Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with Spyquake and stuff..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with Spyquake and stuff..

Unread postby Tommie » September 16th, 2006, 4:11 pm

This is my hijackthis log. I've tried using Ewido and delete but they are stubborn. Pls help me.
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:10:54 AM, on 9/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ismini.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\system32\sndvol32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Chan Liwei\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: PC-cillin 2002.lnk = ?
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2210670561
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7350786827
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am
Advertisement
Register to Remove

Unread postby Navigator » September 16th, 2006, 9:03 pm

Hello Tommie...welcome to Malware Removal! Ewido won't clean smitfraud...


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Tommie » September 17th, 2006, 12:44 am

i have double clicked on it already..but the command prompt didnt pop up..it just pop up quickly and next,it's gone..like a flash..
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Tommie » September 17th, 2006, 5:55 am

i tried all ways already..still can't get rid.. i still have those ishost.exe and ismini.exe in my processes.. i can't get rid of it at all..
How??
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

WinpFind log

Unread postby Tommie » September 17th, 2006, 8:49 am

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Start Menu Pin
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2002\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2002\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.6.0\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}
= C:\WINDOWS\System32\ixt0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{860C2F6B-CA82-4282-9187-BECCBB66F0AF} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
pccguide.exe "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
PCCClient.exe "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
BitComet "C:\Program Files\BitComet\BitComet.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
UserAccess7 2
PavPrSrv 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^3Deep.lnk
backup C:\WINDOWS\pss\3Deep.lnkCommon Startup
location Common Startup
item 3Deep
backup C:\WINDOWS\pss\3Deep.lnkCommon Startup
location Common Startup
item 3Deep

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe
backup C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe
item hpoddt01.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk
backup C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
location Common Startup
item Image Transfer
backup C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
location Common Startup
item Image Transfer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SonnReg.lnk
backup C:\WINDOWS\pss\SonnReg.lnkCommon Startup
location Common Startup
item SonnReg
backup C:\WINDOWS\pss\SonnReg.lnkCommon Startup
location Common Startup
item SonnReg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk
backup C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
location Common Startup
item Trend Micro Anti-Spyware
backup C:\WINDOWS\pss\Trend Micro Anti-Spyware.lnkCommon Startup
location Common Startup
item Trend Micro Anti-Spyware

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^True Internet Color Icon.lnk
backup C:\WINDOWS\pss\True Internet Color Icon.lnkCommon Startup
location Common Startup
item True Internet Color Icon
backup C:\WINDOWS\pss\True Internet Color Icon.lnkCommon Startup
location Common Startup
item True Internet Color Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk
backup C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
location Common Startup
item Windows Desktop Search
backup C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup
location Common Startup
item Windows Desktop Search

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Chan Liwei^Start Menu^Programs^Startup^Reboot.exe
backup C:\WINDOWS\pss\Reboot.exeStartup
location Startup
item Reboot
backup C:\WINDOWS\pss\Reboot.exeStartup
location Startup
item Reboot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item apdproxy
hkey HKLM
command "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item apdproxy
hkey HKLM
command "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cmaudio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RunDll32 cmicnfg
hkey HKLM
command RunDll32 cmicnfg.cpl,CMICtrlWnd
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RunDll32 cmicnfg
hkey HKLM
command RunDll32 cmicnfg.cpl,CMICtrlWnd
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\System32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CTHELPER
hkey HKLM
command CTHELPER.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dartmanagerfacesend
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burn mail
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item burn mail
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\e008c105.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item e008c105
hkey HKCU
command C:\Documents and Settings\Chan Liwei\Local Settings\Application Data\e008c105.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item e008c105
hkey HKCU
command C:\Documents and Settings\Chan Liwei\Local Settings\Application Data\e008c105.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\gcasServ
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item gcasServ
hkey HKLM
command "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Help01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rule third bait
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Rule third bait
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMJPMIG8.1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IMJPMIG
hkey HKLM
command C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IMJPMIG
hkey HKLM
command C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Jet Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ADGJDet
hkey HKLM
command "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
??? ???
?
? ?????
hkey HKCU
command ???
??? ???
?
? ?????
inimapping 1
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
??? ???
?
? ?????
hkey HKCU
command ???
??? ???
?
? ?????
inimapping 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msnmsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\System32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\System32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\New.net Startup
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~2
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NEWDOT~2
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCpl
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvMcTray
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PayTime
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item paytime
hkey HKLM
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002A
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TINTSETP
hkey HKLM
command C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TINTSETP
hkey HKLM
command C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PHIME2002ASync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TINTSETP
hkey HKLM
command C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TINTSETP
hkey HKLM
command C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
??? ???
?
? ?????
hkey HKCU
command ???
??? ???
?
? ?????
inimapping 1
key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
item ???
??? ???
?
? ?????
hkey HKCU
command ???
??? ???
?
? ?????
inimapping 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.6.0\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.6.0\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item realsched
hkey HKLM
command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item UpdReg
hkey HKLM
command C:\WINDOWS\UpdReg.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Registry Repair Pro
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RegistryRepairPro
hkey HKCU
command C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RegistryRepairPro
hkey HKCU
command C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run
homepage.monitor.exe C:\Program Files\Media-Codec\isamonitor.exe
pmsngr.exe C:\Program Files\Media-Codec\pmsngr.exe
ishost.exe ishost.exe
issearch.exe issearch.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoComponents 0
NoAddingComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoHTMLWallPaper 1
NoChangingWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
ClearRecentDocsOnExit 1
NoRecentDocsMenu 1
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
{74930553-06A3-1033-0831-040408030001} "C:\Program Files\Common Files\{74930553-06A3-1033-0831-040408030001}\Update.exe" mc-110-12-0000272

