETTINGS\TEMP\~ROMFN_00000B24
D:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
E:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
F:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
G:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
H:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
N:\SYSTEM VOLUME INFORMATION\MOUNTPOINTMANAGERREMOTEDATABASE
N:\SYSTEM VOLUME INFORMATION\_RESTORE{96521D2D-F16F-45A4-A19F-013A9B516353}\RP284\A0104543.EXE
N:\SYSTEM VOLUME INFORMATION\_RESTORE{96521D2D-F16F-45A4-A19F-013A9B516353}\RP282\A0102428.EXE
N:\SYSTEM VOLUME INFORMATION\_RESTORE{665ED40E-E6A0-473C-8323-A03EE7C525EE}\RP43\A0004779.EXE
N:\SYSTEM VOLUME INFORMATION\_RESTORE{4ED34CEB-36A1-471B-8E62-EEB17A607B2A}\RP13\A0001124.EXE
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-27
F-Secure Libra: 2.4.1, 2006-10-26
F-Secure Orion: 1.2.37, 2006-10-27
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics
--------------------------------------------------------------------------------
Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
Budfred
10-28-2006, 03:15 PM
i manage to change the setting already but here comes a new problem. it keep poping a message out at the download step saying there is an erros on my scanning......... what is this all about??
I don't know...
However, this means 2 things:
W32/Keylog.AYS (virus)
C:\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\BASS.DLL (Submitted)
You need to reset System Restore... and... you may be in serious trouble... If you have done any financial transactions on this computer, your personal passwords, account numbers and so on may now be in the hands of criminals... I strongly recommend that you contact any financial agencies that you have done business with recently and change all that info... I suggest you also change passwords for anything else you do with this computer including accessing the computer... If they have those passwords, they can log in anytime and reinfect you or use your computer as a server... For maximum safety, the best bet is to wipe the computer completely and reinstall Windows from scratch...
To reset System Restore:
Turn off System Restore
To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Turn on System Restore
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
It is likely that the Bass.dll line is a false positive...but it is best to be safe and check it out.
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.