Welcome Guest ( Log In | Register )

Bump Topic Topic Closed RSS Feed

Outline · [ Standard ] · Linear+

Virus/Malware help pls.. ><"

views
     
TScrazygalz
post Apr 1 2007, 05:27 PM, updated 19y ago

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
my pc had format few time be4.. =.=
but the virus cant clear..
got 1 name Viking ..
all drive also hv.. vmad.gif
and that svh0st.. =.=
i'm trying to use different antivirus..
but cant clear it too..
now using kaspersky..
its seem has work..
but 1 of the problem cant slove..
hmm..
when i'm sign in yahoo mail..
just click "check mail"
my pc will hang for a momment..
after that straight close my page..
??? wat happen? =.=
try many time d.. same T.T
can anyone help?
sorry for using broken english .. ><"

this is the log after using combofix ..
got any problem ? =.=a

QUOTE
"Tan" - 07-04-01 17:05:51    Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Tan\Desktop"


((((((((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\3.exe
C:\WINDOWS\system32\XunLeiBHO_001.dll
C:\WINDOWS\system32\3.exe
C:\WINDOWS\system32\svch0st.exe
C:\WINDOWS\logo1_.exe


(((((((((((((((((((((((((((((((  Files Created from 2007-03-01 to 2007-04-01  ))))))))))))))))))))))))))))))))))