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
NoColorChoice 0
NoSizeChoice 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0
DisableRegistryTools 0
DisableTaskMgr 0
NoDispAppearancePage 0
NoDispBackgroundPage 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/17/2006 6:05:48 PM
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Blacklight Log

Unread postby Tommie » September 17th, 2006, 8:50 am

09/17/06 18:00:11 [Info]: BlackLight Engine 1.0.46 initialized
09/17/06 18:00:11 [Info]: OS: 5.1 build 2600 (Service Pack 1)
09/17/06 18:00:14 [Note]: 7019 4
09/17/06 18:00:14 [Note]: 7005 0
09/17/06 18:00:32 [Note]: 7006 0
09/17/06 18:00:32 [Note]: 7011 1960
09/17/06 18:00:32 [Note]: 7026 0
09/17/06 18:00:32 [Note]: 7026 0
09/17/06 18:00:59 [Note]: FSRAW library version 1.7.1019
09/17/06 20:43:11 [Note]: 7007 0
09/17/06 20:43:11 [Error]: 6021 2
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Rootkit Reveal Log

Unread postby Tommie » September 17th, 2006, 8:50 am

HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 9/17/2006 5:51 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\02AE06ECd01 9/17/2006 10:08 AM 17.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\044706F1d01 9/17/2006 12:47 PM 19.68 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\07E04565d01 9/17/2006 6:09 PM 24.55 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\0C5F542Cd01 9/17/2006 10:08 AM 578.97 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\139ECA55d01 9/17/2006 12:46 PM 72.89 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\155F3A06d01 9/17/2006 4:10 PM 25.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\209E133Dd01 9/17/2006 4:37 AM 16.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\20B3BF3Ad01 9/17/2006 4:07 PM 55.94 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\237906F1d01 9/17/2006 12:47 PM 19.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\3A5E7989d01 9/17/2006 6:09 PM 21.30 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\3F618002d01 9/17/2006 6:08 PM 30.16 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\483973AFd01 9/17/2006 4:09 AM 16.41 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\5EFA18BFd01 9/17/2006 5:59 PM 17.59 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\62A606ECd01 9/17/2006 10:08 AM 19.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\730C98A7d01 9/17/2006 10:08 AM 19.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\7561F376d01 9/17/2006 6:08 PM 35.03 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\7AB4B217d01 9/17/2006 4:09 AM 17.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\7D8AFD60d01 9/17/2006 10:07 AM 25.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\84F3AFE7d01 9/17/2006 6:09 PM 21.93 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\87A9B2CBd01 9/17/2006 10:09 AM 27.69 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\88B234ECd01 9/17/2006 4:09 PM 24.61 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\8F5496A6d01 9/17/2006 4:09 PM 24.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\9145B5F7d01 9/17/2006 6:09 PM 19.29 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\98A9D298d01 9/17/2006 10:00 AM 18.65 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\9A43350Dd01 9/17/2006 4:10 PM 19.28 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\A0283270d01 9/17/2006 6:07 PM 20.07 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\A23A06FCd01 9/17/2006 10:08 AM 18.26 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\A46D06E9d01 9/17/2006 12:46 PM 19.93 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\A89F4DBCd01 9/17/2006 5:54 PM 16.20 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\B8465A8Dd01 9/17/2006 10:01 AM 27.33 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\C3A4F7C7d01 9/17/2006 5:57 PM 106.63 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\CBC4FAAFd01 9/17/2006 5:59 PM 24.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\CF783DD4d01 9/17/2006 10:01 AM 17.85 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\D37B949Cd01 9/17/2006 10:01 AM 20.75 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\D8651C07d01 9/17/2006 5:57 PM 35.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\DBF71A84d01 9/17/2006 10:02 AM 22.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\DC4283DCd01 9/17/2006 6:09 PM 17.02 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\E04544BBd01 9/17/2006 6:09 PM 48.95 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\Cache\EB40D57Dd01 9/17/2006 4:38 AM 196.11 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\cookies.txt 9/17/2006 6:14 PM 19.39 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\downloads.rdf 9/17/2006 6:13 PM 206 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\formhistory.dat 9/11/2006 11:52 PM 185 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Application Data\Mozilla\Firefox\Profiles\ld31mfxy.default\parent.lock 9/17/2006 5:54 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\backups 9/17/2006 4:47 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\backups\backup-20060917-163325-985 9/17/2006 4:33 PM 110 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\backups\backup-20060917-163500-843 9/17/2006 4:35 PM 382 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\backups\backup-20060917-164700-540 9/17/2006 4:47 PM 108 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\blbeta.exe 9/17/2006 6:00 PM 799.55 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Desktop\ewido-setup_4.0.0.172c.exe 9/17/2006 4:14 AM 5.74 MB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Desktop\fsbl-20060917100011.log 9/17/2006 6:00 PM 786 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Desktop\WinPFind.Txt 9/17/2006 6:06 PM 28.27 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Favorites\Amateur-Start