Piriform Community Forums

monica1230

Oct 29 2006, 12:19 PM

hi. ive done installing comodo firewall, avg anti spyware and antivirus (both free editions). i also scanned with bit defender online. but i do not know why exactly is my computer like this. i mean, for regular intervals of time, my pc would not respond, as in 2 to 3 minutes. then it would run again fine, yup for about a minute or so. when i look at my Task Manager, i observed that when my pc would be normal, "System \Idle Process" would have 98 to 99 of the CPU usage.but otherwise, services.exe would have all 99 cpu usage.. that's when it won't give a response or freeze for a while. is it really supposed to have that much of cpu usage?

also i went to C:/windows/system32 because that is where services.exe is. i noticed that there are two services.exe... the one with an icon i normally see that windows uses for such files. but the other have an ordinary applications icon.

i already scanned with avg both for virus and spyware but it all came out clean. anyways, ive included my hijackthis log and a picture for you to see what i am refering to.

Logfile of HijackThis v1.99.1
Scan saved at 6:27:41 PM, on 10/29/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Bagaporo\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Oct 29, 2006 - 14:28:16

--------------------------------------------------------------------------------

Scan Info

Scanned Files
32795

Infected Files
4

Virus Detected

VBS.Redlof.Gen
4

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

rridgely

Oct 30 2006, 12:14 AM

Update your windows. Then post a new hijackthis log.

monica1230

Oct 30 2006, 06:20 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:11:30 AM, on 10/31/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bagaporo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: Folder.htt
O4 - Global Startup: Folder.htt[size=5]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162219339828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162227692093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

what are those folder.htt for?
ive updated windows. one more thing i noticed is that the names of services.exe, lsas, smss, etc. are now of capital letters in the taskmanager... is that something?

and also the services.exe still eats up so many (have the most CPU usage)..

i'll sleep now.. already 2:20am here... thanks much and God bless u all...

rridgely

Oct 30 2006, 11:19 PM

Run Kaspersky WebScanner

Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

monica1230

Oct 31 2006, 07:03 AM

KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 31, 2006 2:52:09 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/10/2006
Kaspersky Anti-Virus database records: 223016

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 24304
Number of viruses found 1
Number of infected objects 30 / 0
Number of suspicious objects 0
Duration of the scan process 02:07:27

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Start Menu\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Application Data\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Bagaporo\Desktop\setup.exe Object is locked skipped

C:\Documents and Settings\Bagaporo\Favorites\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\History\History.IE5\MSHist012006103120061101\index.dat Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\Temp\Free Download Manager\ticE.tmp Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\Temp\~DF40E7.tmp Object is locked skipped

C:\Documents and Settings\Bagaporo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bagaporo\NetHood\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Bagaporo\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\SendTo\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Start Menu\Programs\Startup\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Documents and Settings\Bagaporo\Templates\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\gboy\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\gboy\list of games\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\gboy\list of games\laro\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\C++\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\Exer A.html Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\Exer B.html Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\Exer C.html Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\application\PE.html Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\jr_folder\monarchs\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\My Documents\Malware_Removal_Guide.html Infected: Virus.VBS.Redlof.k skipped

C:\WINDOWS\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\WINDOWS\All Users\Application Data\Comodo\Personal Firewall\Logs\cpf.lock Object is locked skipped

C:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\ipsecpa.log Object is locked skipped

C:\WINDOWS\Debug\oakley.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\WINDOWS\FONTS\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\WINDOWS\SchedLog.Txt Object is locked skipped

C:\WINDOWS\security\logs\scepol.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\78c6c5460c235010103d445602f2c6c0\BIT34.tmp Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default Object is locked skipped

C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software Object is locked skipped

C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\config\system Object is locked skipped

C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped

C:\WINDOWS\SYSTEM32\folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\WINDOWS\Web\Folder.htt Infected: Virus.VBS.Redlof.k skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

there was no save as text. i just saved it as html and i copy-pasted it here. also i deleted one folder.htt on one location specified on the report but after deleting one, i thought there were so many so i'll just leave them alone and wait for ur advice. thanks in advance.

rridgely

Oct 31 2006, 09:55 PM

Wow you managed to get infected right after formatting? Thats bad luck. That virus is a nasty one too.

Uninstall AVG antivirus. Then get this offer for etrust ez antivirus:
http://home3.ca.com/SubscriptCenter/MSTrialRegistration.aspx

Let it scan your computer and then run a new kaspersky scan and post if for me.

monica1230

Nov 1 2006, 02:15 AM

ok. i'll do this as fast as i can so i can let u see the results today before u log out.

thanks...

monica1230

Nov 1 2006, 03:49 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 01, 2006 11:30:29 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 3 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/11/2006
Kaspersky Anti-Virus database records: 223444
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 29751
Number of viruses found: 1
Number of infected objects: 28 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:45:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Start Menu\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Application Data\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\Cache\0034F529d01 Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\cert8.db Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\history.dat Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\key3.db Object is locked skipped
C:\Documents and Settings\Bagaporo\Application Data\Mozilla\Firefox\Profiles\fts5xk8v.default\parent.lock Object is locked skipped
C:\Documents and Settings\Bagaporo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bagaporo\Favorites\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temp\Free Download Manager\tic2.tmp Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temp\~DF4752.tmp Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temp\~DF48A9.tmp Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temp\~DF6839.tmp Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temp\~DFEA0E.tmp Object is locked skipped
C:\Documents and Settings\Bagaporo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bagaporo\NetHood\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bagaporo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\SendTo\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Documents and Settings\Bagaporo\Templates\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\gboy\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\gboy\list of games\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\gboy\list of games\laro\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\C++\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\Exer A.html Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\Exer B.html Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\Exer C.html Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\application\PE.html Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\jr_folder\monarchs\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\My Documents\Malware_Removal_Guide.html Infected: Virus.VBS.Redlof.k skipped
C:\Program Files\TypingMaster\TypingTest\database\HAPPY.wks Object is locked skipped
C:\Program Files\TypingMaster\TypingTest\database\Sarah.usr Object is locked skipped
C:\WINDOWS\All Users\Application Data\Comodo\Personal Firewall\Logs\cpf.lock Object is locked skipped
C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\WINDOWS\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\ipsecpa.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\WINDOWS\FONTS\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\security\logs\scepol.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1e28e3e44d278a5858d1239e481f944c\BIT3C.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bcba83bfbd8696dcc681193357beb552\download\BIT961.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped
C:\WINDOWS\SYSTEM32\folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\WINDOWS\Web\Folder.htt Infected: Virus.VBS.Redlof.k skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

i wonder why avg doesn't even noticed that virus. i always adored avg but i am having second thoughts for it now. and i also installed and scanned with ca anti virus that you mentioned. it didn't also noticed the redlof virus. now what do i do next ridge? i hope i everything would be fine soon.

rridgely

Nov 1 2006, 10:17 PM

Sysclean

First create a new folder on your desktop by right clicking an empty space and choosing New>Folder. Rename the folder sysclean.
Download the following file and place it in your new folder.
http://www.trendmicro.com/ftp/products/tsc/cpr/tsc.zip
Now download the most recent virus detection file and extract(unzip) it in the sysclean folder with the first file.
<a href="http://www.trendmicro.com/ftp/products/tsc/cpr/tsc.zip" target="_blank">http://www.trendmicro.com/ftp/products/tsc/cpr/tsc.zip</a>
Now Open the Sysclean folder and double click the sysclean file and press scan. Sysclean will now scan and automatically clean your computer of all possible viruses. Once sysclean is done it might ask you to reboot your computer. If it does not ask you to reboot do it anyway.
After the reboot open the sysclean folder and look for SYSCLEAN.LOG. Post that log onto the forum.

monica1230

Nov 2 2006, 04:32 AM

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:43:25, Auto-clean mode specified.
2006-11-02, 09:43:25, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:47:40, Auto-clean mode specified.
2006-11-02, 09:47:40, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:48:04, Auto-clean mode specified.
2006-11-02, 09:48:04, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 09:48:04, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 09:48:04, TSC Log:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:48:41, Auto-clean mode specified.
2006-11-02, 09:48:41, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 09:48:41, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 09:48:41, TSC Log:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:26:14, Auto-clean mode specified.
2006-11-02, 10:26:14, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:26:46, Auto-clean mode specified.
2006-11-02, 10:26:46, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 10:26:46, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:26:46, TSC Log:

2006-11-02, 10:27:26, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 10:31:24, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:31:24, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 09:43:27

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 09:46:22
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 09:47:41

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 10:26:17

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 10:31:23
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-02, 10:31:56, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 10:37:25, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\Documents and Settings\All Users\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Application Data\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Favorites\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\NetHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\SendTo\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Templates\Folder.htt [VBS_REDLOF.S]
C:\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\laro\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\C++\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\Exer A.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer B.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer C.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\PE.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\monarchs\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Malware_Removal_Guide.html [VBS_REDLOF.Y]
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:32:07
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:37:25, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Application Data\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Favorites\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\NetHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\SendTo\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Templates\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\laro\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\C++\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer A.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer B.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer C.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\PE.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\monarchs\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\Malware_Removal_Guide.html
2006-11-02, 10:37:25, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:37:25, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.
2006-11-02, 10:40:05, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\Documents and Settings\All Users\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Application Data\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Favorites\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\NetHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\SendTo\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Templates\Folder.htt [VBS_REDLOF.S]
C:\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\laro\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\C++\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\Exer A.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer B.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer C.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\PE.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\monarchs\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Malware_Removal_Guide.html [VBS_REDLOF.Y]
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:32:07
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:40:05, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Application Data\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Favorites\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\NetHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\SendTo\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Templates\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\laro\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\C++\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer A.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer B.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer C.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\PE.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\monarchs\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\Malware_Removal_Guide.html
2006-11-02, 10:40:05, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:40:05, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:40:30, Auto-clean mode specified.
2006-11-02, 10:40:30, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 10:44:56, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:44:56, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 10:40:33