2007-04-01 14:35 <DIR> d-------- C:\WINDOWS\LastGood
2007-03-31 23:31 86,016 -ra------ C:\WINDOWS\system32\CNMCP64.exe
2007-03-31 23:31 7,680 --a------ C:\WINDOWS\system32\CNMVS64.DLL
2007-03-31 23:31 116,736 --a------ C:\WINDOWS\system32\CNMLM64.DLL
2007-03-31 23:31 <DIR> d--h----- C:\BJPrinter
2007-03-31 23:13 <DIR> d-------- C:\BJ Printer
2007-03-31 19:30 0 --a------ C:\WINDOWS\system32\wdata32.dll
2007-03-31 19:09 962,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 19:09 12,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-31 19:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-03-31 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-03-31 19:08 <DIR> d-------- C:\kav
2007-03-30 20:12 <DIR> d-------- C:\WINDOWS\uninstall
2007-03-30 20:04 <DIR> d-------- C:\Program Files\Uniblue
2007-03-30 19:58 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Uniblue
2007-03-28 23:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-27 18:03 <DIR> d-------- C:\Program Files\Trustix
2007-03-27 17:59 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Comodo
2007-03-27 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-03-27 17:57 <DIR> d-------- C:\Program Files\Comodo
2007-03-25 20:51 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-25 20:51 <DIR> d-------- C:\Program Files\ffdshow
2007-03-25 20:12 55,949 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2007-03-25 19:50 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-03-25 19:50 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-03-25 14:14 110 --a------ C:\WINDOWS\system32\Deleteme.bat
2007-03-24 18:55 19,995 ---hs---- C:\WINDOWS\system32\tlservet3.exe
2007-03-24 18:52 297,472 --a------ C:\WINDOWS\uninst.exe
2007-03-24 18:52 <DIR> d-------- C:\DOCUME~1\Tan\WINDOWS
2007-03-24 14:23 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-24 14:23 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-24 14:23 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-24 14:23 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-24 14:23 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-24 14:23 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-24 14:23 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-24 14:22 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-24 14:20 94,208 --a------ C:\WINDOWS\VMCap.exe
2007-03-24 14:20 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-03-24 14:20 57,344 --a------ C:\WINDOWS\StillCap.exe
2007-03-24 14:20 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-03-24 14:20 24,576 --a------ C:\WINDOWS\RunSetup.dll
2007-03-24 14:20 194,933 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-03-24 14:20 176,128 --a------ C:\WINDOWS\amcap.exe
2007-03-24 14:20 <DIR> d-------- C:\WINDOWS\CatRoot
2007-03-24 14:20 <DIR> d-------- C:\Program Files\Vimicro
2007-03-22 18:58 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-22 18:58 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-22 18:58 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-22 18:58 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-22 18:58 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-22 18:06 27,136 --a------ C:\WINDOWS\system32\drivers\MA-620.sys
2007-03-20 18:30 <DIR> d-------- C:\DOCUME~1\Tan\.exe
2007-03-20 17:57 <DIR> d-------- C:\Program Files\uTorrent
2007-03-20 17:57 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\uTorrent
2007-03-19 22:53 95,232 --ahs---- C:\WINDOWS\system32\RICHTX32.exe
2007-03-19 22:46 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Media Player Classic
2007-03-19 22:11 1 --a------ C:\WINDOWS\system32\index.dat
2007-03-19 19:53 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-03-19 00:31 <DIR> d-------- C:\Program Files\Real Alternative
2007-03-19 00:31 <DIR> d-------- C:\Program Files\Media Player Classic
2007-03-19 00:31 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Real
2007-03-19 00:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-03-18 18:24 94 --a------ C:\WINDOWS\system32\GoKaba.bat
2007-03-18 17:05 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\DivX
2007-03-18 15:56 <DIR> d-------- C:\Program Files\DivX
2007-03-18 13:58 32,256 --a------ C:\WINDOWS\system32\akrip32.dll
2007-03-18 13:58 151,040 --a------ C:\WINDOWS\system32\AKRipAX.dll
2007-03-18 13:58 <DIR> d-------- C:\My Music
2007-03-18 00:13 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-03-18 00:13 <DIR> d-------- C:\Downloads
2007-03-18 00:13 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Orbit
2007-03-17 19:42 <DIR> d-------- C:\Program Files\EZT
2007-03-17 11:16 6,112 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys
2007-03-17 11:15 5,744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys
2007-03-17 11:10 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-03-17 11:10 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-03-17 11:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-03-17 11:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-16 14:30 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
2007-03-16 14:30 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-16 14:30 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-15 22:35 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-03-15 22:32 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-15 22:32 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-15 22:32 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-15 22:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-15 22:32 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-15 22:32 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-15 22:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-15 22:32 <DIR> d-------- C:\Program Files\Ahead
2007-03-15 22:27 <DIR> d-------- C:\Program Files\BitComet
2007-03-15 00:35 <DIR> d-------- C:\WINDOWS\Sun
2007-03-13 16:21 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-03-13 16:21 <DIR> d-------- C:\Program Files\9you
2007-03-11 12:06 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\CyberLink
2007-03-11 11:38 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Azureus
2007-03-11 11:34 <DIR> d-------- C:\Program Files\Java
2007-03-11 11:34 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-11 11:33 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-11 11:33 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Sun
2007-03-11 11:06 <DIR> d-------- C:\Program Files\Azureus
2007-03-11 10:42 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-11 10:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-03-11 10:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-03-11 10:36 <DIR> dr-h----- C:\MSOCache
2007-03-11 10:34 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-03-11 10:34 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2007-03-11 10:34 <DIR> d-------- C:\Program Files\CyberLink
2007-03-11 10:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-11 10:30 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-11 10:30 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-11 10:30 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-11 10:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-11 10:30 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-11 10:29 <DIR> d-------- C:\Program Files\Winamp
2007-03-11 10:22 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-03-10 09:19 <DIR> d-------- C:\DOCUME~1\Tan\Contacts
2007-03-10 09:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-10 09:16 <DIR> d-------- C:\Program Files\MSN Messenger
2007-03-10 04:16 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-03-10 04:16 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-03-10 04:16 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-03-10 04:16 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-03-10 04:16 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-03-10 04:16 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-03-10 04:16 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-03-10 04:16 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-03-10 04:16 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-03-10 04:16 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-03-10 04:15 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-10 04:15 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-10 04:15 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-10 04:15 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-10 04:12 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-10 04:12 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2007-03-10 04:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-10 04:12 166,912 --a------ C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-03-10 04:11 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-03-10 04:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-10 04:11 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-03-10 04:11 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-03-10 04:11 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-03-10 04:11 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-03-10 04:11 117,760 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-03-10 04:11 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-03-10 04:11 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-10 04:11 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-03-10 04:09 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-10 04:09 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-10 04:09 <DIR> dr------- C:\Program Files
2007-03-10 04:09 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-10 04:09 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-10 04:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-10 04:08 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-10 04:08 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-10 04:08 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-10 04:08 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-10 04:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-10 04:08 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-10 04:08 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-10 04:08 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-10 04:08 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-10 04:08 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-10 04:08 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-10 04:08 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-10 04:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-10 04:08 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-10 04:08 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-10 04:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-10 04:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-10 04:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-10 04:08 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-10 04:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-10 04:08 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-10 04:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-10 04:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-10 04:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-10 04:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-10 04:07 <DIR> d-------- C:\Documents and Settings
2007-03-10 04:05 <DIR> d--hs---- C:\System Volume Information
2007-03-10 04:00 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-10 04:00 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-10 04:00 <DIR> dr------- C:\WINDOWS\Web
2007-03-10 04:00 <DIR> d--h----- C:\WINDOWS\inf
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\security
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Resources
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\repair
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\mui
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\msapps
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\msagent
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Media
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\java
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\ime
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Help
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\ehome
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Debug
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Config
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\addins
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS
2007-03-09 22:38 <DIR> d-------- C:\WINDOWS\pss
2007-03-09 22:17 <DIR> d--hs---- C:\RECYCLER
2007-03-09 22:14 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-09 22:14 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-09 22:14 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-09 22:14 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-09 22:14 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-09 22:14 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-09 22:14 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-09 22:14 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-09 22:14 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-09 22:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-09 22:14 265,143 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-03-09 22:14 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-09 22:14 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-09 22:14 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-09 22:14 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-09 22:14 128,259 -ra------ C:\WINDOWS\soundman.exe
2007-03-09 22:14 <DIR> d-------- C:\Program Files\AvRack
2007-03-09 22:14 <DIR> d-------- C:\Program Files\Avance Sound Manager
2007-03-09 22:13 217,347 -ra------ C:\WINDOWS\alcupd.exe
2007-03-09 22:13 151,811 -ra------ C:\WINDOWS\alcrmv.exe
2007-03-09 22:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-09 22:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-09 22:07 <DIR> d---s---- C:\DOCUME~1\Tan\UserData
2007-03-09 21:55 3,145,728 --ah----- C:\DOCUME~1\Tan\NTUSER.DAT
2007-03-09 20:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-09 20:34 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-09 20:34 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-09 20:34 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-09 20:30 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-09 20:30 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-09 20:29 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-09 20:29 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-09 20:29 0 -rahs---- C:\MSDOS.SYS
2007-03-09 20:29 0 -rahs---- C:\IO.SYS
2007-03-09 20:29 0 --a------ C:\CONFIG.SYS
2007-03-09 20:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 20:27 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-09 20:27 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-09 20:27 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-09 20:27 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-09 20:26 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-09 20:26 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-09 20:26 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-09 20:26 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-09 20:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-09 20:25 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-09 20:25 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-09 20:25 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-09 20:25 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-09 20:25 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-09 20:25 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-09 20:25 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-09 20:25 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-09 20:25 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-09 20:25 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-09 20:25 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-09 20:25 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-09 20:25 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-09 20:25 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-09 20:25 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-09 20:25 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-09 20:25 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-03-09 20:25 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-09 20:25 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-09 20:25 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-09 20:25 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-09 20:25 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-09 20:25 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-09 20:25 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-09 20:25 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-09 20:25 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-09 20:25 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-09 20:25 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-09 20:25 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-09 20:25 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-09 20:25 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-09 20:25 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-09 20:25 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-09 20:25 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-09 20:25 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-09 20:25 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-09 20:25 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-09 20:25 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-09 20:25 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-09 20:25 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-09 20:25 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-09 20:25 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-09 20:25 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-09 20:25 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 20:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-09 20:23 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-09 20:23 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-09 20:23 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-09 20:23 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-09 20:23 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-09 20:23 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-09 20:23 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-09 20:23 <DIR> d-------- C:\WINDOWS\Registration
2007-03-09 20:23 <DIR> d-------- C:\Program Files\Online Services
2007-03-09 20:23 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-09 20:23 <DIR> d-------- C:\Program Files\Messenger
2007-03-09 20:22 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-09 20:22 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-09 20:22 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-09 20:22 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-09 20:22 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-09 20:22 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-09 20:22 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-09 20:22 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-09 20:22 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-09 20:22 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-09 20:22 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-09 20:22 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-09 20:22 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-09 20:22 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-09 20:22 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-09 20:22 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-09 20:22 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-09 20:22 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-09 20:22 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-09 20:22 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-09 20:22 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-09 20:22 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-09 20:22 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-09 20:22 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-09 20:22 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-09 20:22 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-09 20:22 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-09 20:22 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-09 20:22 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-09 20:22 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-09 20:22 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-09 20:22 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-09 20:22 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-09 20:22 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-09 20:22 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-09 20:22 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-09 20:22 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-09 20:22 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-09 20:22 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-09 20:22 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-09 20:22 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-09 20:22 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-09 20:22 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-09 20:22 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-09 20:22 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-09 20:22 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-09 20:22 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-09 20:22 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-09 20:22 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-09 20:22 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-09 20:22 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-09 20:22 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-09 20:22 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-09 20:22 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-09 20:22 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-09 20:22 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-09 20:22 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-09 20:22 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-09 20:22 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-09 20:22 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-09 20:22 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-09 20:22 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-09 20:22 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-09 20:22 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-09 20:22 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-09 20:22 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-09 20:22 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-09 20:22 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-09 20:22 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-09 20:22 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-09 20:22 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-09 20:22 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-09 20:22 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-09 20:22 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-09 20:22 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-09 20:22 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-09 20:22 <DIR> d-------- C:\Program Files\Windows NT