best free amateur pages.url 9/16/2006 4:08 PM 132 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Favorites\Special - Amateur girl Hannah (16vids!!) - Boys Forum - Porn Forum.url 9/16/2006 3:44 PM 184 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Favorites\Special Hannah.url 9/17/2006 6:12 PM 184 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Favorites\Start.url 9/17/2006 6:12 PM 132 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\bc_cache 9/17/2006 5:53 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\bc_cache\606c70d771e96ab230d9a327422bf332 9/17/2006 5:53 PM 1.82 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\bc_cache\index.dat 9/17/2006 5:53 PM 387 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\F-Secure 9/17/2006 6:00 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\F-Secure\BlackLight 9/17/2006 6:01 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temp\F-Secure\BlackLight\fsblsen.dll 9/17/2006 6:00 PM 144.00 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\404dnserror[1] 9/17/2006 4:30 AM 4.18 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\CAIR87RW 9/17/2006 4:30 AM 2.12 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\next_gray[1].gif 9/17/2006 6:14 PM 331 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\scan[1].gif 9/17/2006 6:14 PM 1.56 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\select[1].gif 9/17/2006 6:14 PM 1.61 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\27U7A1ER\XP[1].js 9/17/2006 6:13 PM 6.90 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\buy[1].gif 9/17/2006 6:14 PM 1.42 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\CA2L07OB 9/17/2006 4:30 AM 2.02 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\CAE7AB6D 9/17/2006 6:14 PM 11 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\cj_kis[1].gif 9/17/2006 6:14 PM 21.30 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\help[1].gif 9/17/2006 6:14 PM 1.66 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\kaspersky_logo[1].gif 9/17/2006 6:14 PM 2.44 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\2RS501WF\kws_lupa[1].gif 9/17/2006 6:13 PM 1.53 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\4DSPYZGD\config[1].gif 9/17/2006 6:14 PM 1.68 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\4DSPYZGD\dot_blue[1].gif 9/17/2006 6:14 PM 35 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\A7I7GFUD 9/17/2006 3:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\A7I7GFUD\desktop.ini 9/17/2006 4:30 AM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\CA2NOHYF 9/17/2006 4:30 AM 3.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\CA67CRZG 9/17/2006 4:29 AM 2.03 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\e[1].gif 9/17/2006 6:13 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\fl_l2_pas[1].gif 9/17/2006 6:13 PM 52 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\fl_logo[1].gif 9/17/2006 6:13 PM 2.74 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\icon_home[1].gif 9/17/2006 6:13 PM 89 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\icon_mail[1].gif 9/17/2006 6:13 PM 87 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\kavwebscan[1].htm 9/17/2006 6:14 PM 48.95 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\pca3[1].crl 9/17/2006 6:15 PM 688 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\style[1].css 9/17/2006 6:13 PM 8.90 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\style[2].css 9/17/2006 6:13 PM 822 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\viewforum[1].php 9/17/2006 4:29 AM 6.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\viewtopic[1].php 9/17/2006 4:30 AM 8.58 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\virusscanner[1] 9/17/2006 6:13 PM 19.29 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\KNJRM495\WANIPConnection[1].xml 9/17/2006 5:53 PM 10.04 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\CAQRODUZ 9/17/2006 4:30 AM 1.84 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\file_scan[1].gif 9/17/2006 6:13 PM 866 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\fl_t_bg_2[1].gif 9/17/2006 6:13 PM 151 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\kavwebscan[1].js 9/17/2006 6:14 PM 24.55 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\kavwebscan_unicode[1].cab 9/17/2006 6:15 PM 397.13 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\WANIPConnection[1].xml 9/17/2006 5:53 PM 1.16 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\LVK0VTO7\www.kaspersky[1].com 9/17/2006 6:13 PM 21.93 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\CA98VYNH 9/17/2006 4:30 AM 2.32 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\dot[1].gif 9/17/2006 6:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\engine[1].dll 9/17/2006 4:12 AM 461.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\fl_logo_b[1].gif 9/17/2006 6:13 PM 890 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\fl_t_bg_1[1].gif 9/17/2006 6:13 PM 541 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\fl_t_bg_3[1].gif 9/17/2006 6:13 PM 350 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\fl_t_bg_4[1].gif 9/17/2006 6:13 PM 47 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\fl_w[1].gif 9/17/2006 6:13 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\icon_buy[1].gif 9/17/2006 6:13 PM 82 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\igd[1].xml 9/17/2006 5:53 PM 3.14 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\kav_red[1].gif 9/17/2006 6:14 PM 1.00 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\lines[1].gif 9/17/2006 6:14 PM 38 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\onlinescanner[1].sig 9/17/2006 3:46 PM 811.27 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\M7M7252J\webscanner[1].gif 9/17/2006 6:14 PM 1.53 