Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91702 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Tell a noob where to start please


  • Please log in to reply
17 replies to this topic

#1 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 06 March 2007 - 03:03 PM

I just registered and I am not sure where (or how to start). About 5 days ago, I got a Trojan in a software download and my AV software caught it. (I am using ZoneAlarm Security Suite). However, ever since then my computer will grind to a near halt for several minutes at a time. It happens at random times and I have not been able to pin it to any one event. My computer will not restore to any day before I got the Trojan. The machine has been running slow for a couple of months and I suspect there is more going on than I am aware of. I have all kinds of processes that show up when I look at task manager and I am not computer literate enough to know which are legit. I want to clean up my system and optimize it so that it runs fast again. I don't know if you need it or not, but I am using a Dell Inspiron 9100, running a P4 3.2Ghz, with 512MB of RAM. Please advise if more hardware info is needed. Thank you in advance for any help you can offer.

    Advertisements

Register to Remove


#2 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 08 March 2007 - 02:27 PM

Hi Mr_Kake and welcome to the Forums :)

Please post a HijackThis log to here:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
  • Run HijackThis.exe
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

UNITE & ASAP member since 2006
Posted Image

#3 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 09 March 2007 - 02:53 PM

Thanks Mr_JAk3! Here is my first scan log:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:10 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tweak-XP Pro\tranicon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Audible\Bin\adhelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kirk.THANATOS.001\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TransparentIcons] "C:\Program Files\Tweak-XP Pro\tranicon.exe" -ex
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\adhelper.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 10 March 2007 - 02:56 AM

Nothing specific in there....

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

UNITE & ASAP member since 2006
Posted Image

#5 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 11 March 2007 - 05:54 PM

Here are the Kaspersky scan results: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, March 11, 2007 4:49:09 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 11/03/2007 Kaspersky Anti-Virus database records: 280442 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 86532 Number of viruses found: 5 Number of infected objects: 10 / 0 Number of suspicious objects: 1 Duration of the scan process: 02:03:35 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator.THANATOS\Application Data\AVG7\emssrv-1000.cfg Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\AVG7\Log\emc.log Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\AVG7\mail-0001.cfg Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Ideazon\Zboard Software\Driver\Covers\01010100.xml Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Ideazon\Zboard Software\Driver\Covers\bmap.xml Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Links\Customize Links.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Links\Free Hotmail.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Links\Windows Marketplace.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Links\Windows Media.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Links\Windows.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\MSN.com.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Favorites\Radio Station Guide.url Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\History\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\History\History.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\History\History.IE5\MSHist012005082120050822\index.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temp\HPH1C9.tmp Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temp\HPH1CF.tmp Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temp\HPH8.tmp Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temp\jusched.log Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temp\~DF4EE5.tmp Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\4LANWXYV\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\81MFSXQJ\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\GLU3SLI3\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\Content.IE5\SD6N8LIB\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\My Documents\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\My Documents\My Music\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\My Documents\My Pictures\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\ntuser.dat Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\ntuser.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\da cheat.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\MVC-056F.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\Roger.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\Thanatos's Pictures.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Recent\trick or treat.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\SendTo\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\SendTo\Mail Recipient.MAPIMail Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\SendTo\My Documents.mydocs Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Outlook Express.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Startup\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\amipro.sam Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\excel.xls Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\excel4.xls Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\lotus.wk4 Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\powerpnt.ppt Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\presenta.shw Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\quattro.wb2 Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\sndrec.wav Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\winword.doc Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\winword2.doc Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\wordpfct.wpd Object is locked skipped C:\Documents and Settings\Administrator.THANATOS\Templates\wordpfct.wpg Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/02 Feb 2005 10:06 from SmithBarney:Account Investigation Warning.rtf Infected: Trojan-Spy.HTML.Smitfraud.a skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/09 Feb 2005 20:20 from Regions & Union Planters:Regions Bank - s.rtf Infected: Trojan-Spy.HTML.Bankfraud.dq skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Apr 2005 18:52 from ccrichens:CODEBASE.rtf Suspicious: Exploit.HTML.Iframe.FileDownload skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 15:02 from hostmaster@msn.com:Your Password/account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 13:11 from Admin@nfox.com:Registration Confirmation/account_info.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 11:11 from register@liquidspeed.com:mailing error/mail_info.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 10:34 from BAY2-F96MlYOR8x9KIQ00048751@hotmail.com:R/our_secret.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 09:16 from hostmaster@uhhs.com:Registration Confirma/account_info.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/03 May 2005 07:25 from postmaster@nfl.ed10.net:FwD: Your Passwor/account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/14 Jun 2005 21:14 to Mrkake:Thank you for your email. .eml Infected: Trojan-Spy.HTML.Paylap.cf skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 9, suspicious - 1 skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Temp\~DF3B11.tmp Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Temp\~DFFBC4.tmp Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\ntuser.dat Object is locked skipped C:\Documents and Settings\Kirk.THANATOS.001\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Program Files\Audible\Bin\ADMDebug.log Object is locked skipped C:\System Volume Information\_restore{37126444-394E-4ED1-96B3-A9463341D02B}\RP852\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\THANATOS.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\ZLT0198e.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT0199e.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

Edited by Mr_Kake, 11 March 2007 - 05:57 PM.


#6 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 12 March 2007 - 01:16 PM

Ok Kaspersky found some infections from Outlook's Deleted items folder. You could do some cleaning there.

Download F-Secure Blacklight and save it to your desktop.