((((((((((((((((((((((((((((((((((((((((((((((((  Find3M Report  )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-10 04:08 62 --ahs---- C:\DOCUME~1\Tan\APPLIC~1\desktop.ini
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


((((((((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMain"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Comodo\\Comodo AntiVirus\\CMain.exe\"  \" /login\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CPF"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Launch Pad Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLPTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Comodo\\LaunchPad\\CLPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="domino"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\domino.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwevv0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundl13a"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\rundl13a.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundl132"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\uninstall\\rundl132.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LSASS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\LSASS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="soundman"
"hkey"="HKLM"
"command"="soundman.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SVCH0ST"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\SVCH0ST.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="upxdnd"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\Tan\\LOCALS~1\\Temp\\upxdnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserKill]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\RUNDLL32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMSnap1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VMSnap1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhereOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CSRSS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\CSRSS.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsvbs]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSS"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMSS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ    HTTPFilter\0\0
LocalService REG_MULTI_SZ    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ    DnsCache\0\0
DcomLaunch REG_MULTI_SZ    DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ    RpcSs\0\0
imgsvc REG_MULTI_SZ    StiSvc\0\0
termsvcs REG_MULTI_SZ    TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36046a46-ce77-11db-ad0f-806d6172696f}]
Shell\AutoRun\command driver.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c71e2b11-df2f-11db-ab9a-000255640389}]
Shell\AutoRun\command J:\setupSNK.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_USNJSVC


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

  ? [3912]

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-01 17:09:48
C:\ComboFix2.txt ... 07-03-31 22:24
C:\ComboFix3.txt ... 07-03-30 21:46
Sempurna
post Apr 1 2007, 05:42 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Try this fix by Hattori and let us know how it goes:
http://forum.lowyat.net/index.php?showtopi...post&p=10982416

Added on April 1, 2007, 7:14 pmAlso, please do this after you've tried the fix by Hattori:

Please download OTMoveIt by OldTimer:
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wdata32.dll
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\tlservet3.exe
    C:\WINDOWS\system32\Deleteme.bat
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\rundl13a.exe
    C:\WINDOWS\uninstall\rundl132.exe
    C:\WINDOWS\LSASS.EXE
    C:\WINDOWS\system32\SVCH0ST.EXE"
    C:\DOCUME~1\Tan\LOCALS~1\Temp\upxdnd.exe
    C:\WINDOWS\RUNDLL32.exe
    C:\WINDOWS\CSRSS.exe
    C:\WINDOWS\SMSS.EXE

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.
  • Click the red MoveIt! button.
  • Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.
  • Close OTMoveIt.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):

CODE
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwevv0]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]

-[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserKill]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhereOU]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsvbs]



Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this: user posted image

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The results report from OTMoveIt.
  2. A new ComboFix log.
  3. A new HijackThis log.

How are things running now? Please let me know of any problems that still persist.


This post has been edited by Sempurna: Apr 1 2007, 07:15 PM
TScrazygalz
post Apr 2 2007, 08:02 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 1 2007, 05:42 PM)
Try this fix by Hattori and let us know how it goes:
http://forum.lowyat.net/index.php?showtopi...post&p=10982416

Added on April 1, 2007, 7:14 pmAlso, please do this after you've tried the fix by Hattori:

Please download OTMoveIt by OldTimer:


  • Save it to your desktop.