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\OL0JK3CJ 9/17/2006 3:33 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\OL0JK3CJ\s[1].gif 9/17/2006 3:33 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\CA896VCH 9/17/2006 4:30 AM 2.91 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\desktop.ini 9/17/2006 6:13 PM 67 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\disabled[1].gif 9/17/2006 6:20 PM 1.32 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\fl_l2_sel[1].gif 9/17/2006 6:13 PM 54 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\fl_nav_pas[1].gif 9/17/2006 6:13 PM 53 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\internet[1].gif 9/17/2006 6:14 PM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\SXSDINSX\kavdefines[1].js 9/17/2006 6:13 PM 925 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\arrow[1].gif 9/17/2006 6:14 PM 200 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\banner_gngwc_2[1].swf 9/17/2006 1:04 PM 19.57 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\CA6JWDOT 9/17/2006 4:29 AM 1.87 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\fl_search[1].gif 9/17/2006 6:13 PM 92 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\fl_t_bg_5[1].gif 9/17/2006 6:13 PM 349 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\fl_t_bg_6[1].gif 9/17/2006 6:13 PM 255 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\onlinescannerpromo[1].html 9/17/2006 6:14 PM 442 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\updatelist[1].xml 9/17/2006 12:47 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\UHSREHY5\viewtopic[1].php 9/17/2006 4:30 AM 8.83 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\YD0JMDM5 9/17/2006 3:06 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\YD0JMDM5\desktop.ini 9/17/2006 4:30 AM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\YDK9670H 9/17/2006 3:33 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Local Settings\Temporary Internet Files\Content.IE5\YDK9670H\desktop.ini 9/17/2006 4:30 AM 67 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\My Documents\Programs For Virus\Winpfind\WinPFind.Txt 9/24/2005 11:11 PM 34.05 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Chan Liwei\Recent\fsbl-20060917100011.lnk 9/17/2006 6:03 PM 553 bytes Hidden from Windows API.
C:\Documents and Settings\Chan Liwei\Recent\WinPFind.lnk 9/17/2006 6:06 PM 498 bytes Hidden from Windows API.
C:\Program Files\Common Files\New Folder\haha\Thumbs.db:encryptable 9/17/2006 3:36 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf 9/17/2006 6:11 PM 13.71 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf 9/17/2006 6:11 PM 47.72 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\KAVUNINSTALL.EXE-12C01CF3.pf 9/17/2006 6:11 PM 31.31 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf 9/17/2006 6:11 PM 11.13 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\RUNDLL32.EXE-35BB92D4.pf 9/17/2006 6:09 PM 29.04 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\WINPFIND.EXE-028E6FB2.pf 9/17/2006 6:04 PM 37.39 KB Hidden from Windows API.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\000B660C.key 8/3/2005 4:19 PM 798 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup 4/4/2006 7:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH 4/5/2006 4:59 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\avp.klb 9/23/2005 10:27 AM 11.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\avp.set 9/23/2005 10:27 AM 1.45 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\avp_ext.set 9/23/2005 10:27 AM 1.53 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\avp_x.set 9/23/2005 10:27 AM 1.53 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\black.lst 9/23/2005 10:27 AM 58.78 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ca.avc 9/23/2005 10:27 AM 68.45 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\daily-ex.avc 9/23/2005 10:27 AM 3.39 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\daily.avc 9/23/2005 10:27 AM 36.58 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext001.avc 9/23/2005 10:27 AM 48.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext002.avc 9/23/2005 10:27 AM 47.13 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext003.avc 9/23/2005 10:27 AM 46.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext004.avc 9/23/2005 10:27 AM 47.11 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext005.avc 9/23/2005 10:27 AM 19.07 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\ext999.avc 9/23/2005 10:27 AM 17.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\fa.avc 9/23/2005 10:27 AM 20.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\gen002.avc 9/23/2005 10:27 AM 46.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\gen004.avc 9/23/2005 10:27 AM 28.64 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\gen999.avc 9/23/2005 10:27 AM 42.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\kavset.xml 9/23/2005 10:26 AM 38.82 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\kernel.avc 9/23/2005 10:27 AM 8.21 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krn001.avc 9/23/2005 10:27 AM 33.49 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krnengn.avc 9/23/2005 10:28 AM 26.18 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krnexe.avc 9/23/2005 10:28 AM 32.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krnexe32.avc 9/23/2005 10:28 AM 47.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krnmacro.avc 9/23/2005 10:28 AM 86.42 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\krnunp.avc 9/23/2005 10:28 AM 59.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\mail.avc 9/23/2005 10:28 AM 13.78 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\malw001.avc 9/23/2005 10:28 AM 58.