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 10:44:55
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-02, 10:45:35, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 11:45:59, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\WINDOWS\folder.htt [VBS_REDLOF.S]
C:\WINDOWS\FONTS\Folder.htt [VBS_REDLOF.S]
C:\WINDOWS\SYSTEM32\folder.htt [VBS_REDLOF.S]
C:\WINDOWS\Web\Folder.htt [VBS_REDLOF.S]
29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\FONTS\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\SYSTEM32\folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\Web\Folder.htt
29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56 1 hour 3 seconds (3603.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56 1 hour 3 seconds (3603.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.

i noticed that after doing ur instructions, i have 3 files in the sysclean folder. i double clicked the file with the .com extension. but it said that i must download the LPT$VPN.*

So that's what i did. i then extracted it to the same sysclean folder. then i double clicked again the .com file. afterwards, it started in dos mode with many virus patterns thing. then some files appeared in the sysclean folder, while some files disappeared, like the .com file i just double clicked. anyways, i started this several times and completed only once, i mean the .com file.

and these are the results. it said it cleaned the virus... hurray. but still my computer is slow for awhile and fine also for awhile, just as everything as it was before. thanks again.
i also posted hijack this log...

Logfile of HijackThis v1.99.1
Scan saved at 12:20:58 PM, on 11/2/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bagaporo\Desktop\HijackThis.exe
C:\Program Files\CA\CA Internet Security Suite\ccupdate\CCUpdate.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162219339828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162227692093
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

rridgely

Nov 2 2006, 04:42 AM

Log looks good. One more scan just to make sure everything is 100% clean.

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

Post scan log and a new hijackthis log.

TeeJay3800

Nov 2 2006, 05:28 AM

This may be unrelated, but I noticed you have 2000 SP3. It was my understanding that SP3 is no longer supported by Microsoft. Definitely upgrade to SP4 so you can get the latest security patches.

monica1230

Nov 2 2006, 08:03 AM

QUOTE(TeeJay3800 @ Nov 2 2006, 01:28 PM) [snapback]53859[/snapback]

This may be unrelated, but I noticed you have 2000 SP3. It was my understanding that SP3 is no longer supported by Microsoft. Definitely upgrade to SP4 so you can get the latest security patches.

rridgely told me to update my windows earlier on this post. and i went to microsoft windows update. from the choices, there were only sp1 to sp3. i did not remember seeing sp4. so i chose sp3. thanks anyway for your concern

TeeJay3800

Nov 2 2006, 08:10 AM

Sorry, I missed that part. Its very strange that you weren't offered an upgrade to SP4, considering that it was released back in mid 2003.

Windows 2000 SP4 info and download

monica1230

Nov 2 2006, 08:27 AM

ok. i'll try to update to sp4 as soon as i get home. currently im here at school

thanks

monica1230

Nov 2 2006, 03:08 PM

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:43:25, Auto-clean mode specified.
2006-11-02, 09:43:25, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:47:40, Auto-clean mode specified.
2006-11-02, 09:47:40, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:48:04, Auto-clean mode specified.
2006-11-02, 09:48:04, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 09:48:04, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 09:48:04, TSC Log:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 09:48:41, Auto-clean mode specified.
2006-11-02, 09:48:41, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 09:48:41, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 09:48:41, TSC Log:

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:26:14, Auto-clean mode specified.
2006-11-02, 10:26:14, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:26:46, Auto-clean mode specified.
2006-11-02, 10:26:46, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 10:26:46, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:26:46, TSC Log:

2006-11-02, 10:27:26, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 10:31:24, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:31:24, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 09:43:27

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 09:46:22
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 09:47:41

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]
Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 10:26:17

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 10:31:23
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-02, 10:31:56, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 10:37:25, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\Documents and Settings\All Users\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Application Data\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Favorites\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\NetHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\SendTo\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Templates\Folder.htt [VBS_REDLOF.S]
C:\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\laro\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\C++\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\Exer A.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer B.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer C.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\PE.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\monarchs\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Malware_Removal_Guide.html [VBS_REDLOF.Y]
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:32:07
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:37:25, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Application Data\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Favorites\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\NetHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\SendTo\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Templates\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\laro\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\C++\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer A.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer B.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer C.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\PE.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\monarchs\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\Malware_Removal_Guide.html
2006-11-02, 10:37:25, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:37:25, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.
2006-11-02, 10:40:05, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\Documents and Settings\All Users\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Application Data\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Favorites\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\NetHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\SendTo\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Templates\Folder.htt [VBS_REDLOF.S]
C:\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\Folder.htt [VBS_REDLOF.S]
C:\My Documents\gboy\list of games\laro\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\C++\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\Exer A.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer B.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Exer C.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\application\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\application\PE.html [VBS_REDLOF.Y]
C:\My Documents\jr_folder\Folder.htt [VBS_REDLOF.S]
C:\My Documents\jr_folder\monarchs\Folder.htt [VBS_REDLOF.S]
C:\My Documents\Malware_Removal_Guide.html [VBS_REDLOF.Y]
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:32:07
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:40:05, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\All Users\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Application Data\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Favorites\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\NetHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\PrintHood\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\SendTo\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Start Menu\Programs\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Templates\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\gboy\list of games\laro\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\C++\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer A.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer B.html
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\Exer C.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\application\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\jr_folder\application\PE.html
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\My Documents\jr_folder\monarchs\Folder.htt
Success Clean [ VBS_REDLOF.Y]( 6552) from C:\My Documents\Malware_Removal_Guide.html
2006-11-02, 10:40:05, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:27:43
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

2006-11-02, 10:40:05, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 10:40:30, Auto-clean mode specified.
2006-11-02, 10:40:30, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 10:44:56, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 10:44:56, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 10:40:33

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 10:44:55
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-02, 10:45:35, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 11:45:59, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\WINDOWS\folder.htt [VBS_REDLOF.S]
C:\WINDOWS\FONTS\Folder.htt [VBS_REDLOF.S]
C:\WINDOWS\SYSTEM32\folder.htt [VBS_REDLOF.S]
C:\WINDOWS\Web\Folder.htt [VBS_REDLOF.S]
29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\FONTS\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\SYSTEM32\folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\WINDOWS\Web\Folder.htt
29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56 1 hour 3 seconds (3603.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 10:45:49
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

29803 files have been read.
29803 files have been checked.
24505 files have been scanned.
91080 files have been scanned. (including files in archived)
4 files containing viruses.
Found 4 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 11:45:56 1 hour 3 seconds (3603.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 11:45:59, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-11-02, 21:49:53, Auto-clean mode specified.
2006-11-02, 21:49:53, Running scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN"...
2006-11-02, 21:56:42, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\TSC.BIN" has finished running.
2006-11-02, 21:56:42, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 3)

Start time : Thu Nov 02 2006 21:49:56

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Bagaporo\Desktop\sysclean\tsc.ptn" (version 802) [success]

Complete time : Thu Nov 02 2006 21:56:41
Execute pattern count(2969), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-11-02, 21:57:38, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-11-02, 22:19:47, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 21:57:51
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\gboy\Folder.htt [VBS_REDLOF.S]
C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\gboy\list of games\Folder.htt [VBS_REDLOF.S]
30038 files have been read.
30038 files have been checked.
24714 files have been scanned.
91435 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 22:19:46
---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 22:19:47, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 21:57:51
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\gboy\Folder.htt
Success Clean [ VBS_REDLOF.S]( 1) from C:\Documents and Settings\Bagaporo\Desktop\galing sa MEMORY\gboy\list of games\Folder.htt
30038 files have been read.
30038 files have been checked.
24714 files have been scanned.
91435 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 22:19:46 21 minutes 53 seconds (1312.97 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 22:19:47, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/2/2006 21:57:51
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 895 (139662 Patterns) (2006/10/31) (389500)
Command Line: C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Bagaporo\Desktop\sysclean

30038 files have been read.
30038 files have been checked.
24714 files have been scanned.
91435 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/2/2006 22:19:46 21 minutes 53 seconds (1312.97 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-11-02, 22:19:47, Scanner "C:\Documents and Settings\Bagaporo\Desktop\sysclean\VSCANTM.BIN" has finished running.