  • Please double-click OTMoveIt.exe to run it.

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\wdata32.dll
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\tlservet3.exe
    C:\WINDOWS\system32\Deleteme.bat
    C:\WINDOWS\IFinst27.exe
    C:\WINDOWS\rundl13a.exe
    C:\WINDOWS\uninstall\rundl132.exe
    C:\WINDOWS\LSASS.EXE
    C:\WINDOWS\system32\SVCH0ST.EXE"
    C:\DOCUME~1\Tan\LOCALS~1\Temp\upxdnd.exe
    C:\WINDOWS\RUNDLL32.exe
    C:\WINDOWS\CSRSS.exe
    C:\WINDOWS\SMSS.EXE

  • Return to OTMoveIt, right-click on the Paste List of Files/Folders to be Moved window and choose Paste.

  • Click the red MoveIt! button.

  • Copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it in your next reply.

  • Close OTMoveIt.


Note:  If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.
NEXT:

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):

CODE
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dwevv0]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]

-[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserKill]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhereOU]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wsvbs]



Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:  user posted image

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.
NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:



  1. The results report from OTMoveIt.

  2. A new ComboFix log.

  3. A new HijackThis log.


How are things running now? Please let me know of any problems that still persist.
*
erm.. i use that "DrWeb CureIt" ..
and ..
my .exe file had been delete.. =.="
but nvm.. is better than that "viking" not clear ~ rclxms.gif
thx ^^


The results report from OTMoveIt

QUOTE
LoadLibrary failed for C:\WINDOWS\system32\wdata32.dll
C:\WINDOWS\system32\wdata32.dll NOT unregistered.
C:\WINDOWS\system32\wdata32.dll moved successfully.
C:\WINDOWS\iun6002.exe moved successfully.
File/Folder C:\WINDOWS\system32\tlservet3.exe not found.
C:\WINDOWS\system32\Deleteme.bat moved successfully.
C:\WINDOWS\IFinst27.exe moved successfully.
File/Folder C:\WINDOWS\rundl13a.exe not found.
File/Folder C:\WINDOWS\uninstall\rundl132.exe not found.
File/Folder C:\WINDOWS\LSASS.EXE not found.
File/Folder C:\WINDOWS\system32\SVCH0ST.EXE" not found.
File/Folder C:\DOCUME~1\Tan\LOCALS~1\Temp\upxdnd.exe not found.
File/Folder C:\WINDOWS\RUNDLL32.exe not found.
File/Folder C:\WINDOWS\CSRSS.exe not found.
File/Folder C:\WINDOWS\SMSS.EXE not found.

Created on 04/02/2007 19:33:30
A new ComboFix log

QUOTE
"Tan" - 07-04-02 19:41:24    Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Tan\Desktop"


(((((((((((((((((((((((((((((((   Files Created from 2007-03-02 to 2007-04-02  ))))))))))))))))))))))))))))))))))