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\malw002.avc 9/23/2005 10:28 AM 53.42 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\malw003.avc 9/23/2005 10:28 AM 47.18 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\malw004.avc 9/23/2005 10:28 AM 37.08 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\smart.avc 9/23/2005 10:28 AM 5.04 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj001.avc 9/23/2005 10:28 AM 98.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj003.avc 9/23/2005 10:28 AM 106.76 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj005.avc 9/23/2005 10:28 AM 50.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj006.avc 9/23/2005 10:28 AM 50.18 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj007.avc 9/23/2005 10:28 AM 49.49 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj008.avc 9/23/2005 10:28 AM 49.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj009.avc 9/23/2005 10:28 AM 49.68 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj010.avc 9/23/2005 10:28 AM 49.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj013.avc 9/23/2005 10:28 AM 48.94 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj014.avc 9/23/2005 10:29 AM 49.67 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj016.avc 9/23/2005 10:29 AM 49.22 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj018.avc 9/23/2005 10:29 AM 49.28 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj020.avc 9/23/2005 10:29 AM 49.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj022.avc 9/23/2005 10:29 AM 55.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj023.avc 9/23/2005 10:29 AM 54.36 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj024.avc 9/23/2005 10:29 AM 55.02 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj025.avc 9/23/2005 10:29 AM 50.24 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj026.avc 9/23/2005 10:29 AM 45.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj027.avc 9/23/2005 10:29 AM 42.38 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj028.avc 9/23/2005 10:29 AM 40.48 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj029.avc 9/23/2005 10:29 AM 49.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj030.avc 9/23/2005 10:29 AM 47.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj031.avc 9/23/2005 10:29 AM 48.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj032.avc 9/23/2005 10:29 AM 48.13 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj033.avc 9/23/2005 10:29 AM 48.44 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\troj034.avc 9/23/2005 10:29 AM 83.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp000.avc 9/23/2005 10:29 AM 8.04 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp001.avc 9/23/2005 10:29 AM 55.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp002.avc 9/23/2005 10:30 AM 70.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp003.avc 9/23/2005 10:30 AM 53.68 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp004.avc 9/23/2005 10:30 AM 65.83 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp005.avc 9/23/2005 10:30 AM 60.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp006.avc 9/23/2005 10:30 AM 55.01 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp007.avc 9/23/2005 10:30 AM 79.82 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp009.avc 9/23/2005 10:30 AM 50.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp010.avc 9/23/2005 10:30 AM 69.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp011.avc 9/23/2005 10:30 AM 54.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp012.avc 9/23/2005 10:30 AM 35.36 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp013.avc 9/23/2005 10:30 AM 56.61 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp014.avc 9/23/2005 10:30 AM 59.72 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp015.avc 9/23/2005 10:30 AM 60.93 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp016.avc 9/23/2005 10:30 AM 69.22 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp017.avc 9/23/2005 10:30 AM 32.42 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp018.avc 9/23/2005 10:30 AM 43.44 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp019.avc 9/23/2005 10:30 AM 78.40 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp020.avc 9/23/2005 10:30 AM 38.18 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp021.avc 9/23/2005 10:30 AM 29.70 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp022.avc 9/23/2005 10:30 AM 48.96 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp023.avc 9/23/2005 10:30 AM 79.40 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp024.avc 9/23/2005 10:31 AM 42.21 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp025.avc 9/23/2005 10:31 AM 49.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\unp026.avc 9/23/2005 10:31 AM 75.75 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus001.avc 9/23/2005 10:31 AM 74.79 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus003.avc 9/23/2005 10:31 AM 71.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus007.avc 9/23/2005 10:31 AM 72.39 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus010.avc 9/23/2005 10:31 AM 72.47 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus011.avc 9/23/2005 10:31 AM 76.61 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus012.avc 9/23/2005 10:31 AM 75.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus014.avc 9/23/2005 10:31 AM 73.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus015.avc 9/23/2005 10:31 AM 74.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus016.avc 9/23/2005 10:31 AM 78.94 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\virus020.avc 9/23/2005 10:32 AM 34.08 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\worm001.avc 9/23/2005 10:32 AM 49.07 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\worm003.avc 9/23/2005 10:32 AM 50.53 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\worm005.avc 9/23/2005 10:32 AM 48.28 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\ADxB8GNBVUQH\worm006.avc 9/23/2005 10:32 AM 21.