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
UNITE & ASAP member since 2006
Posted Image

#7 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 12 March 2007 - 10:31 PM

Okay, I cleaned out my Outlook folders including my archives and ran F-Secure Blacklight. Here is the scan log: 03/12/07 21:07:47 [Info]: BlackLight Engine 1.0.55 initialized 03/12/07 21:07:47 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/12/07 21:07:47 [Note]: 7019 4 03/12/07 21:07:47 [Note]: 7005 0 03/12/07 21:07:50 [Note]: 7006 0 03/12/07 21:07:54 [Note]: 7011 1752 03/12/07 21:07:54 [Note]: 7026 0 03/12/07 21:07:55 [Note]: 7026 0 03/12/07 21:08:05 [Note]: FSRAW library version 1.7.1021 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\9809795.bak 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\ali.exe 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\cdlock.dll 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\cpy.exe 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\dirlist 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\DL.BAK 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\EMF_Decrypt.exe 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\fldrvw51.ocx 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\install.exe 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\magic.exe 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\mf.chm 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\mf.txx 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\mfx 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\MFX.CFG 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\mfx_cfg.org 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\readme.txt 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\systray.exe 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:08:08 [Info]: Hidden file: c:\SYZ_DAT\tb.exe 03/12/07 21:08:08 [Note]: 7002 0 03/12/07 21:08:08 [Note]: 7003 1 03/12/07 21:08:08 [Note]: 10002 3 03/12/07 21:27:32 [Note]: 7007 0

#8 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 13 March 2007 - 02:11 AM

Hi again :)

Ok Blacklight found some hidden items.

Are you the administrator/owner of this computer? Have you installed this PC-Magic software http://www.pc-magic.com Magic Folders? Encrypted Magic Folders?

Please let me know :thumbup:
UNITE & ASAP member since 2006
Posted Image

#9 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 13 March 2007 - 02:32 PM

I am the owner and have administrator rights to this computer. I had Magic Folders installed, but I have un-installed it.

#10 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 14 March 2007 - 01:39 PM

Hi again and sorry for the delay. OK so it hasn't uninstalled completely :( Those leftovers may cause problems. Is there a Magic Folders folder in the C:\Program Files directory? Any files inside it?
UNITE & ASAP member since 2006
Posted Image

    Advertisements

Register to Remove


#11 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 17 March 2007 - 02:23 PM

Sorry it took so long for a simple reply. Work has been hell lately <_< . There are no folders anywhere visible on C: named Magic Folders.

#12 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 17 March 2007 - 03:37 PM

Hi :) The best way to remove the remainings is to install Magic Folders again and then uninstall the software via Control Panel, Add/Remove Programs. A forced uninstall could cause all kinds of problems. Please post a fresh Blacklight log after you've installed/uninstalled and rebooted the pc.

Edited by Mr_JAk3, 17 March 2007 - 03:38 PM.

UNITE & ASAP member since 2006
Posted Image

#13 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 17 March 2007 - 05:18 PM

I can't find the original install file. Will it work if I download the demo, install and uninstall?

#14 Mr_JAk3

Mr_JAk3

    Authentic Member

  • Authentic Member
  • PipPip
  • 182 posts

Posted 18 March 2007 - 04:46 AM

It is worth a try :)
UNITE & ASAP member since 2006
Posted Image

#15 Mr_Kake

Mr_Kake

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 18 March 2007 - 03:16 PM

Okay, so I re-installed it and it doesn't show up in Add/Remove Programs. The only thing in C:\Program Files\Magic Folders is this file - fldrvw61.ocx I did another blacklight scan in case it could shed some light on the subject (no pun intended :lol:). Here is the log: 03/18/07 13:39:55 [Info]: BlackLight Engine 1.0.55 initialized 03/18/07 13:39:55 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/18/07 13:39:56 [Note]: 7019 4 03/18/07 13:39:56 [Note]: 7005 0 03/18/07 13:40:01 [Note]: 7006 0 03/18/07 13:40:01 [Note]: 7011 1760 03/18/07 13:40:02 [Note]: 7026 0 03/18/07 13:40:02 [Note]: 7026 0 03/18/07 13:40:17 [Note]: FSRAW library version 1.7.1021 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\9809795.bak 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\ali.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\cdlock.dll 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\cpy.exe 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\dirlist 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\dirlist_bak 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\DL.BAK 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\EMF_Decrypt.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\fldrvw51.ocx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\fldrvw61.ocx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\install.exe 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\magic.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\mf.chm 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\mf.txx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\mfx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\MFX.CFG 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\mfx_cfg.org 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\ali.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\cdlock.dll 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\cpy.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\install.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\magic.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\mf.chm 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\mf.txx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\mfx 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\oldregkey 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\readme.txt 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\systray.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\oldver\tb.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\readme.txt 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\systray.exe 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:40:20 [Info]: Hidden file: c:\SYZ_DAT\tb.exe 03/18/07 13:40:20 [Note]: 7002 0 03/18/07 13:40:20 [Note]: 7003 1 03/18/07 13:40:20 [Note]: 10002 3 03/18/07 13:54:14 [Info]: Hidden file: c:\WINDOWS\system32\drivers\MFX.SYS 03/18/07 13:54:14 [Note]: 7002 0 03/18/07 13:54:14 [Note]: 7003 1 03/18/07 13:54:14 [Note]: 10002 1 03/18/07 14:07:44 [Note]: 7007 0

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users