2007-04-01 19:04 <DIR> d-------- C:\DOCUME~1\Tan\DoctorWeb
2007-03-31 23:31 86,016 -ra------ C:\WINDOWS\system32\CNMCP64.exe
2007-03-31 23:31 7,680 --a------ C:\WINDOWS\system32\CNMVS64.DLL
2007-03-31 23:31 116,736 --a------ C:\WINDOWS\system32\CNMLM64.DLL
2007-03-31 23:31 <DIR> d--h----- C:\BJPrinter
2007-03-31 23:13 <DIR> d-------- C:\BJ Printer
2007-03-31 19:09 15,904 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-03-31 19:09 1,985,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-03-31 19:09 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-03-31 19:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-03-31 19:08 <DIR> d-------- C:\kav
2007-03-30 20:12 <DIR> d-------- C:\WINDOWS\uninstall
2007-03-30 20:04 <DIR> d-------- C:\Program Files\Uniblue
2007-03-30 19:58 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Uniblue
2007-03-28 23:18 <DIR> d--h----- C:\WINDOWS\PIF
2007-03-27 18:03 <DIR> d-------- C:\Program Files\Trustix
2007-03-27 17:59 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Comodo
2007-03-27 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-03-27 17:57 <DIR> d-------- C:\Program Files\Comodo
2007-03-25 20:51 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-03-25 20:51 <DIR> d-------- C:\Program Files\ffdshow
2007-03-25 20:12 55,949 --a------ C:\WINDOWS\system32\x264-uninstall.exe
2007-03-25 19:50 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-03-24 18:52 297,472 --a------ C:\WINDOWS\uninst.exe
2007-03-24 18:52 <DIR> d-------- C:\DOCUME~1\Tan\WINDOWS
2007-03-24 14:23 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-03-24 14:23 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-03-24 14:23 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-03-24 14:23 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-03-24 14:23 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-03-24 14:23 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-03-24 14:23 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-03-24 14:22 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-03-24 14:20 94,208 --a------ C:\WINDOWS\VMCap.exe
2007-03-24 14:20 61,440 --a------ C:\WINDOWS\system32\VM31bSTI.dll
2007-03-24 14:20 57,344 --a------ C:\WINDOWS\StillCap.exe
2007-03-24 14:20 307,200 --a------ C:\WINDOWS\vidcap32.Exe
2007-03-24 14:20 24,576 --a------ C:\WINDOWS\RunSetup.dll
2007-03-24 14:20 194,933 --a------ C:\WINDOWS\system32\drivers\usbVM31b.sys
2007-03-24 14:20 176,128 --a------ C:\WINDOWS\amcap.exe
2007-03-24 14:20 <DIR> d-------- C:\WINDOWS\CatRoot
2007-03-24 14:20 <DIR> d-------- C:\Program Files\Vimicro
2007-03-22 18:58 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-03-22 18:58 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-03-22 18:58 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-03-22 18:58 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-03-22 18:58 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-03-22 18:06 27,136 --a------ C:\WINDOWS\system32\drivers\MA-620.sys
2007-03-20 18:30 <DIR> d-------- C:\DOCUME~1\Tan\.exe
2007-03-20 17:57 <DIR> d-------- C:\Program Files\uTorrent
2007-03-20 17:57 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\uTorrent
2007-03-19 22:46 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Media Player Classic
2007-03-19 22:11 1 --a------ C:\WINDOWS\system32\index.dat
2007-03-19 00:31 <DIR> d-------- C:\Program Files\Real Alternative
2007-03-19 00:31 <DIR> d-------- C:\Program Files\Media Player Classic
2007-03-19 00:31 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Real
2007-03-19 00:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-03-18 18:24 94 --a------ C:\WINDOWS\system32\GoKaba.bat
2007-03-18 17:05 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\DivX
2007-03-18 15:56 <DIR> d-------- C:\Program Files\DivX
2007-03-18 13:58 32,256 --a------ C:\WINDOWS\system32\akrip32.dll
2007-03-18 13:58 151,040 --a------ C:\WINDOWS\system32\AKRipAX.dll
2007-03-18 13:58 <DIR> d-------- C:\My Music
2007-03-18 00:13 <DIR> d-------- C:\Program Files\Orbitdownloader
2007-03-18 00:13 <DIR> d-------- C:\Downloads
2007-03-18 00:13 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Orbit
2007-03-17 19:42 <DIR> d-------- C:\Program Files\EZT
2007-03-17 11:16 6,112 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys
2007-03-17 11:15 5,744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys
2007-03-17 11:10 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-03-17 11:10 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2007-03-17 11:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-03-17 11:09 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-03-16 14:30 36,864 --a------ C:\WINDOWS\system32\EGameEncrypt.dll
2007-03-16 14:30 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-03-16 14:30 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-15 22:35 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-03-15 22:32 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-03-15 22:32 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-03-15 22:32 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-03-15 22:32 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-03-15 22:32 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-03-15 22:32 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-03-15 22:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-15 22:32 <DIR> d-------- C:\Program Files\Ahead
2007-03-15 22:27 <DIR> d-------- C:\Program Files\BitComet
2007-03-15 00:35 <DIR> d-------- C:\WINDOWS\Sun
2007-03-13 16:21 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-03-13 16:21 <DIR> d-------- C:\Program Files\9you
2007-03-11 12:06 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\CyberLink
2007-03-11 11:38 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Azureus
2007-03-11 11:34 <DIR> d-------- C:\Program Files\Java
2007-03-11 11:34 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-11 11:33 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-11 11:33 <DIR> d-------- C:\DOCUME~1\Tan\APPLIC~1\Sun
2007-03-11 11:06 <DIR> d-------- C:\Program Files\Azureus
2007-03-11 10:42 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-11 10:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-03-11 10:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-03-11 10:36 <DIR> dr-h----- C:\MSOCache
2007-03-11 10:34 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-03-11 10:34 <DIR> d-------- C:\Program Files\CyberLink DVD Solution
2007-03-11 10:34 <DIR> d-------- C:\Program Files\CyberLink
2007-03-11 10:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-03-11 10:30 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-11 10:30 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-11 10:30 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-11 10:30 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-11 10:30 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-11 10:29 <DIR> d-------- C:\Program Files\Winamp
2007-03-11 10:22 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-03-10 09:19 <DIR> d-------- C:\DOCUME~1\Tan\Contacts
2007-03-10 09:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-10 09:16 <DIR> d-------- C:\Program Files\MSN Messenger
2007-03-10 04:16 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-03-10 04:16 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-03-10 04:16 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-03-10 04:16 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-03-10 04:16 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-03-10 04:16 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-03-10 04:16 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-03-10 04:16 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-03-10 04:16 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-03-10 04:16 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-03-10 04:16 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-03-10 04:16 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-03-10 04:15 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-10 04:15 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-10 04:15 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-10 04:15 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-10 04:15 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-10 04:12 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-10 04:12 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2007-03-10 04:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-10 04:12 166,912 --a------ C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-03-10 04:11 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-03-10 04:11 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-10 04:11 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2007-03-10 04:11 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-03-10 04:11 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2007-03-10 04:11 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2007-03-10 04:11 117,760 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-03-10 04:11 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-03-10 04:11 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-03-10 04:11 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2007-03-10 04:09 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-10 04:09 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-10 04:09 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-10 04:09 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-10 04:09 <DIR> dr------- C:\Program Files
2007-03-10 04:09 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-10 04:09 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-10 04:09 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-10 04:08 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-10 04:08 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-10 04:08 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-10 04:08 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-10 04:08 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-10 04:08 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-10 04:08 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-10 04:08 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-10 04:08 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-10 04:08 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-10 04:08 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-10 04:08 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-10 04:08 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-10 04:08 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-10 04:08 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-10 04:08 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-10 04:08 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-10 04:08 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-10 04:08 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-10 04:08 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-10 04:08 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-10 04:08 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-10 04:08 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-10 04:08 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-10 04:08 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-10 04:08 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-10 04:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-10 04:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-10 04:07 <DIR> d-------- C:\Documents and Settings
2007-03-10 04:05 <DIR> d--hs---- C:\System Volume Information
2007-03-10 04:00 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-10 04:00 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-10 04:00 <DIR> dr------- C:\WINDOWS\Web
2007-03-10 04:00 <DIR> d--h----- C:\WINDOWS\inf
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system32
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\system
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\security
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Resources