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\BGA38GNBU0QA 4/4/2006 7:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\BGA38GNBU0QA\master.xml 9/23/2005 10:26 AM 1.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\BGA38GNBU0QA\updcfg.xml 9/23/2005 10:27 AM 4.46 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\BGAz8GNBU0QA 9/23/2005 10:32 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\BGAz8GNBU0QA\updcfg.xml 6/3/2005 5:03 PM 3.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\J2A-gLLhzu1z 4/4/2006 7:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\backup\J2A-gLLhzu1z\soft.xml 9/23/2005 10:26 AM 824 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases 4/5/2006 4:59 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avcmhk4.dll 9/23/2005 10:27 AM 21.06 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avp.klb 4/4/2006 7:31 PM 13.58 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avp.set 4/4/2006 7:31 PM 1.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avp.vnd 9/23/2005 10:27 AM 6.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avp_ext.set 4/4/2006 7:31 PM 1.84 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\avp_x.set 4/4/2006 7:31 PM 1.84 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base005.avc 4/4/2006 7:31 PM 47.42 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base006.avc 4/4/2006 7:32 PM 47.17 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base007.avc 4/4/2006 7:32 PM 61.81 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base061.avc 4/4/2006 7:32 PM 33.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base062.avc 4/4/2006 7:32 PM 48.51 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base063.avc 4/4/2006 7:32 PM 48.66 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base064.avc 4/4/2006 7:32 PM 48.76 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base065.avc 4/4/2006 7:32 PM 48.91 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base066.avc 4/4/2006 7:32 PM 48.89 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base067.avc 4/4/2006 7:32 PM 48.47 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base068.avc 4/4/2006 7:32 PM 48.71 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base069.avc 4/4/2006 7:32 PM 48.76 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base070.avc 4/4/2006 7:32 PM 48.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base071.avc 4/4/2006 7:32 PM 48.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base072.avc 4/4/2006 7:32 PM 48.90 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base073.avc 4/4/2006 7:32 PM 48.97 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base074.avc 4/4/2006 7:32 PM 48.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base075.avc 4/4/2006 7:32 PM 48.86 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base076.avc 4/4/2006 7:32 PM 48.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base077.avc 4/4/2006 7:32 PM 48.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base078.avc 4/4/2006 7:32 PM 49.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base079.avc 4/4/2006 7:32 PM 48.98 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base080.avc 4/4/2006 7:32 PM 47.82 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base081.avc 4/4/2006 7:32 PM 49.45 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base082.avc 4/4/2006 7:32 PM 48.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base083.avc 4/4/2006 7:33 PM 48.61 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base084.avc 4/4/2006 7:33 PM 48.65 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base085.avc 4/4/2006 7:33 PM 48.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base086.avc 4/4/2006 7:33 PM 48.28 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base087.avc 4/4/2006 7:33 PM 48.71 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base088.avc 4/4/2006 7:33 PM 48.46 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base089.avc 4/4/2006 7:33 PM 48.76 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base090.avc 4/4/2006 7:33 PM 47.40 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base091.avc 4/4/2006 7:33 PM 47.68 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base092.avc 4/4/2006 7:33 PM 48.72 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base093.avc 4/4/2006 7:33 PM 48.79 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\base094.avc 4/4/2006 7:33 PM 35.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\black.lst 4/4/2006 7:33 PM 102.22 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ca.avc 4/4/2006 7:33 PM 68.16 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\daily-ex.avc 4/4/2006 7:33 PM 1.25 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\daily.avc 4/4/2006 7:33 PM 21.97 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\eicar.avc 9/23/2005 10:27 AM 1.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\engine.cfg 9/23/2005 10:27 AM 11.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\engine.dt 9/23/2005 10:27 AM 11.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext001.avc 4/4/2006 7:33 PM 47.93 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext002.avc 4/4/2006 7:33 PM 46.88 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext003.avc 4/4/2006 7:33 PM 46.78 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext004.avc 4/4/2006 7:33 PM 46.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext005.avc 4/4/2006 7:33 PM 48.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext006.avc 4/4/2006 7:33 PM 27.24 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ext999.avc 4/4/2006 7:33 PM 13.62 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\fa.avc 4/4/2006 7:33 PM 22.