Logfile of HijackThis v1.99.1
Scan saved at 10:57:01 PM, on 11/2/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Bagaporo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/windowsupdate/...t.aspx?ln=en-us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Comodo Firewall] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162219339828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162227692093
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

SUPERAntiSpyware Scan Log
Generated 11/02/2006 at 03:29 PM

Application Version : 3.3.1020

Core Rules Database Version : 3119
Trace Rules Database Version: 1142

Scan type : Complete Scan
Total Scan Time : 01:47:50

Memory items scanned : 271
Memory threats detected : 0
Registry items scanned : 3690
Registry threats detected : 0
File items scanned : 17970
File threats detected : 0

all are clean now. i wonder why my pc is still like this.
also when i ran sysclean, in the dos mode window, i can see as it scans each file. it encounters
errors especially with things inside system32 folder. but these aren't mentioned in the log file it produced.

rridgely

Nov 2 2006, 09:44 PM

First lets make sure its not comodo slowing your pc down. Disable it and let me know if you see improvement in speeds.

monica1230

Nov 3 2006, 02:07 AM

im here at school right now, so i can't do that for now. but before i installed comodo i remember my pc is like that. so i guess comodo isn't causing my pc to slow down.

i did however mentioned to you earlier in this post that there are two services.exe in my systems32 folder.
and its eating very much of the cpu usage everytime i peek at task manager. and thats when my pc is slowing down.

and when my pc starts up, comodo is asking for permission for lsass and something else for connection to internet. it said this is quite suspiscious and is quite like a trojan.

and also when i check the lan connection, i use wifi, i have a larger sent packets than received packets though i am just browsing the internet. isn't this something?

rridgely

Nov 3 2006, 02:22 AM

Lsass is legit. (so is the services)
http://www.liutilities.com/products/wintas...slibrary/lsass/

The log you posted is clean. I guess if you want you can run a few other spyware scans but they shouldn't find anything.

monica1230

Nov 3 2006, 01:37 PM

Ok. if that's what you say. anyways, im now online and i disabled comodo. but still the problem persists. i hope wwe can find a solution to this.
im sorry if im causing too much trouble. anyways, thank you very much for all your help.

rridgely

Nov 3 2006, 09:55 PM

If you still think things aren't right then we can keep going.

Run the kaspersky scan again and post the log.

Also do this:

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

monica1230

Nov 4 2006, 03:46 AM

of course i think everything is not alright. yes we removed the virus already.
but my computer still regularly freezes up for two to three minutes and so.
that was what bugged me in the beginning.
i dont have any virus or spyware now because all my tests came out all clean. i even ran hd tune 2.52 because i read it from andavari that it will tell the condition of my hard disk and its fine.

anyways, i'll still run combofix. . .

rridgely

Nov 4 2006, 04:18 AM

Well its could be memory related. Which you could find out by testing it with memtest:
http://www.memtest.org/

monica1230

Nov 4 2006, 05:11 AM

Bagaporo - Sat 11/04/2006 12:32:17.43 Service Pack 3
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Bagaporo\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))