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\repair
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\mui
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\msapps
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\msagent
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Media
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\java
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\ime
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Help
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\ehome
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Debug
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\Config
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS\addins
2007-03-10 04:00 <DIR> d-------- C:\WINDOWS
2007-03-09 22:38 <DIR> d-------- C:\WINDOWS\pss
2007-03-09 22:17 <DIR> d--hs---- C:\RECYCLER
2007-03-09 22:14 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-09 22:14 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-09 22:14 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-09 22:14 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-09 22:14 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-09 22:14 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-09 22:14 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-09 22:14 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-09 22:14 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-09 22:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-09 22:14 265,143 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-03-09 22:14 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-09 22:14 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-09 22:14 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-09 22:14 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-09 22:14 128,259 -ra------ C:\WINDOWS\soundman.exe
2007-03-09 22:14 <DIR> d-------- C:\Program Files\AvRack
2007-03-09 22:14 <DIR> d-------- C:\Program Files\Avance Sound Manager
2007-03-09 22:13 217,347 -ra------ C:\WINDOWS\alcupd.exe
2007-03-09 22:13 151,811 -ra------ C:\WINDOWS\alcrmv.exe
2007-03-09 22:13 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-09 22:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-09 22:07 <DIR> d---s---- C:\DOCUME~1\Tan\UserData
2007-03-09 21:55 3,145,728 --ah----- C:\DOCUME~1\Tan\NTUSER.DAT
2007-03-09 20:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-09 20:34 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-09 20:34 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-09 20:34 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-09 20:30 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-09 20:30 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-09 20:29 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-09 20:29 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-09 20:29 0 -rahs---- C:\MSDOS.SYS
2007-03-09 20:29 0 -rahs---- C:\IO.SYS
2007-03-09 20:29 0 --a------ C:\CONFIG.SYS
2007-03-09 20:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-09 20:27 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-09 20:27 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-09 20:27 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-09 20:27 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-09 20:26 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-09 20:26 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-09 20:26 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-09 20:26 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-09 20:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-09 20:25 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-09 20:25 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-09 20:25 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-09 20:25 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-09 20:25 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-09 20:25 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-09 20:25 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-09 20:25 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-09 20:25 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-09 20:25 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-09 20:25 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-09 20:25 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-09 20:25 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-09 20:25 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-09 20:25 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-09 20:25 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-09 20:25 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-03-09 20:25 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-09 20:25 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-09 20:25 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-09 20:25 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-09 20:25 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-09 20:25 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-09 20:25 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-09 20:25 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-09 20:25 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-09 20:25 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-03-09 20:25 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-09 20:25 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-09 20:25 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-09 20:25 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-09 20:25 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-09 20:25 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-03-09 20:25 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-09 20:25 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-03-09 20:25 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-03-09 20:25 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-09 20:25 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-09 20:25 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-09 20:25 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-09 20:25 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-09 20:25 <DIR> d---s---- C:\WINDOWS\Tasks
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-03-09 20:25 <DIR> d-------- C:\WINDOWS\srchasst
2007-03-09 20:25 <DIR> d-------- C:\Program Files\Movie Maker
2007-03-09 20:25 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-03-09 20:24 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-03-09 20:23 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-09 20:23 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-03-09 20:23 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-09 20:23 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-09 20:23 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-09 20:23 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-09 20:23 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-09 20:23 <DIR> d-------- C:\WINDOWS\Registration
2007-03-09 20:23 <DIR> d-------- C:\Program Files\Online Services
2007-03-09 20:23 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-03-09 20:23 <DIR> d-------- C:\Program Files\Messenger
2007-03-09 20:22 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-09 20:22 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-09 20:22 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-09 20:22 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-09 20:22 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-09 20:22 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-09 20:22 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-09 20:22 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-09 20:22 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-09 20:22 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-09 20:22 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-09 20:22 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-09 20:22 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-09 20:22 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-09 20:22 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-09 20:22 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-09 20:22 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-09 20:22 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-09 20:22 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-09 20:22 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-09 20:22 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-09 20:22 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-09 20:22 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-09 20:22 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-09 20:22 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-03-09 20:22 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-09 20:22 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-09 20:22 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-09 20:22 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-09 20:22 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-09 20:22 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-09 20:22 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-09 20:22 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-09 20:22 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-09 20:22 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-09 20:22 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-09 20:22 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-09 20:22 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-09 20:22 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-09 20:22 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-09 20:22 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-09 20:22 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-09 20:22 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-09 20:22 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-09 20:22 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-09 20:22 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-09 20:22 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-09 20:22 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-09 20:22 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-09 20:22 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-09 20:22 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-09 20:22 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-09 20:22 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-09 20:22 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-09 20:22 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-09 20:22 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-09 20:22 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-09 20:22 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-09 20:22 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-09 20:22 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-09 20:22 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-09 20:22 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-09 20:22 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-09 20:22 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-09 20:22 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-09 20:22 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-09 20:22 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-09 20:22 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-09 20:22 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-09 20:22 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-09 20:22 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-09 20:22 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-09 20:22 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-09 20:22 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-09 20:22 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-09 20:22 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-03-09 20:22 <DIR> d-------- C:\WINDOWS\system32\Com
2007-03-09 20:22 <DIR> d-------- C:\Program Files\Windows NT