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\gen001.avc 9/23/2005 10:27 AM 33.95 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\gen002.avc 4/4/2006 7:33 PM 46.02 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\gen003.avc 9/23/2005 10:27 AM 40.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\gen004.avc 4/4/2006 7:33 PM 26.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\gen999.avc 4/4/2006 7:33 PM 42.77 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\kavset.xml 4/4/2006 7:31 PM 46.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\kernel.avc 4/4/2006 7:33 PM 13.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krn001.avc 4/4/2006 7:34 PM 67.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krn002.avc 4/4/2006 7:34 PM 34.86 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krn003.avc 4/4/2006 7:34 PM 6.45 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krndos.avc 9/23/2005 10:27 AM 5.15 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnengn.avc 4/4/2006 7:34 PM 28.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnexe.avc 4/4/2006 7:34 PM 32.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnexe32.avc 4/4/2006 7:34 PM 110.35 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnjava.avc 9/23/2005 10:28 AM 36.74 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnmacro.avc 4/4/2006 7:34 PM 93.68 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\krnunp.avc 4/4/2006 7:34 PM 96.90 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\mail.avc 4/4/2006 7:34 PM 13.92 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\ocr.avc 9/23/2005 10:28 AM 11.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\smart.avc 4/4/2006 7:34 PM 6.17 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj001.avc 4/4/2006 7:34 PM 98.85 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj003.avc 4/4/2006 7:34 PM 106.69 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj005.avc 4/4/2006 7:34 PM 99.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj007.avc 4/4/2006 7:34 PM 97.68 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj009.avc 4/4/2006 7:34 PM 97.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj011.avc 9/23/2005 10:28 AM 50.59 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj012.avc 9/23/2005 10:28 AM 48.46 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj013.avc 4/4/2006 7:34 PM 48.91 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj014.avc 4/4/2006 7:34 PM 49.64 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj015.avc 9/23/2005 10:29 AM 48.79 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj016.avc 4/4/2006 7:34 PM 49.21 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj017.avc 9/23/2005 10:29 AM 48.95 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj018.avc 4/4/2006 7:34 PM 49.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj019.avc 9/23/2005 10:29 AM 48.82 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj020.avc 4/4/2006 7:34 PM 49.02 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj021.avc 9/23/2005 10:29 AM 49.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\troj022.avc 4/4/2006 7:34 PM 55.27 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp000.avc 4/4/2006 7:34 PM 16.37 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp001.avc 4/4/2006 7:34 PM 49.55 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp002.avc 4/4/2006 7:35 PM 71.79 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp003.avc 4/4/2006 7:35 PM 53.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp004.avc 4/4/2006 7:35 PM 27.18 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp005.avc 4/4/2006 7:35 PM 60.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp006.avc 4/4/2006 7:35 PM 55.11 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp007.avc 4/4/2006 7:35 PM 79.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp008.avc 9/23/2005 10:30 AM 55.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp009.avc 4/4/2006 7:35 PM 50.91 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp010.avc 4/4/2006 7:35 PM 67.32 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp011.avc 4/4/2006 7:35 PM 54.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp012.avc 4/4/2006 7:35 PM 35.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp013.avc 4/4/2006 7:35 PM 56.45 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp014.avc 4/4/2006 7:35 PM 60.51 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp015.avc 4/4/2006 7:35 PM 60.54 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp016.avc 4/4/2006 7:35 PM 67.64 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp017.avc 4/4/2006 7:35 PM 32.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp018.avc 4/4/2006 7:35 PM 43.64 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp019.avc 4/4/2006 7:35 PM 78.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp020.avc 4/4/2006 7:35 PM 37.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp021.avc 4/4/2006 7:35 PM 28.42 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp022.avc 4/4/2006 7:35 PM 49.47 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp023.avc 4/4/2006 7:35 PM 69.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp024.avc 4/4/2006 7:35 PM 33.72 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp025.avc 4/4/2006 7:35 PM 47.10 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp026.avc 4/4/2006 7:35 PM 47.10 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp027.avc 4/4/2006 7:35 PM 46.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp028.avc 4/4/2006 7:36 PM 43.82 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp029.avc 4/4/2006 7:36 PM 20.13 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp030.avc 4/4/2006 7:36 PM 53.87 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersk
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Newest Hjt Log