2006-11-04 11:24 61,200 --a------ C:\WINDOWS\SYSTEM32\CRYPTNET.DLL
2006-11-04 11:24 442,640 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2006-11-04 11:24 37,136 --------- C:\WINDOWS\SYSTEM32\mf3216.dll
2006-11-04 11:09 831,760 --a------ C:\WINDOWS\SYSTEM32\mswdat10.dll
2006-11-04 11:09 614,672 --a------ C:\WINDOWS\SYSTEM32\mswstr10.dll
2006-11-04 11:09 553,232 --a------ C:\WINDOWS\SYSTEM32\msrepl40.dll
2006-11-04 11:09 53,520 --a------ C:\WINDOWS\SYSTEM32\msjter40.dll
2006-11-04 11:09 512,272 --a------ C:\WINDOWS\SYSTEM32\msexch40.dll
2006-11-04 11:09 422,160 --a------ C:\WINDOWS\SYSTEM32\msrd2x40.dll
2006-11-04 11:09 380,957 --a------ C:\WINDOWS\SYSTEM32\expsrv.dll
2006-11-04 11:09 352,528 --a------ C:\WINDOWS\SYSTEM32\msjetoledb40.dll
2006-11-04 11:09 348,432 --a------ C:\WINDOWS\SYSTEM32\mspbde40.dll
2006-11-04 11:09 319,760 --a------ C:\WINDOWS\SYSTEM32\msexcl40.dll
2006-11-04 11:09 315,664 --a------ C:\WINDOWS\SYSTEM32\msrd3x40.dll
2006-11-04 11:09 30,749 --a------ C:\WINDOWS\SYSTEM32\vbajet32.dll
2006-11-04 11:09 258,320 --a------ C:\WINDOWS\SYSTEM32\mstext40.dll
2006-11-04 11:09 241,936 --a------ C:\WINDOWS\SYSTEM32\msjtes40.dll
2006-11-04 11:09 213,264 --a------ C:\WINDOWS\SYSTEM32\msltus40.dll
2006-11-04 11:09 151,824 --a------ C:\WINDOWS\SYSTEM32\msjint40.dll
2006-11-04 11:09 1,507,600 --a------ C:\WINDOWS\SYSTEM32\msjet40.dll
2006-11-04 11:05 97,552 --a------ C:\WINDOWS\SYSTEM32\comrepl.dll
2006-11-04 11:05 97,040 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2006-11-04 11:05 96,016 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2006-11-04 11:05 625,936 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2006-11-04 11:05 595,728 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2006-11-04 11:05 41,744 --a------ C:\WINDOWS\SYSTEM32\colbact.dll
2006-11-04 11:05 35,600 --a------ C:\WINDOWS\SYSTEM32\mtxlegih.dll
2006-11-04 11:05 26,896 --a------ C:\WINDOWS\SYSTEM32\mtxdm.dll
2006-11-04 11:05 18,704 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2006-11-04 11:05 169,232 --a------ C:\WINDOWS\SYSTEM32\catsrv.dll
2006-11-04 11:05 153,872 --a------ C:\WINDOWS\SYSTEM32\msdtcui.dll
2006-11-04 11:05 120,592 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll
2006-11-04 11:05 1,816,552 -ra------ C:\WINDOWS\SYSTEM32\dtcsetup.exe
2006-11-04 11:05 1,139,984 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2006-11-04 00:13 24,576 --a------ C:\WINDOWS\SYSTEM32\STKIT432.DLL
2006-11-01 21:01 44,304 --a------ C:\WINDOWS\SYSTEM32\DPWSOCKX.DLL
2006-11-01 21:01 220,432 --a------ C:\WINDOWS\SYSTEM32\DPLAYX.DLL
2006-11-01 20:23 27,920 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2006-10-31 02:11 90,384 --a------ C:\WINDOWS\SYSTEM32\psxss.exe
2006-10-31 01:05 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-10-31 00:49 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2006-10-31 00:49 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2006-10-31 00:49 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2006-10-31 00:49 18,200 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2006-10-31 00:49 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2006-10-31 00:49 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2006-10-31 00:28 3,856 --------- C:\WINDOWS\SYSTEM32\SVCPACK1.DLL
2006-10-31 00:26 8,464 --a------ C:\WINDOWS\SYSTEM32\wshirda.dll
2006-10-31 00:26 68,368 --a------ C:\WINDOWS\SYSTEM32\ws2_32.dll
2006-10-31 00:26 39,696 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2006-10-31 00:26 28,400 --a------ C:\WINDOWS\SYSTEM32\wupdinfo.dll
2006-10-31 00:26 21,776 --a------ C:\WINDOWS\SYSTEM32\wsock32.dll
2006-10-31 00:26 172,664 --a------ C:\WINDOWS\SYSTEM32\XENROLL.DLL
2006-10-31 00:26 10,000 --a------ C:\WINDOWS\SYSTEM32\wshatm.dll
2006-10-31 00:25 74,000 --a------ C:\WINDOWS\SYSTEM32\wmicore.dll
2006-10-31 00:25 37,648 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2006-10-31 00:25 270,608 --a------ C:\WINDOWS\winhlp32.exe
2006-10-31 00:25 193,296 --a------ C:\WINDOWS\winrep.exe
2006-10-31 00:25 171,792 --a------ C:\WINDOWS\SYSTEM32\wjview.exe
2006-10-31 00:25 166,160 --------- C:\WINDOWS\SYSTEM32\WINTRUST.DLL
2006-10-31 00:25 162,576 --------- C:\WINDOWS\SYSTEM32\WLDAP32.DLL
2006-10-31 00:24 42,768 --a------ C:\WINDOWS\SYSTEM32\webhits.dll
2006-10-31 00:22 155,920 --a------ C:\WINDOWS\SYSTEM32\wavemsp.dll
2006-10-31 00:21 83,888 --a------ C:\WINDOWS\SYSTEM32\vga.dll
2006-10-31 00:21 51,472 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2006-10-31 00:21 315,664 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2006-10-31 00:21 287,504 --a------ C:\WINDOWS\SYSTEM32\vmhelper.dll
2006-10-31 00:21 22,800 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2006-10-31 00:20 68,368 --a------ C:\WINDOWS\SYSTEM32\unimdmat.dll
2006-10-31 00:20 14,608 --a------ C:\WINDOWS\SYSTEM32\uniplat.dll
2006-10-31 00:20 11,536 --a------ C:\WINDOWS\SYSTEM32\usbmon.dll
2006-10-31 00:19 90,896 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2006-10-31 00:19 80,144 --a------ C:\WINDOWS\SYSTEM32\telnet.exe
2006-10-31 00:19 55,056 --a------ C:\WINDOWS\SYSTEM32\tlntsess.exe
2006-10-31 00:19 41,744 --a------ C:\WINDOWS\SYSTEM32\tcpmon.dll
2006-10-31 00:19 392,464 --------- C:\WINDOWS\SYSTEM32\txfaux.dll
2006-10-31 00:19 375,568 --a------ C:\WINDOWS\SYSTEM32\tapi3.dll
2006-10-31 00:19 28,944 --a------ C:\WINDOWS\SYSTEM32\svcpack.dll
2006-10-31 00:19 187,664 --a------ C:\WINDOWS\SYSTEM32\thumbvw.dll
2006-10-31 00:19 186,128 --a------ C:\WINDOWS\SYSTEM32\tlntsvr.exe
2006-10-31 00:19 173,328 --a------ C:\WINDOWS\SYSTEM32\tapisrv.dll
2006-10-31 00:19 17,680 --a------ C:\WINDOWS\SYSTEM32\tftp.exe
2006-10-31 00:19 13,072 --a------ C:\WINDOWS\SYSTEM32\tcpmib.dll
2006-10-31 00:18 89,872 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2006-10-31 00:18 81,168 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2006-10-31 00:18 62,736 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2006-10-31 00:18 61,712 --a------ C:\WINDOWS\SYSTEM32\stisvc.exe
2006-10-31 00:18 49,424 --a------ C:\WINDOWS\SYSTEM32\sqlwoa.dll
2006-10-31 00:18 47,888 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2006-10-31 00:18 419,600 --a------ C:\WINDOWS\SYSTEM32\ssmaze.scr
2006-10-31 00:18 41,744 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2006-10-31 00:18 38,672 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2006-10-31 00:18 36,624 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2006-10-31 00:18 35,600 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2006-10-31 00:18 33,040 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2006-10-31 00:18 285,456 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2006-10-31 00:18 246,544 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2006-10-31 00:18 24,848 --a------ C:\WINDOWS\SYSTEM32\sqlwid.dll
2006-10-31 00:18 214,288 --a------ C:\WINDOWS\SYSTEM32\snmpsnap.dll
2006-10-31 00:18 187,024 --a------ C:\WINDOWS\SYSTEM32\spcmdcon.sys
2006-10-31 00:18 17,680 --a------ C:\WINDOWS\SYSTEM32\SNMPAPI.DLL
2006-10-31 00:18 138,000 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2006-10-31 00:18 119,056 --a------ C:\WINDOWS\SYSTEM32\sqlstr.dll
2006-10-31 00:18 102,160 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2006-10-31 00:17 69,392 --a------ C:\WINDOWS\SYSTEM32\shim.dll
2006-10-31 00:17 30,992 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2006-10-31 00:17 15,120 --a------ C:\WINDOWS\SYSTEM32\sisbkup.dll
2006-10-31 00:16 974,096 --------- C:\WINDOWS\SYSTEM32\sfcfiles.dll
2006-10-31 00:16 94,320 --a------ C:\WINDOWS\SYSTEM32\sfc.dll
2006-10-31 00:16 77,584 --a------ C:\WINDOWS\SYSTEM32\scripto.dll
2006-10-31 00:16 65,601 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2006-10-31 00:16 48,400 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2006-10-31 00:16 28,432 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2006-10-31 00:16 17,680 --------- C:\WINDOWS\SYSTEM32\seclogon.dll
2006-10-31 00:15 97,040 --a------ C:\WINDOWS\SYSTEM32\rtm.dll
2006-10-31 00:15 77,072 --a------ C:\WINDOWS\SYSTEM32\rsvpsp.dll
2006-10-31 00:15 66,832 --a------ C:\WINDOWS\SYSTEM32\regsvc.exe
2006-10-31 00:15 63,248 --a------ C:\WINDOWS\SYSTEM32\RASSCRPT.DLL
2006-10-31 00:15 48,912 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2006-10-31 00:15 431,888 --a------ C:\WINDOWS\SYSTEM32\riched20.dll
2006-10-31 00:15 40,720 --a------ C:\WINDOWS\SYSTEM32\RESUTILS.DLL
2006-10-31 00:15 36,624 --a------ C:\WINDOWS\SYSTEM32\RNR20.DLL
2006-10-31 00:15 36,112 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2006-10-31 00:15 35,600 --a------ C:\WINDOWS\SYSTEM32\RASCHAP.DLL
2006-10-31 00:15 25,360 --a------ C:\WINDOWS\SYSTEM32\rsfsaps.dll
2006-10-31 00:15 25,360 --a------ C:\WINDOWS\SYSTEM32\rapilib.dll
2006-10-31 00:15 24,336 --a------ C:\WINDOWS\SYSTEM32\rpcns4.dll
2006-10-31 00:15 197,904 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2006-10-31 00:15 154,896 --a------ C:\WINDOWS\SYSTEM32\rasmontr.dll
2006-10-31 00:15 14,608 --a------ C:\WINDOWS\SYSTEM32\RASSAPI.DLL
2006-10-31 00:15 139,536 --a------ C:\WINDOWS\SYSTEM32\regedt32.exe
2006-10-31 00:15 131,344 --a------ C:\WINDOWS\SYSTEM32\RSABASE.DLL
2006-10-31 00:15 108,304 --a------ C:\WINDOWS\SYSTEM32\rsnotify.exe
2006-10-31 00:15 105,232 --a------ C:\WINDOWS\SYSTEM32\rend.dll
2006-10-31 00:15 10,512 --a------ C:\WINDOWS\SYSTEM32\runas.exe
2006-10-31 00:15 1,424,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2006-10-31 00:14 97,040 --a------ C:\WINDOWS\SYSTEM32\polagent.dll
2006-10-31 00:14 53,008 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2006-10-31 00:14 28,944 --a------ C:\WINDOWS\SYSTEM32\perfproc.dll
2006-10-31 00:14 24,336 --a------ C:\WINDOWS\SYSTEM32\perfdisk.dll
2006-10-31 00:14 166,672 --a------ C:\WINDOWS\SYSTEM32\qcap.dll
2006-10-31 00:14 152,848 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2006-10-31 00:14 145,168 --a------ C:\WINDOWS\SYSTEM32\polstore.dll
2006-10-31 00:14 13,584 --a------ C:\WINDOWS\SYSTEM32\powrprof.dll
2006-10-31 00:14 114,448 --------- C:\WINDOWS\SYSTEM32\PSBASE.DLL
2006-10-31 00:13 90,112 --a------ C:\WINDOWS\SYSTEM32\odbcint.dll
2006-10-31 00:13 70,928 --a------ C:\WINDOWS\SYSTEM32\olethk32.dll
2006-10-31 00:13 692,496 --a------ C:\WINDOWS\SYSTEM32\OPENGL32.DLL
2006-10-31 00:13 57,104 --a------ C:\WINDOWS\SYSTEM32\ocmanage.dll
2006-10-31 00:13 53,520 --a------ C:\WINDOWS\SYSTEM32\odbcji32.dll
2006-10-31 00:13 444,176 --a------ C:\WINDOWS\SYSTEM32\oieng400.dll
2006-10-31 00:13 41,232 --a------ C:\WINDOWS\SYSTEM32\odbcconf.exe
2006-10-31 00:13 41,232 --a------ C:\WINDOWS\SYSTEM32\odbcconf.dll
2006-10-31 00:13 37,136 --a------ C:\WINDOWS\SYSTEM32\ODBCAD32.exe
2006-10-31 00:13 270,608 --a------ C:\WINDOWS\SYSTEM32\odbcjt32.dll
2006-10-31 00:13 24,848 --a------ C:\WINDOWS\SYSTEM32\ODBC32GT.dll
2006-10-31 00:13 200,976 --a------ C:\WINDOWS\SYSTEM32\odbccu32.dll
2006-10-31 00:13 20,752 --a------ C:\WINDOWS\SYSTEM32\odtext32.dll
2006-10-31 00:13 20,752 --a------ C:\WINDOWS\SYSTEM32\odpdx32.dll
2006-10-31 00:13 20,752 --a------ C:\WINDOWS\SYSTEM32\odfox32.dll
2006-10-31 00:13 20,752 --a------ C:\WINDOWS\SYSTEM32\odexl32.dll
2006-10-31 00:13 20,752 --a------ C:\WINDOWS\SYSTEM32\oddbse32.dll
2006-10-31 00:13 196,880 --a------ C:\WINDOWS\SYSTEM32\odbccr32.dll
2006-10-31 00:13 164,112 --a------ C:\WINDOWS\SYSTEM32\OLEPRO32.DLL
2006-10-31 00:13 155,920 --a------ C:\WINDOWS\SYSTEM32\ODBCTRAC.dll
2006-10-31 00:13 104,960 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2006-10-31 00:12 85,776 --a------ C:\WINDOWS\SYSTEM32\ntsdexts.dll
2006-10-31 00:12 53,520 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2006-10-31 00:12 401,168 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2006-10-31 00:12 391,440 --a------ C:\WINDOWS\SYSTEM32\oakley.dll
2006-10-31 00:12 207,632 --a------ C:\WINDOWS\SYSTEM32\objsel.dll
2006-10-31 00:12 173,328 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2006-10-31 00:12 102,160 --a------ C:\WINDOWS\SYSTEM32\NTMARTA.DLL
2006-10-31 00:11 80,144 --a------ C:\WINDOWS\SYSTEM32\ntdskcc.dll
2006-10-31 00:11 67,344 --a------ C:\WINDOWS\SYSTEM32\ntdsetup.dll
2006-10-31 00:11 57,616 --a------ C:\WINDOWS\SYSTEM32\ntdsapi.dll
2006-10-31 00:11 32,016 --a------ C:\WINDOWS\SYSTEM32\ntdsatq.dll
2006-10-31 00:11 28,432 --a------ C:\WINDOWS\SYSTEM32\ntdsbsrv.dll
2006-10-31 00:11 27,920 --a------ C:\WINDOWS\SYSTEM32\ntdsbcli.dll
2006-10-31 00:10 91,136 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2006-10-31 00:10 8,704 --------- C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-10-31 00:10 124,184 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2006-10-31 00:10 1,343,768 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2006-10-31 00:09 9,488 --------- C:\WINDOWS\SYSTEM32\spiisupd.exe
2006-10-31 00:09 6,928 --------- C:\WINDOWS\SYSTEM32\schmupd.exe
2006-10-31 00:09 45,840 --------- C:\WINDOWS\SYSTEM32\msmqprop.exe
2006-10-31 00:09 362,496 --------- C:\WINDOWS\SYSTEM32\qmgr.dll
2006-10-31 00:09 34,816 --------- C:\WINDOWS\SYSTEM32\msiregmv.exe
2006-10-31 00:09 26,624 --------- C:\WINDOWS\SYSTEM32\msxmlr.dll
2006-10-31 00:09 20,208 --------- C:\WINDOWS\SYSTEM32\DRIVERS\msircomm.sys
2006-10-31 00:09 198,424 --a------ C:\WINDOWS\SYSTEM32\iuengine.dll
2006-10-31 00:09 133,904 --------- C:\WINDOWS\SYSTEM32\rsaenh.dll
2006-10-31 00:09 10,512 --------- C:\WINDOWS\SYSTEM32\sptsupd.exe
2006-10-31 00:08 72,464 --a------ C:\WINDOWS\SYSTEM32\netui0.dll
2006-10-31 00:08 56,592 --a------ C:\WINDOWS\SYSTEM32\mydocs.dll
2006-10-31 00:08 547,600 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2006-10-31 00:08 52,496 --------- C:\WINDOWS\SYSTEM32\mtxclu.dll
2006-10-31 00:08 505,616 --a------ C:\WINDOWS\SYSTEM32\msxml.dll
2006-10-31 00:08 468,752 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2006-10-31 00:08 33,616 --------- C:\WINDOWS\SYSTEM32\DRIVERS\fips.sys
2006-10-31 00:08 24,336 --------- C:\WINDOWS\SYSTEM32\ftpqfe.exe
2006-10-31 00:08 173,840 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2006-10-31 00:08 16,144 --a------ C:\WINDOWS\SYSTEM32\NDDEAPI.DLL
2006-10-31 00:08 146,192 --------- C:\WINDOWS\SYSTEM32\dssenh.dll
2006-10-31 00:08 131,344 --a------ C:\WINDOWS\SYSTEM32\netid.dll
2006-10-31 00:08 10,288 --------- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2006-10-31 00:07 76,560 --a------ C:\WINDOWS\SYSTEM32\msw3prt.dll
2006-10-31 00:07 7,440 --a------ C:\WINDOWS\SYSTEM32\msswchx.exe
2006-10-31 00:07 64,272 --a------ C:\WINDOWS\SYSTEM32\mswsock.dll
2006-10-31 00:07 35,088 --a------ C:\WINDOWS\SYSTEM32\MSSIGN32.DLL
2006-10-31 00:07 290,869 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2006-10-31 00:07 155,920 --a------ C:\WINDOWS\SYSTEM32\msorcl32.dll
2006-10-31 00:07 14,608 --a------ C:\WINDOWS\SYSTEM32\msswch.dll
2006-10-31 00:04 21,264 --a------ C:\WINDOWS\SYSTEM32\msjdbc10.dll
2006-10-31 00:00 700,176 --------- C:\WINDOWS\SYSTEM32\msdtcprx.dll
2006-10-31 00:00 4,368 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2006-10-31 00:00 24,848 --a------ C:\WINDOWS\SYSTEM32\msdart32.dll
2006-10-31 00:00 236,304 --a------ C:\WINDOWS\SYSTEM32\msclus.dll
2006-10-31 00:00 154,384 --a------ C:\WINDOWS\SYSTEM32\msawt.dll
2006-10-31 00:00 13,824 --a------ C:\WINDOWS\SYSTEM32\mscpxl32.dLL
2006-10-30 23:58 99,088 --a------ C:\WINDOWS\SYSTEM32\modemui.dll
2006-10-30 23:58 835,856 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2006-10-30 23:58 76,048 --a------ C:\WINDOWS\SYSTEM32\mdhcp.dll
2006-10-30 23:58 69,904 --a------ C:\WINDOWS\SYSTEM32\mprddm.dll
2006-10-30 23:58 603,408 --a------ C:\WINDOWS\SYSTEM32\mmc.exe
2006-10-30 23:58 56,080 --a------ C:\WINDOWS\SYSTEM32\mprui.dll
2006-10-30 23:58 47,376 --a------ C:\WINDOWS\SYSTEM32\mprdim.dll
2006-10-30 23:58 19,216 --a------ C:\WINDOWS\SYSTEM32\mimefilt.dll
2006-10-30 23:58 168,720 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2006-10-30 23:58 102,160 --a------ C:\WINDOWS\SYSTEM32\mdminst.dll
2006-10-30 23:57 66,320 --a------ C:\WINDOWS\SYSTEM32\LOADPERF.DLL
2006-10-30 23:57 48,400 --a------ C:\WINDOWS\SYSTEM32\loghours.dll
2006-10-30 23:57 25,872 --a------ C:\WINDOWS\SYSTEM32\LODCTR.EXE
2006-10-30 23:57 235,792 --a------ C:\WINDOWS\SYSTEM32\localsec.dll
2006-10-30 23:57 20,240 --a------ C:\WINDOWS\SYSTEM32\lpk.dll
2006-10-30 23:57 130,832 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2006-10-30 23:41 6,928 --a------ C:\WINDOWS\SYSTEM32\KBDCA.DLL
2006-10-30 23:41 6,416 -ra------ C:\WINDOWS\SYSTEM32\KBDRO.DLL
2006-10-30 23:41 6,416 -ra------ C:\WINDOWS\SYSTEM32\KBDLT1.DLL
2006-10-30 23:41 42,809 --a------ C:\WINDOWS\SYSTEM32\key01.sys
2006-10-30 23:41 42,537 --a------ C:\WINDOWS\SYSTEM32\KEYBOARD.SYS
2006-10-30 23:40 79,632 --a------ C:\WINDOWS\SYSTEM32\irmon.dll
2006-10-30 23:40 72,464 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2006-10-30 23:40 63,248 --a------ C:\WINDOWS\SYSTEM32\javaprxy.dll
2006-10-30 23:40 57,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irda.sys
2006-10-30 23:40 49,936 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2006-10-30 23:40 4,368 --a------ C:\WINDOWS\SYSTEM32\IPROP.DLL
2006-10-30 23:40 374,032 --a------ C:\WINDOWS\SYSTEM32\JET500.DLL
2006-10-30 23:40 187,152 --a------ C:\WINDOWS\SYSTEM32\javacypt.dll
2006-10-30 23:40 171,280 --a------ C:\WINDOWS\SYSTEM32\jit.dll
2006-10-30 23:40 158,992 --a------ C:\WINDOWS\SYSTEM32\iprtrmgr.dll
2006-10-30 23:37 97,040 --a------ C:\WINDOWS\SYSTEM32\iasrad.dll
2006-10-30 23:37 96,016 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2006-10-30 23:37 75,536 --a------ C:\WINDOWS\SYSTEM32\iasads.dll
2006-10-30 23:37 65,808 --a------ C:\WINDOWS\SYSTEM32\inetpp.dll
2006-10-30 23:37 60,176 --a------ C:\WINDOWS\SYSTEM32\iassvcs.dll
2006-10-30 23:37 60,176 --a------ C:\WINDOWS\SYSTEM32\iasnap.dll
2006-10-30 23:37 29,456 --a------ C:\WINDOWS\SYSTEM32\INETMIB1.DLL
2006-10-30 23:37 28,944 --a------ C:\WINDOWS\SYSTEM32\iasacct.dll
2006-10-30 23:37 269,584 --a------ C:\WINDOWS\SYSTEM32\iassdo.dll
2006-10-30 23:37 21,776 --a------ C:\WINDOWS\SYSTEM32\HTICONS.DLL
2006-10-30 23:37 206,096 --a------ C:\WINDOWS\SYSTEM32\infosoft.dll
2006-10-30 23:37 20,752 --a------ C:\WINDOWS\SYSTEM32\iasperf.dll
2006-10-30 23:37 138,000 --a------ C:\WINDOWS\SYSTEM32\INITPKI.DLL
2006-10-30 23:37 121,104 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2006-10-30 23:37 100,624 --a------ C:\WINDOWS\SYSTEM32\iassam.dll
2006-10-30 23:36 76,560 --a------ C:\WINDOWS\SYSTEM32\hotplug.dll
2006-10-30 23:36 18,192 --a------ C:\WINDOWS\SYSTEM32\hid.dll
2006-10-30 23:35 304,912 --a------ C:\WINDOWS\SYSTEM32\gpedit.dll
2006-10-30 23:35 163,088 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2006-10-30 23:35 118,544 --a------ C:\WINDOWS\SYSTEM32\gptext.dll
2006-10-30 23:33 50,448 --a------ C:\WINDOWS\SYSTEM32\fdeploy.dll
2006-10-30 23:33 294,160 --a------ C:\WINDOWS\SYSTEM32\filemgmt.dll
2006-10-30 23:33 200,976 --a------ C:\WINDOWS\SYSTEM32\FONTEXT.DLL
2006-10-30 23:33 185,616 --a------ C:\WINDOWS\SYSTEM32\faxt30.dll
2006-10-30 23:33 15,120 --a------ C:\WINDOWS\SYSTEM32\faxdrv.dll
2006-10-30 23:33 138,000 --a------ C:\WINDOWS\SYSTEM32\faxui.dll
2006-10-30 23:32 55,568 --a------ C:\WINDOWS\SYSTEM32\esentutl.exe
2006-10-30 23:32 265,488 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2006-10-30 23:32 242,960 --a------ C:\WINDOWS\explorer.exe
2006-10-30 23:32 230,672 --------- C:\WINDOWS\SYSTEM32\es.dll
2006-10-30 23:32 187,152 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2006-10-30 23:32 157,456 --a------ C:\WINDOWS\SYSTEM32\els.dll
2006-10-30 23:32 1,137,936 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2006-10-30 23:29 92,944 --a------ C:\WINDOWS\SYSTEM32\dskquota.dll
2006-10-30 23:29 74,512 --a------ C:\WINDOWS\SYSTEM32\dsauth.dll
2006-10-30 23:29 5,904 --a------ C:\WINDOWS\SYSTEM32\dllhst3g.exe
2006-10-30 23:29 43,280 --a------ C:\WINDOWS\SYSTEM32\dmutil.dll
2006-10-30 23:29 41,744 --a------ C:\WINDOWS\SYSTEM32\dsfolder.dll
2006-10-30 23:29 316,176 --a------ C:\WINDOWS\SYSTEM32\dmconfig.dll
2006-10-30 23:29 297,232 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2006-10-30 23:29 28,432 --a------ C:\WINDOWS\SYSTEM32\dssec.dll
2006-10-30 23:29 24,848 --a------ C:\WINDOWS\SYSTEM32\ds32gt.dll
2006-10-30 23:29 174,864 --a------ C:\WINDOWS\SYSTEM32\dmdlgs.dll
2006-10-30 23:29 163,600 --a------ C:\WINDOWS\SYSTEM32\dmdskmgr.dll
2006-10-30 23:29 16,144 --a------ C:\WINDOWS\SYSTEM32\diskcopy.dll
2006-10-30 23:29 156,944 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2006-10-30 23:29 147,728 --a------ C:\WINDOWS\SYSTEM32\dmadmin.exe
2006-10-30 23:29 146,192 --a------ C:\WINDOWS\SYSTEM32\dskquoui.dll
2006-10-30 23:29 144,144 --a------ C:\WINDOWS\SYSTEM32\DSSBASE.DLL
2006-10-30 23:29 14,096 --a------ C:\WINDOWS\SYSTEM32\diskperf.exe
2006-10-30 23:29 13,072 --a------ C:\WINDOWS\SYSTEM32\dmintf.dll
2006-10-30 23:29 122,368 --a------ C:\WINDOWS\SYSTEM32\dmdskres.dll
2006-10-30 23:29 12,560 --a------ C:\WINDOWS\SYSTEM32\dmserver.dll
2006-10-30 23:29 110,352 --a------ C:\WINDOWS\SYSTEM32\dsuiext.dll
2006-10-30 23:29 10,512 --a------ C:\WINDOWS\SYSTEM32\dmremote.exe
2006-10-30 23:28 306,448 --a------ C:\WINDOWS\SYSTEM32\dhcpmon.dll
2006-10-30 23:28 134,416 --a------ C:\WINDOWS\SYSTEM32\DINPUT.DLL
2006-10-30 23:27 89,872 --------- C:\WINDOWS\SYSTEM32\CRYPTDLG.DLL
2006-10-30 23:27 75,024 --------- C:\WINDOWS\SYSTEM32\cryptsvc.dll
2006-10-30 23:27 61,712 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2006-10-30 23:27 42,768 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2006-10-30 23:27 33,040 --a------ C:\WINDOWS\SYSTEM32\dbnmpntw.dll
2006-10-30 23:27 33,040 --a------ C:\WINDOWS\SYSTEM32\dbmsspxn.dll
2006-10-30 23:27 33,040 --a------ C:\WINDOWS\SYSTEM32\DBMSSHRN.DLL
2006-10-30 23:27 33,040 --a------ C:\WINDOWS\SYSTEM32\dbmsadsn.dll
2006-10-30 23:27 28,944 --a------ C:\WINDOWS\SYSTEM32\dbmsvinn.dLL
2006-10-30 23:27 28,944 --a------ C:\WINDOWS\SYSTEM32\dbmsrpcn.dll
2006-10-30 23:27 239,376 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2006-10-30 23:27 221,968 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2006-10-30 23:27 163,088 --a------ C:\WINDOWS\SYSTEM32\dbghelp.dll
2006-10-30 23:27 113,936 --a------ C:\WINDOWS\SYSTEM32\DCOMCNFG.EXE
2006-10-30 23:27 101,136 --a------ C:\WINDOWS\SYSTEM32\cscdll.dll
2006-10-30 23:26 7,440 --a------ C:\WINDOWS\SYSTEM32\control.exe
2006-10-30 23:26 475,408 --------- C:\WINDOWS\SYSTEM32\CRYPT32.DLL
2006-10-30 23:26 27,097 --a------ C:\WINDOWS\SYSTEM32\country.sys
2006-10-30 23:26 25,872 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2006-10-30 23:26 219,920 --a------ C:\WINDOWS\SYSTEM32\confmsp.dll
2006-10-30 23:26 1,439,504 --------- C:\WINDOWS\SYSTEM32\comsvcs.dll
2006-10-30 23:25 50,620 --a------ C:\WINDOWS\SYSTEM32\command.com
2006-10-30 23:24 82,704 --a------ C:\WINDOWS\SYSTEM32\cmnquery.dll
2006-10-30 23:24 61,712 --a------ C:\WINDOWS\SYSTEM32\cliconfg.dll
2006-10-30 23:24 55,568 --a------ C:\WINDOWS\SYSTEM32\CLUSAPI.DLL
2006-10-30 23:24 509,712 --------- C:\WINDOWS\SYSTEM32\clbcatq.dll
2006-10-30 23:24 45,328 --a------ C:\WINDOWS\SYSTEM32\cmstp.exe
2006-10-30 23:24 37,136 --a------ C:\WINDOWS\SYSTEM32\cliconfg.exe
2006-10-30 23:24 3,856 --a------ C:\WINDOWS\SYSTEM32\COMCAT.DLL
2006-10-30 23:24 22,288 --a------ C:\WINDOWS\SYSTEM32\cmutil.dll
2006-10-30 23:24 193,808 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2006-10-30 23:24 159,807 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2006-10-30 23:24 130,832 --a------ C:\WINDOWS\SYSTEM32\CLUSTER.EXE
2006-10-30 23:21 422,160 --a------ C:\WINDOWS\SYSTEM32\certmgr.dll
2006-10-30 23:21 36,112 --a------ C:\WINDOWS\SYSTEM32\cipher.exe
2006-10-30 23:21 156,944 --a------ C:\WINDOWS\SYSTEM32\ciadmin.dll
2006-10-30 23:21 133,392 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2006-10-30 23:21 13,072 --a------ C:\WINDOWS\SYSTEM32\CHKNTFS.EXE
2006-10-30 23:20 2,524,944 --a------ C:\WINDOWS\SYSTEM32\cdosys.dll
2006-10-30 23:19 75,544 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
2006-10-30 23:19 402,704 --a------ C:\WINDOWS\SYSTEM32\cdonts.dll
2006-10-30 23:17 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2006-10-30 23:17 552,208 --a------ C:\WINDOWS\SYSTEM32\autofmt.exe
2006-10-30 23:17 31,504 --a------ C:\WINDOWS\SYSTEM32\atmlib.dll
2006-10-30 23:17 287,856 --a------ C:\WINDOWS\SYSTEM32\atmfd.dll
2006-10-30 23:17 23,824 --a------ C:\WINDOWS\SYSTEM32\at.exe
2006-10-30 23:17 226,576 --a------ C:\WINDOWS\SYSTEM32\avtapi.dll
2006-10-30 23:17 20,752 --a------ C:\WINDOWS\SYSTEM32\batmeter.dll
2006-10-30 23:17 143,632 --a------ C:\WINDOWS\SYSTEM32\ASYCFILT.DLL
2006-10-30 23:17 119,568 --a------ C:\WINDOWS\SYSTEM32\appmgmts.dll
2006-10-30 23:17 10,000 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2006-10-30 23:15 62,736 --------- C:\WINDOWS\SYSTEM32\adsmsext.dll
2006-10-30 23:15 200,976 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2006-10-30 23:15 164,112 --a------ C:\WINDOWS\SYSTEM32\adsnds.dll
2006-10-30 23:15 130,832 --------- C:\WINDOWS\SYSTEM32\adsldpc.dll
2006-10-30 23:15 123,152 --------- C:\WINDOWS\SYSTEM32\adsldp.dll
2006-10-30 23:15 112,400 --a------ C:\WINDOWS\SYSTEM32\adsnw.dll
2006-10-30 23:14 78,096 --a------ C:\WINDOWS\SYSTEM32\aclui.dll
2006-10-30 23:14 179,472 --a------ C:\WINDOWS\SYSTEM32\activeds.dll
2006-10-29 23:03 68,608 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-29 23:03 498,960 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2006-10-29 23:03 28,160 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-29 18:27 99,600 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-10-29 18:27 96,528 --a------ C:\WINDOWS\SYSTEM32\winmine.exe
2006-10-29 18:27 91,408 --a------ C:\WINDOWS\SYSTEM32\calc.exe
2006-10-29 18:27 90,384 --a------ C:\WINDOWS\SYSTEM32\charmap.exe
2006-10-29 18:27 84,240 --a------ C:\WINDOWS\SYSTEM32\txflog.dll
2006-10-29 18:27 76,048 --a------ C:\WINDOWS\SYSTEM32\avwav.dll
2006-10-29 18:27 68,368 --a------ C:\WINDOWS\SYSTEM32\stclient.dll
2006-10-29 18:27 68,368 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
2006-10-29 18:27 66,832 --a------ C:\WINDOWS\SYSTEM32\winchat.exe
2006-10-29 18:27 641,808 --a------ C:\WINDOWS\SYSTEM32\xiffr3_0.dll
2006-10-29 18:27 61,712 --a------ C:\WINDOWS\SYSTEM32\oiui400.dll
2006-10-29 18:27 60,688 --a------ C:\WINDOWS\SYSTEM32\imgcmn.dll
2006-10-29 18:27 6,928 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2006-10-29 18:27 6,416 --a------ C:\WINDOWS\SYSTEM32\write.exe
2006-10-29 18:27 55,056 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2006-10-29 18:27 406,800 --a------ C:\WINDOWS\SYSTEM32\getuname.dll
2006-10-29 18:27 38,160 --a------ C:\WINDOWS\SYSTEM32\jpeg2x32.dll
2006-10-29 18:27 34,064 --a------ C:\WINDOWS\SYSTEM32\sol.exe
2006-10-29 18:27 34,064 --a------ C:\WINDOWS\SYSTEM32\freecell.exe
2006-10-29 18:27 337,680 --a------ C:\WINDOWS\SYSTEM32\cdplayer.exe
2006-10-29 18:27 33,552 --a------ C:\WINDOWS\SYSTEM32\tifflt.dll
2006-10-29 18:27 319,248 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-10-29 18:27 3,856 --a------ C:\WINDOWS\SYSTEM32\mtxex.dll
2006-10-29 18:27 29,968 --a------ C:\WINDOWS\SYSTEM32\comaddin.dll
2006-10-29 18:27 27,920 --a------ C:\WINDOWS\SYSTEM32\jpeg1x32.dll
2006-10-29 18:27 25,872 --a------ C:\WINDOWS\SYSTEM32\oitwa400.dll
2006-10-29 18:27 21,776 --a------ C:\WINDOWS\SYSTEM32\oislb400.dll
2006-10-29 18:27 21,264 --a------ C:\WINDOWS\SYSTEM32\comclust.exe
2006-10-29 18:27 17,168 --a------ C:\WINDOWS\SYSTEM32\avmeter.dll
2006-10-29 18:27 147,216 --a------ C:\WINDOWS\SYSTEM32\DComExt.dll
2006-10-29 18:27 146,192 --a------ C:\WINDOWS\SYSTEM32\comsnap.dll
2006-10-29 18:27 13,584 --a------ C:\WINDOWS\SYSTEM32\imgshl.dll
2006-10-29 18:27 13,072 --a------ C:\WINDOWS\SYSTEM32\oissq400.dll
2006-10-29 18:27 13,072 --a------ C:\WINDOWS\SYSTEM32\oiprt400.dll
2006-10-29 18:27 118,032 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-10-29 18:27 107,792 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2006-10-29 18:25 2,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\audstub.sys
2006-10-29 18:23 8,976 -ra------ C:\WINDOWS\SYSTEM32\kbdhept.dll
2006-10-29 18:23 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdtuf.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdtuq.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdlv1.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdlv.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdhela3.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdhela2.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdhe220.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdhe.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdgkl.dll
2006-10-29 18:23 6,928 -ra------ C:\WINDOWS\SYSTEM32\kbdest.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdycc.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbduzb.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdur.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdtat.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdru1.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdru.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdlt.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdkaz.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdhe319.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdbu.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdblr.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdazel.dll
2006-10-29 18:23 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdaze.dll
2006-10-29 18:23 59,664 --a------ C:\WINDOWS\SYSTEM32\usbui.dll
2006-10-29 18:23 5,392 --a------ C:\WINDOWS\delttsul.exe
2006-10-29 18:23 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2006-10-29 18:22 85,264 --a------ C:\WINDOWS\SYSTEM32\dgsetup.dll
2006-10-29 18:22 79,632 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2006-10-29 18:22 7,952 -ra------ C:\WINDOWS\SYSTEM32\kbdcz.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdycl.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdsl1.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdsl.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdpl.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdhu.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdcz2.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdcz1.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\kbdcr.dll
2006-10-29 18:22 7,440 -ra------ C:\WINDOWS\SYSTEM32\KBDAL.DLL
2006-10-29 18:22 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdpl1.dll
2006-10-29 18:22 6,416 -ra------ C:\WINDOWS\SYSTEM32\kbdhu1.dll
2006-10-29 18:22 6,416 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-10-29 18:22 50,960 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-29 18:22 45,328 --a------ C:\WINDOWS\SYSTEM32\spoolsv.exe
2006-10-29 18:22 35,600 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-29 18:22 176,400 --a------ C:\WINDOWS\SYSTEM32\EqnClass.Dll
2006-10-29 18:22 148,992 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2006-10-29 18:22 123,904 --a------ C:\WINDOWS\SYSTEM32\dgrpsetu.dll
2006-10-29 18:08 38,912 --a------ C:\WINDOWS\SYSTEM32\FETND5A.SYS
2006-10-29 18:08 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-10-29 18:06 122 --a------ C:\WINDOWS\tmpdelis.bat
2006-10-29 18:05 765,952 --a------ C:\WINDOWS\SYSTEM32\Crlds3d.dll
2006-10-29 18:05 720,896 -ra------ C:\WINDOWS\SYSTEM32\a3d.dll
2006-10-29 18:04 81,920 --a------ C:\WINDOWS\SYSTEM32\S3HAV.DLL
2006-10-29 18:04 782,336 --a------ C:\WINDOWS\SYSTEM32\NBICD.DLL
2006-10-29 18:04 749,568 --a------ C:\WINDOWS\SYSTEM32\S3_8M.DLL
2006-10-29 18:04 363,892 --a------ C:\WINDOWS\ISUN16.EXE
2006-10-29 18:04 25,600 --a------ C:\WINDOWS\SYSTEM32\DVIDEO.DLL
2006-10-29 18:04 106,496 --a------ C:\WINDOWS\SYSTEM32\S3VID.DLL
2006-10-29 18:02 200,704 --a------ C:\WINDOWS\VIA4in1.exe
2006-10-29 18:02 10,200 --a------ C:\WINDOWS\SYSTEM32\VIAGART.SYS
2006-10-29 18:00 106,496 --a------ C:\WINDOWS\Setuplib.dll
2006-10-29 17:55 79 --a------ C:\MSDOS.SYS
2006-10-29 17:24 13,232 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
2006-10-29 17:23 4,880 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-10-29 17:23 113,680 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ks.sys
2006-10-29 16:29 32,768 --a------ C:\WINDOWS\VMZoom.exe
2006-10-29 16:29 24,576 --a------ C:\WINDOWS\VMPipe.dll
2006-10-29 16:28 81,920 --a------ C:\WINDOWS\SYSTEM32\VM303STI.dll
2006-10-29 16:28 61,440 --a------ C:\WINDOWS\VM303_STI.exe
2006-10-29 16:28 53,248 --a------ C:\WINDOWS\Sti303.exe
2006-10-29 16:28 390,849 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbVM303.sys
2006-10-29 16:28 176,128 --a------ C:\WINDOWS\amcap.exe
2006-10-29 16:28 102,400 --a------ C:\WINDOWS\VM303Cap.exe
2006-10-29 15:28 499,712 --a------ C:\WINDOWS\SYSTEM32\msvcp71.dll
2006-10-29 15:28 348,160 --a------ C:\WINDOWS\SYSTEM32\msvcr71.dll
2006-10-29 15:04 99,965 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-10-29 14:55 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-10-29 11:10 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-10-29 11:10 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-10-29 11:10 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-10-29 11:10 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-10-29 11:04 69,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\inspect.sys
2006-10-29 11:04 61,184 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cmdmon.sys
2006-10-29 11:01 774,144 -ra------ C:\WINDOWS\SYSTEM32\nbicdnt.dll
2006-10-29 11:01 69,690 -ra------ C:\WINDOWS\SYSTEM32\S3uninst.exe
2006-10-29 11:01 397,056 -ra------ C:\WINDOWS\SYSTEM32\s3gnb.dll
2006-10-29 11:01 380,928 -ra------ C:\WINDOWS\SYSTEM32\S3Disply.dll
2006-10-29 11:01 315,392 -ra------ C:\WINDOWS\SYSTEM32\S3Ovrlay.dll
2006-10-29 11:01 303,104 -ra------ C:\WINDOWS\SYSTEM32\S3Gamma2.dll
2006-10-29 11:01 229,376 -ra------ C:\WINDOWS\SYSTEM32\S3Info2.dll
2006-10-29 11:01 166,912 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\s3gnbm.sys
2006-10-29 10:49 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2006-10-29 10:48 6,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
2006-10-29 10:48 6,416 --a------ C:\WINDOWS\SYSTEM32\hccoin.dll
2006-10-29 10:48 49,392 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbhub20.sys
2006-10-29 10:48 45,056 --a------ C:\WINDOWS\SYSTEM32\vusetup.dll
2006-10-29 10:48 21,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
2006-10-29 10:48 19,216 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
2006-10-29 10:48 135,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbport.sys
2006-10-29 10:48 10,496 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
2006-10-29 10:44 74,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
2006-10-29 10:44 53,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
2006-10-29 10:44 51,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\DMusic.sys
2006-10-29 10:44 48,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
2006-10-29 10:44 41,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\stream.sys
2006-10-29 10:44 370,048 -ra------ C:\WINDOWS\SYSTEM32\DRIVERS\viaudios.sys
2006-10-29 10:44 32,768 --a------ C:\WINDOWS\SYSTEM32\UnAudioNT.dll
2006-10-29 10:44 148,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
2006-10-29 10:44 148,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
2006-10-29 10:39 9,038 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\viausb.sys
2006-10-29 10:39 46,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys
2006-10-29 10:39 22,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
2006-10-29 10:31 84,752 -ra------ C:\WINDOWS\SYSTEM32\awdvstub.exe
2006-10-29 10:31 280,336 --a------ C:\WINDOWS\SYSTEM32\migicons.exe
2006-10-29 10:30 6,640 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.sys
2006-10-29 10:30 5,008 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.sys
2006-10-29 10:30 4,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.sys
2006-10-29 10:30 27 --a------ C:\CONFIG.SYS
2006-10-29 10:30 259 --ah----- C:\AUTOEXEC.BAT
2006-10-29 10:29 63,248 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-10-29 10:29 57,104 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2006-10-29 10:29 53,520 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-10-29 10:29 5,904 --a------ C:\WINDOWS\SYSTEM32\icfgnt5.dll
2006-10-29 10:29 49,424 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2006-10-29 10:29 32,880 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-10-29 10:29 3,072 --a------ C:\WINDOWS\SYSTEM32\nmevtmsg.dll
2006-10-29 10:29 251,152 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2006-10-29 10:29 21,776 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2006-10-29 10:29 131,072 --a------ C:\WINDOWS\SYSTEM32\mapi32.dll
2006-10-29 10:29 12,560 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-10-29 10:29 10,000 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-04 12:26 -------- d-------- C:\Program Files\Security Task Manager
2006-11-04 11:35 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Free Download Manager
2006-11-04 11:32 -------- dra------ C:\Program Files\NetMeeting
2006-11-04 00:13 -------- d-------- C:\Program Files\Registry Mechanic
2006-11-04 00:13 -------- d-------- C:\Program Files\BillP Studios
2006-11-04 00:13 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\wsInspector
2006-11-04 00:13 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\WinPatrol
2006-11-04 00:12 -------- d-------- C:\Program Files\Startup Inspector for Windows
2006-11-04 00:09 -------- d-------- C:\Program Files\Uniblue
2006-11-04 00:04 -------- d-------- C:\Program Files\HD Tune
2006-11-04 00:01 -------- d-------- C:\Program Files\Clean My Registry
2006-11-03 23:50 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\OpenOffice.org2
2006-11-03 23:05 -------- d-------- C:\Program Files\Kaspersky Lab
2006-11-03 22:23 -------- d-------- C:\Program Files\Trend Micro
2006-11-03 21:55 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Uniblue
2006-11-03 12:39 -------- d-------- C:\Program Files\SkyBlade, Sword of the Heavens
2006-11-03 07:56 -------- d-a------ C:\Documents and Settings\Bagaporo\Application Data\Microsoft
2006-11-02 13:23 -------- d-------- C:\Program Files\SUPERAntiSpyware
2006-11-02 13:23 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\SUPERAntiSpyware.com
2006-11-02 13:21 -------- dra------ C:\Program Files\Common Files
2006-11-02 13:21 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-02 11:04 -------- dra------ C:\Program Files\Outlook Express
2006-11-02 00:13 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Macromedia
2006-11-01 11:03 -------- dra------ C:\Program Files\Common Files\Microsoft Shared
2006-11-01 11:03 -------- d-a------ C:\Program Files\Uninstall Information
2006-11-01 11:03 -------- d-a------ C:\Program Files\Internet Explorer
2006-11-01 11:03 -------- d-a------ C:\Program Files\Common Files\SYSTEM
2006-11-01 10:41 -------- d-------- C:\Program Files\Yahoo!
2006-10-31 22:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-31 10:03 -------- d-------- C:\Program Files\Free Download Manager
2006-10-31 00:50 -------- d-ah----- C:\Program Files\WindowsUpdate
2006-10-31 00:32 -------- d-------- C:\Program Files\Windows NT
2006-10-31 00:30 -------- dra------ C:\Program Files\Windows Media Player
2006-10-30 22:23 264 -r-hs---- C:\Documents and Settings\Bagaporo\Application Data\Desktop.ini
2006-10-30 20:09 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\DeepBurner
2006-10-30 08:57 -------- d-------- C:\Program Files\Stamina
2006-10-30 08:51 -------- d-------- C:\Program Files\TypingMaster
2006-10-30 00:15 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-30 00:06 -------- d-------- C:\Program Files\Web Publish
2006-10-30 00:06 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-10-30 00:06 -------- d-------- C:\Program Files\Common Files\designer
2006-10-29 23:15 -------- d-------- C:\Program Files\Common Files\Services
2006-10-29 22:45 -------- d-------- C:\Program Files\OpenOffice.org 2.0
2006-10-29 21:30 -------- d-------- C:\Program Files\CCleaner
2006-10-29 19:55 -------- d-------- C:\Program Files\GIMP-2.2
2006-10-29 19:50 -------- d-------- C:\Program Files\Common Files\GTK
2006-10-29 18:27 -------- dra------ C:\Program Files\Accessories
2006-10-29 18:23 -------- d-a------ C:\Program Files\Common Files\ODBC
2006-10-29 18:05 -------- d-a------ C:\Program Files\VIA Technologies, Inc
2006-10-29 18:04 -------- d-a------ C:\Program Files\S3
2006-10-29 18:02 -------- d-------- C:\Program Files\nLite
2006-10-29 17:57 -------- d-a------ C:\Program Files\DirectX
2006-10-29 17:49 -------- d-a------ C:\Program Files\Online Services
2006-10-29 17:45 -------- d-a------ C:\Program Files\CHAT
2006-10-29 16:29 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-29 16:27 -------- d-a------ C:\Program Files\Common Files\InstallShield
2006-10-29 16:27 -------- d-------- C:\Program Files\Vimicro
2006-10-29 16:09 -------- d-------- C:\Program Files\Astonsoft
2006-10-29 16:06 -------- d-------- C:\Program Files\Foxit Software
2006-10-29 15:27 -------- d-------- C:\Program Files\Grisoft
2006-10-29 15:06 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Talkback
2006-10-29 15:06 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Mozilla
2006-10-29 11:42 -------- d-------- C:\Program Files\Trustix
2006-10-29 11:06 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Comodo
2006-10-29 11:04 -------- d-------- C:\Program Files\Comodo
2006-10-29 10:53 -------- d-------- C:\Program Files\WinZip
2006-10-29 10:53 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Help
2006-10-29 10:34 -------- d-------- C:\Documents and Settings\Bagaporo\Application Data\Identities
2006-10-29 10:33 -------- d-a------ C:\Program Files\PLUS!
2006-10-29 10:31 305 ---h----- C:\Program Files\desktop.ini
2006-10-29 10:31 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-29 10:29 21952 ---h----- C:\Program Files\folder.htt

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"Synchronization Manager"="mobsync.exe /logon"
"Comodo Firewall"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"HD Tune"="C:\\PROGRA~1\\HDTUNE~1\\HDTune.exe"
"WinPatrol"="C:\\Program Files\\BillP Studios\\WinPatrol\\winpatrol.exe"
"RegistryMechanic"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"ClassicShell"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\Tune-up Application Start.job

Completion time: Sat 2006-11-04 12:32:45.68
C:\ComboFix.txt ... 06-11-04 12:32

i'kk run the memtest later