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-10 04:08 62 --ahs---- C:\DOCUME~1\Tan\APPLIC~1\desktop.ini
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cnfgCav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CMain"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Comodo\\Comodo AntiVirus\\CMain.exe\"  \" /login\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CPF"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comodo Launch Pad Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CLPTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Comodo\\LaunchPad\\CLPTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\domino]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="domino"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\domino.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="soundman"
"hkey"="HKLM"
"command"="soundman.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SVCH0ST"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\SVCH0ST.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -u"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -u"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VMSnap1"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VMSnap1.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ    HTTPFilter\0\0
LocalService REG_MULTI_SZ    Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ    DnsCache\0\0
DcomLaunch REG_MULTI_SZ    DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ    RpcSs\0\0
imgsvc REG_MULTI_SZ    StiSvc\0\0
termsvcs REG_MULTI_SZ    TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c71e2b11-df2f-11db-ab9a-000255640389}]
Shell\AutoRun\command J:\setupSNK.exe


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-02 19:45:39
C:\ComboFix2.txt ... 07-04-01 17:09
C:\ComboFix3.txt ... 07-03-31 22:24
A new HijackThis log

QUOTE
Logfile of HijackThis v1.99.1
Scan saved at 7:53:33 PM, on 4/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tan\My Documents\hijackthis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\system32\XunLeiBHO_001.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: C8518F14 - Unknown owner - C:\WINDOWS\system32\C8518F14.EXE (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Network Location Awareness (Network Location) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Network.exe (file missing)
O23 - Service: Windows SystemDown (tlWindows3) - Unknown owner - C:\WINDOWS\system32\tlservet3.exe (file missing)
Added on April 2, 2007, 8:36 pmerm... got 1 problem.. =.=
when i wanna use window media player to play a song..
it will auto close..
same wif the problem of yahoo mail.. =.=
wat happen?
but hotmail and winamp din get this problem eh.. -.-a

This post has been edited by crazygalz: Apr 2 2007, 08:36 PM
Sempurna
post Apr 2 2007, 11:09 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi crazygalz,

OK, let's do this next.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):

CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Network.Task=-


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]



Save this as fix2.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this: user posted image

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.


NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\system32\XunLeiBHO_001.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O23 - Service: C8518F14 - Unknown owner - C:\WINDOWS\system32\C8518F14.EXE (file missing)
O23 - Service: Windows SystemDown (tlWindows3) - Unknown owner - C:\WINDOWS\system32\tlservet3.exe (file missing)


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the Open field, ONE AT A TIME, then click OK:

sc stop C8518F14

sc delete C8518F14

sc stop tlWindows3

sc delete tlWindows3


NEXT:

Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the Results report and paste it in your next reply for me to see):

C:\WINDOWS\SYSTEM\network.exe
C:\WINDOWS\system32\C8518F14.EXE
C:\WINDOWS\system32\tlservet3.exe


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.


NEXT:

For the Windows Media Player problem, have you tried uninstalling it, and then reinstall it to see if the problem goes away?

For the Yahoo Mail problem, please do this next.

Please download HostsXpert and save it to your desktop:
  • Extract the zip file to your desktop or a permanent folder on your hard drive.
  • Open the folder and double-click on HostsXpert.exe
  • Make sure that the "Make hosts writable?" button in the upper right corner is checked.
  • Click "Back up host files".
  • Click "Restore original hosts".
  • Click "OK" and exit the program.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  1. The results report from OTMoveIt.
  2. A new HijackThis log.

How are things running now? Please let me know of any problems that still persist.
TScrazygalz
post Apr 3 2007, 08:35 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 2 2007, 11:09 PM)
Hi crazygalz,

OK, let's do this next.

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below (don't forget to copy and paste REGEDIT4 as well):

CODE
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
Network.Task=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST]



Save this as fix2.reg and change the "Save as type" to "All Files" and place it on your desktop.

It should look like this:  user posted image

Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful.

In case you still are unsure on how to create a REG file, please take a look HERE with screenshots.
NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: Thunder Browser Helper - {63B2D652-EAD9-4D6E-93ED-2CC51D22CF02} - C:\WINDOWS\system32\XunLeiBHO_001.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O23 - Service: C8518F14 - Unknown owner - C:\WINDOWS\system32\C8518F14.EXE (file missing)
O23 - Service: Windows SystemDown (tlWindows3) - Unknown owner - C:\WINDOWS\system32\tlservet3.exe (file missing)
Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.
NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the Open field, ONE AT A TIME, then click OK:

sc stop C8518F14

sc delete C8518F14

sc stop tlWindows3

sc delete tlWindows3
NEXT:

Please run OTMoveIt and quarantine the following files/folders (please also remember to copy the Results report and paste it in your next reply for me to see):

C:\WINDOWS\SYSTEM\network.exe
C:\WINDOWS\system32\C8518F14.EXE
C:\WINDOWS\system32\tlservet3.exe
Note:  If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. After reboot, please run OTMoveIt again, follow the directions as above, and post the Results report for me to see.
NEXT:

For the Windows Media Player problem, have you tried uninstalling it, and then reinstall it to see if the problem goes away?

For the Yahoo Mail problem, please do this next.

Please download HostsXpert and save it to your desktop:


  • Extract the zip file to your desktop or a permanent folder on your hard drive.

  • Open the folder and double-click on HostsXpert.exe

  • Make sure that the "Make hosts writable?" button in the upper right corner is checked.

  • Click "Back up host files".

  • Click "Restore original hosts".

  • Click "OK" and exit the program.



NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:



  1. The results report from OTMoveIt.

  2. A new HijackThis log.


How are things running now? Please let me know of any problems that still persist.
*
The results report from OTMoveIt

QUOTE
File/Folder C:\WINDOWS\SYSTEM\network.exe not found.
File/Folder C:\WINDOWS\system32\C8518F14.EXE not found.
File/Folder C:\WINDOWS\system32\tlservet3.exe not found.

Created on 04/03/2007 20:18:58
A new HijackThis log

QUOTE
Logfile of HijackThis v1.99.1
Scan saved at 8:29:02 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tan\My Documents\hijackthis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Network Location Awareness (Network Location) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Network.exe (file missing)
er..er.. window media player can uninstall 1?
i cant find it at "add or remove programs" there =.="

erm.. that "HostsXpert" ..
where to click "Back up host files" ? rclxub.gif
izzit "Create Backup" ? shocking.gif

This post has been edited by crazygalz: Apr 3 2007, 08:38 PM


Attached thumbnail(s)
Attached Image
Sempurna
post Apr 4 2007, 04:06 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Hi crazygalz,


QUOTE
er..er.. window media player can uninstall 1?
i cant find it at "add or remove programs" there =.="

Yes, you can. Go to Add/Remove Program and click the Add/Remove Windows Components in the left pane.

Uncheck (untick) Windows Media Player and then click Next.
Follow the prompts to exit.

Reboot your system, then go back to Add/Remove Programs -> Add/Remove Windows Components, and check (tick) Windows Media Player to reinstall it. Click Next and follow the prompts to exit.

Reboot your system once more to complete the installation.

Let me know if Windows Media Player functions normally again.


QUOTE
erm.. that "HostsXpert" ..
where to click "Back up host files" ? 
izzit "Create Backup" ?

Yes, it is "Create Backup". Then click on "Restore Microsoft's Hosts File".
TScrazygalz
post Apr 4 2007, 10:56 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 4 2007, 04:06 PM)
Hi crazygalz,
Yes, you can. Go to Add/Remove Program and click the Add/Remove Windows Components in the left pane.

Uncheck (untick) Windows Media Player and then click Next.
Follow the prompts to exit.

Reboot your system, then go back to Add/Remove Programs -> Add/Remove Windows Components, and check (tick) Windows Media Player to reinstall it. Click Next and follow the prompts to exit.

Reboot your system once more to complete the installation.

Let me know if Windows Media Player functions normally again.
Yes, it is "Create Backup". Then click on "Restore Microsoft's Hosts File".
*
good news~
yeah~~ i can check mail d.. thx ><~~
rclxm9.gif


bad news~
T.T even reinstalling also same..
just click play.. it will auto close..
cry.gif
Sempurna
post Apr 4 2007, 11:39 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Do you have some other media player other than Windows Media Player installed? Like Quicktime?

If you do, which one is set as the default player?

In the meantime, please do this next.

Please download DAFT and save it to your desktop:
  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.
TScrazygalz
post Apr 5 2007, 08:26 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 4 2007, 11:39 PM)
Do you have some other media player other than Windows Media Player installed? Like Quicktime?

If you do, which one is set as the default player?

In the meantime, please do this next.

Please download DAFT and save it to your desktop:

  1. Double-click the daft.exe icon. Read the disclaimer and click OK.
  2. Click on the Scan button.
  3. Save a logfile.  By default, it will save as daft.txt.

Post the contents of that logfile with your next post.
*
erm..got 1 is ffdshow ..
will it effect ? blink.gif



logfile:

QUOTE
DAFT Log saved on 2007-04-05 20:21:17
-----------------------------------------------------------------------
All associations okay!
Sempurna
post Apr 5 2007, 09:23 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Not sure, but is that program working? Is it set as your default player?
TScrazygalz
post Apr 6 2007, 08:04 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 5 2007, 09:23 PM)
Not sure, but is that program working? Is it set as your default player?
*
erm.. i think ya.. hmm.gif
Sempurna
post Apr 6 2007, 08:05 PM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
Try setting Windows Media Player as your default player and see if that works. smile.gif
TScrazygalz
post Apr 6 2007, 11:56 PM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 6 2007, 08:05 PM)
Try setting Windows Media Player as your default player and see if that works.  smile.gif
*
i remove that ffdshow..
windows media play can play d.. doh.gif
...
hmmm... how to set as default player?
i'm wonder that oneday my sis will reinstall back that ffdshow .. =.="
Sempurna
post Apr 7 2007, 12:25 AM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
If you would like to set Windows Media Player as your default, open Windows Media Player and click on Tools across the top menu. A drop down box will appear, click on Options. Click on the tab File Types. Scroll down and place a check on the file types that you want to set WMP as the default player.
TScrazygalz
post Apr 7 2007, 12:50 AM

New Member
*
Junior Member
17 posts

Joined: Mar 2007
From: Penang
QUOTE(Sempurna @ Apr 7 2007, 12:25 AM)
If you would like to set Windows Media Player as your default, open Windows Media Player and click on Tools across the top menu.  A drop down box will appear, click on Options.  Click on the tab File Types.  Scroll down and place a check on the file types that you want to set WMP as the default player.
*
oo..



m.. 4get to say..

thanks~~ thumbup.gif
finally my pc virus clear~~ rclxm9.gif
thanks for ur help ~~ icon_rolleyes.gif

thanks~~ >< ~~
Sempurna
post Apr 7 2007, 01:09 AM

Look at all my stars!!
Group Icon
VIP
3,022 posts

Joined: Jul 2006
From: KL
You're most welcome, crazygalz. smile.gif

Since this problem appears to be resolved, this thread is closed.
« Next Oldest · Technical Support · Next Newest »
 

Topic ClosedOptions
 

Change to:
| Lo-Fi Version
 0.0281sec    0.87    6 queries    GZIP Disabled
Time is now: 2nd December 2025 - 03:23 AM
All Rights Reserved © 2002- 2025 Vijandren Ramadass (~unite against racism~)
Removal Request
Powered by Invision Power Board © 2025  IPS, Inc.