Unread postby Tommie » September 17th, 2006, 8:51 am

Logfile of HijackThis v1.99.1
Scan saved at 8:50:59 PM, on 9/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\ismini.exe
C:\WINDOWS\system32\sndvol32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Chan Liwei\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\System32\ixt0.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - Global Startup: PC-cillin 2002.lnk = ?
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2210670561
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7350786827
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FUI - Unknown owner - C:\DOCUME~1\CHANLI~1\LOCALS~1\Temp\FUI.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IFTE - Unknown owner - C:\DOCUME~1\CHANLI~1\LOCALS~1\Temp\IFTE.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Continued Rootkit Reveal Log

Unread postby Tommie » September 17th, 2006, 8:53 am

C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp031.avc 4/4/2006 7:36 PM 44.50 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp032.avc 4/4/2006 7:36 PM 49.20 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\unp033.avc 4/4/2006 7:36 PM 2.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\verdicts.ini 9/23/2005 10:31 AM 2.29 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus002.avc 9/23/2005 10:31 AM 74.71 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus003.avc 4/4/2006 7:36 PM 72.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus004.avc 9/23/2005 10:31 AM 77.10 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus005.avc 9/23/2005 10:31 AM 71.71 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus006.avc 9/23/2005 10:31 AM 74.33 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus007.avc 4/4/2006 7:36 PM 72.39 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus008.avc 9/23/2005 10:31 AM 73.43 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus009.avc 9/23/2005 10:31 AM 69.76 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus010.avc 4/4/2006 7:36 PM 72.37 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus011.avc 4/4/2006 7:36 PM 76.61 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus012.avc 4/4/2006 7:36 PM 75.57 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus013.avc 9/23/2005 10:31 AM 76.39 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus014.avc 4/4/2006 7:36 PM 73.27 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus015.avc 4/4/2006 7:36 PM 74.14 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus016.avc 4/4/2006 7:36 PM 79.31 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus017.avc 9/23/2005 10:32 AM 77.41 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus018.avc 9/23/2005 10:32 AM 75.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus019.avc 9/23/2005 10:32 AM 55.03 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\virus020.avc 4/4/2006 7:36 PM 35.69 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\worm001.avc 4/4/2006 7:36 PM 48.99 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\worm002.avc 9/23/2005 10:32 AM 51.26 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\worm003.avc 4/4/2006 7:36 PM 50.53 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\worm004.avc 9/23/2005 10:32 AM 52.46 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\bases\worm999.avc 9/23/2005 10:32 AM 5.21 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\data 4/4/2006 7:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\data\master.xml 4/4/2006 7:31 PM 1.60 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\data\Patches 4/4/2006 7:36 PM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\data\Patches\soft.xml 4/4/2006 7:31 PM 6.55 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\data\updcfg.xml 4/4/2006 7:31 PM 9.95 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kaveula.txt 7/27/2005 2:13 PM 2.11 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavss.dll 5/24/2005 12:27 PM 208.05 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavuninstall.exe 7/1/2005 3:06 PM 60.00 KB Visible in Windows API, but not in MFT or directory index.
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Tommie » September 17th, 2006, 8:54 am

I did all these log to save time because I wanted my computer to recover faster. hope what i did is right. Sorry if I messed things up.
Thanks!!!
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Navigator » September 17th, 2006, 11:49 am

Hello Tommie...

Please refrain from running random scans and tools, it really doesn't help...if you have problems with my instructions let me know and we'll work on it. If I want you to run any of that other stuff, I'll ask you for it, but right now it's not necessary.

Assuming that you correctly downloaded SmitfraudFix as instructed, and fully extracted the contents of the download to the folder, you may have a problem with your path environment making it impossible to run SmitfraudFix:

Download fixpath2.zip to your desktop from this link: http://internet.cybermesa.com/~bstewart/misctools.html

Extract the files inside and run Fixpath.exe.

It may produce a short report for you after running...if it does,post it in your next reply. After running Fixpath.exe you can delete the files and the zip.

Now try and run SmitfraudFix again according to my prior set of instructions. If it runs, post the results of the report it produces in your next reply.

If you are still having problems, let me know.
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby Tommie » September 17th, 2006, 12:35 pm

nope. still doesn't work. i got an option whether to let it check for errors and repair and i type in yes. then it disappear again.. for the smitfraudfix, still can't work..
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Navigator » September 17th, 2006, 3:37 pm

Hello Tommie....

Go ahead and delete/remove the Fixpath2.zip and contents you downloaded earlier...

Let's try it this way...if we can't get smitfraudfix to work, removing it will be a major pain:

Download FIXPATH2.ZIP

Save it to C:Drive (Local Disk (C: ) ) when it prompts you to chose a location to save it to (Important !)

Then open C:\Drive and right click the FIXPATH2.zip folder and choose Extract All

Once its extracted goto Start Menu > Run > type

cmd

Then Press OK

On the command prompt screen that opens type

CD\

Press Enter

You should then get C:\> showing on the command prompt screen

Then type

CD FIXPATH2

Press Enter

You should then get: C:\>fixpath2> showing on the screen

Then type: FIXPATH.EXE

Press Enter

It will display some preliminary information, and ask if it should continue and check for errors. Click Y for Yes and press Enter. If it successfully updates the Path value in the registry, you will need to reboot for the change to take effect. !! This is really important !!

After reboot, try to run SmitfraudFix again
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

smitfraud

Unread postby Tommie » September 18th, 2006, 9:14 am

SmitFraudFix v2.90

Scan done at 21:13:40.65, Mon 09/18/2006
Run from C:\Documents and Settings\Chan Liwei\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ot.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chan Liwei\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHANLI~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"hubbsi"="{7b1eeccd-0a6d-4ad5-8ac1-4af5722b3885}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Tommie
Regular Member
 
Posts: 116
Joined: September 22nd, 2005, 6:37 am

Unread postby Navigator » September 18th, 2006, 11:19 am

Excellent....

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Post back with the C:\rapport.txt file and a new HJT log....also let me know how your computer is running...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 39 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware