Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection? Www.kzdh.com Keeps Appearing


  • This topic is locked This topic is locked
15 replies to this topic

#1 rbusch

rbusch

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 17 January 2007 - 09:04 AM

Looking for some help here. I got rid of some suspicious things, WNSO.exe and something called SoBar (if I remember correctly) but I'm not out of the woods yet. I receive an error on start-up about a memory error when rainlendar tries to start. B.exe occasionally tries to reach the internet. And rundll32 keeps trying to reachout and touch someone too. I just moved to China and have little internet bandwidth so I'm unable to download lots of good programs or use online scans. I'm running AVG Antivirus, Comodo firewall, and arovax shield - all up to date. Following is the HiJackThis log, after cleaning with CrapCleaner.



Logfile of HijackThis v1.99.1
Scan saved at 10:00:22 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Utilities\Arovax Shield\ArovaxShield.exe
D:\Utilities\Comodo\Firewall\CPF.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Utilities\Comodo\Firewall\cmdagent.exe

Your help is greatly appreciated!

--Richard

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 17 January 2007 - 12:51 PM

That is not the full log

Open the log in notepad

EDIT - SELECT ALL
EDIT - COPY

Then come to this message, and in the quick reply box click in the white space and then EDIT - PASTE
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 17 January 2007 - 08:01 PM

Sorry about that :thumbsup: Should all be here this time.



Logfile of HijackThis v1.99.1
Scan saved at 8:58:37 AM, on 1/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\rundll32.exe
D:\Utilities\Arovax Shield\ArovaxShield.exe
D:\Utilities\Comodo\Firewall\CPF.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Utilities\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Communications\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
H:\Drive E\Protection\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kzdh.com/
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\Utilities\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Utilities\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Rainlendar.lnk = D:\Utilities\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20230228-7684-4583-8F6C-75EF378BB042}: NameServer = 202.98.160.68 202.98.161.68
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Utilities\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by rbusch, 17 January 2007 - 08:03 PM.


#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 18 January 2007 - 10:09 AM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
=================

Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 18 January 2007 - 07:45 PM

Alright, here we go:

Step 1, Combofix

"Richard Busch" - 07-01-19 8:20:11 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Richard Busch\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\wbem\itcoo.dll
C:\Documents and Settings\All Users\Templates\temp.exe
C:\Program Files\Common Files\System\Update.dat
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\drivers\msqmx.sys
C:\WINDOWS\system32\Score.txt
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\roreg.log
C:\Documents and Settings\All Users\Application Data\startup
C:\WINDOWS\system32\drivers\front.sys" . . . . failed to delete
C:\WINDOWS\system32\drivers\roreg.sys" . . . . failed to delete


((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-19 08:21 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-17 21:45 <DIR> d-------- C:\!KillBox
2007-01-17 19:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Ahead
2007-01-17 19:08 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Help
2007-01-17 19:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\fssg
2007-01-17 08:59 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Lavasoft
2007-01-16 21:13 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\PgcEdit
2007-01-16 08:42 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-15 18:58 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-01-14 16:45 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-14 16:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-01-14 16:45 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-14 16:45 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-14 16:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-01-14 16:45 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-14 16:45 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-14 16:45 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-14 16:45 <DIR> d-------- C:\Program Files\Grisoft
2007-01-14 16:45 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\AVG7
2007-01-14 16:45 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-14 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-14 16:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-12 21:44 <DIR> d-------- C:\Program Files\Trustix
2007-01-12 19:02 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-01-12 19:02 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-01-12 19:01 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-01-12 19:01 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-01-12 19:01 46,592 --a------ C:\WINDOWS\system32\hpzll43a.dll
2007-01-12 19:01 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-01-12 19:00 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-01-12 19:00 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-01-12 19:00 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-01-12 19:00 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-01-12 19:00 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-01-12 19:00 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-01-12 19:00 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-01-12 18:59 <DIR> d-------- C:\Program Files\HP
2007-01-12 08:24 <DIR> d--h----- C:\WINDOWS\PIF
2007-01-11 11:24 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-01-11 11:24 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-01-11 11:24 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-01-11 10:21 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-10 10:32 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\TrueCrypt
2007-01-09 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\NVIDIA
2007-01-09 22:24 <DIR> d-------- C:\Program Files\ESTsoft
2007-01-09 22:24 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\ESTsoft
2007-01-09 22:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\ESTsoft
2007-01-09 22:03 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Media Player Classic
2007-01-09 21:57 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\My Games
2007-01-09 15:40 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-01-09 15:40 <DIR> d-------- C:\Program Files\QuickTime
2007-01-09 15:39 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-01-09 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\QuickTime
2007-01-09 15:28 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Ahead
2007-01-09 14:58 667,648 --a------ C:\WINDOWS\InZU31.exe
2007-01-09 14:58 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-01-09 14:58 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
2007-01-09 14:58 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-01-09 14:58 <DIR> d-------- C:\Program Files\Prassi Zulu2 (E)
2007-01-09 14:58 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-01-09 14:56 102,400 -ra------ C:\WINDOWS\system32\mblmk08.dll
2007-01-09 14:55 86,082 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2007-01-09 14:55 77,890 -ra------ C:\WINDOWS\system32\FTLang.dll
2007-01-09 14:55 60,572 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-01-09 14:55 48,625 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-01-09 14:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-01-09 14:55 28,449 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-01-09 14:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-01-09 14:55 21,568 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2007-01-09 14:50 69,972 --------- C:\WINDOWS\system32\FTSERIAL.SYS
2007-01-09 14:50 60,572 --------- C:\WINDOWS\system32\ftser2k.sys
2007-01-09 14:50 28,449 --------- C:\WINDOWS\system32\ftdibus.sys
2007-01-09 14:50 25,316 --------- C:\WINDOWS\system32\FTSENUM.SYS
2007-01-09 14:50 <DIR> d-------- C:\Program Files\Microboards
2007-01-09 14:49 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\InstallShield
2007-01-09 08:26 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Comodo
2007-01-09 08:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo
2007-01-09 00:03 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-01-09 00:03 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-01-09 00:03 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-01-09 00:03 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-01-09 00:03 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-01-09 00:03 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-01-09 00:03 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-01-09 00:02 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-01-09 00:02 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-01-09 00:02 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-01-09 00:02 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-01-09 00:02 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-01-09 00:02 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-01-09 00:02 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-01-09 00:02 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-01-09 00:02 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-01-09 00:02 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-01-09 00:02 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-01-08 23:57 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-01-08 23:57 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-01-08 23:57 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-01-08 23:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-01-08 23:56 <DIR> d--hs---- C:\WINDOWS\Installer
2007-01-08 23:56 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-01-08 23:55 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-01-08 23:55 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-01-08 23:55 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-01-08 23:55 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-01-08 23:55 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-01-08 23:55 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-01-08 23:55 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-01-08 23:55 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-01-08 23:55 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-01-08 23:55 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-01-08 23:55 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-01-08 23:55 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-01-08 23:55 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-01-08 23:55 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-01-08 23:55 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-01-08 23:55 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-01-08 23:55 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-01-08 23:55 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-01-08 23:55 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-01-08 23:55 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-01-08 23:55 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-01-08 23:55 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-01-08 23:55 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-01-08 23:55 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-01-08 23:55 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-01-08 23:55 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-01-08 23:55 <DIR> dr------- C:\Program Files
2007-01-08 23:55 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-01-08 23:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-01-08 23:55 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-01-08 23:55 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-01-08 23:54 <DIR> d-------- C:\Documents and Settings
2007-01-08 23:53 <DIR> d--hs---- C:\System Volume Information
2007-01-08 23:46 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-01-08 23:46 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-01-08 23:46 <DIR> dr------- C:\WINDOWS\Web
2007-01-08 23:46 <DIR> d--h----- C:\WINDOWS\inf
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\WinSxS
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\twain_32
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\wins
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\spool
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\ras
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\npp
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\mui
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\IME
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\ias
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\export
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\config
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\3076
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\2052
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1054
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1042
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1041
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1037
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1033
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1031
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1028
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32\1025
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system32
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\system
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\security
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Resources
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\repair
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Provisioning
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\PeerNet
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\pchealth
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\mui
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\msapps
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\msagent
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Media
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\java
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\ime
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Help
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\ehome
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Debug
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Cursors
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\Config
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\AppPatch
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS\addins
2007-01-08 23:46 <DIR> d-------- C:\WINDOWS
2007-01-08 20:59 39,936 --a------ C:\WINDOWS\system\661fe32.exe
2007-01-08 20:59 39,936 --a------ C:\WINDOWS\661ie32.exe
2007-01-08 20:59 38,912 -r------- C:\WINDOWS\system32\drivers\front.sys
2007-01-08 20:59 19,840 -r------- C:\WINDOWS\system32\drivers\roreg.sys
2007-01-08 20:59 <DIR> d-------- C:\WINDOWS\f54d8555
2007-01-08 20:59 <DIR> d-------- C:\Program Files\Common Files\rggzsbak
2007-01-08 20:06 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Adobe
2007-01-08 20:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-01-08 19:45 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-01-08 19:45 <DIR> d-------- C:\WINDOWS\system32\Adobe
2007-01-08 19:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-01-08 19:23 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-01-08 19:23 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-01-08 19:04 <DIR> d--hs---- C:\RECYCLER
2007-01-08 19:03 69,120 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-01-08 19:03 61,056 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-01-08 18:58 356,864 --a------ C:\WINDOWS\TrueCrypt Setup.exe
2007-01-08 18:58 193,632 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2007-01-08 18:50 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Rainlendar
2007-01-08 18:12 <DIR> d---s---- C:\DOCUME~1\RICHAR~1\UserData
2007-01-08 18:12 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-01-08 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-08 18:10 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-01-08 18:10 1,233,920 --a------ C:\WINDOWS\system32\msxml4.dll
2007-01-08 18:10 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-08 18:04 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-01-08 17:59 <DIR> d-------- C:\Program Files\Skype
2007-01-08 17:59 <DIR> d-------- C:\DOCUME~1\RICHAR~1\Application Data\Skype
2007-01-08 17:48 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-01-08 17:48 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-01-08 17:43 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2007-01-08 17:42 92,160 --a------ C:\WINDOWS\system32\evntwin.exe
2007-01-08 17:42 9,728 --a------ C:\WINDOWS\system32\rwnh.dll
2007-01-08 17:42 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-01-08 17:42 8,704 --a------ C:\WINDOWS\system32\infoctrs.dll
2007-01-08 17:42 8,192 --a------ C:\WINDOWS\system32\staxmem.dll
2007-01-08 17:42 7,168 --a------ C:\WINDOWS\system32\wamregps.dll
2007-01-08 17:42 7,168 --a------ C:\WINDOWS\system32\snprfdll.dll
2007-01-08 17:42 68,608 --a------ C:\WINDOWS\system32\iisext.dll
2007-01-08 17:42 64,512 --a------ C:\WINDOWS\system32\iismap.dll
2007-01-08 17:42 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-01-08 17:42 6,144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2007-01-08 17:42 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2007-01-08 17:42 56,320 --a------ C:\WINDOWS\system32\convlog.exe
2007-01-08 17:42 5,632 --a------ C:\WINDOWS\system32\w3svapi.dll
2007-01-08 17:42 5,632 --a------ C:\WINDOWS\system32\iisrstap.dll
2007-01-08 17:42 5,632 --a------ C:\WINDOWS\system32\adsiisex.dll
2007-01-08 17:42 43,520 --a------ C:\WINDOWS\system32\fcachdll.dll
2007-01-08 17:42 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2007-01-08 17:42 4,608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2007-01-08 17:42 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-01-08 17:42 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-01-08 17:42 32,768 --a------ C:\WINDOWS\system32\snmp.exe
2007-01-08 17:42 3,584 --a------ C:\WINDOWS\system32\iismui.dll
2007-01-08 17:42 290,816 --a------ C:\WINDOWS\system32\adsiis.dll
2007-01-08 17:42 24,064 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-01-08 17:42 23,040 --a------ C:\WINDOWS\system32\regtrace.exe
2007-01-08 17:42 19,968 --a------ C:\WINDOWS\system32\inetsloc.dll
2007-01-08 17:42 14,336 --a------ C:\WINDOWS\system32\iisreset.exe
2007-01-08 17:42 14,336 --a------ C:\WINDOWS\system32\exstrace.dll
2007-01-08 17:42 133,632 --a------ C:\WINDOWS\system32\iisRtl.dll
2007-01-08 17:42 13,312 --a------ C:\WINDOWS\system32\infoadmn.dll
2007-01-08 17:42 12,288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2007-01-08 17:42 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-01-08 17:42 10,752 --a------ C:\WINDOWS\system32\smtpapi.dll
2007-01-08 17:42 10,240 --a------ C:\WINDOWS\system32\aspperf.dll
2007-01-08 17:42 <DIR> d-------- C:\WINDOWS\system32\Cache
2007-01-08 17:41 <DIR> d-------- C:\WINDOWS\system32\Logfiles
2007-01-08 17:41 <DIR> d-------- C:\Inetpub
2007-01-08 16:50 5,685 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2007-01-08 16:50 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2007-01-08 16:50 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2007-01-08 16:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2007-01-08 16:43 34,944 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2007-01-08 16:43 <DIR> d-------- C:\WINDOWS\system32\Attansic
2007-01-08 16:42 <DIR> d-------- C:\Program Files\Attansic
2007-01-08 16:40 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-01-08 16:40 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-01-08 16:40 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-01-08 16:40 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-01-08 16:40 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-01-08 16:40 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-01-08 16:40 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-01-08 16:40 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-01-08 16:40 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-01-08 16:40 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-01-08 16:40 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-01-08 16:39 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-01-08 16:39 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-01-08 16:39 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2007-01-08 16:39 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-01-08 16:39 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-01-08 16:39 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-01-08 16:39 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-01-08 16:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-01-08 16:39 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-01-08 16:39 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-01-08 16:39 229,376 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-01-08 16:39 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-08 16:39 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-01-08 16:39 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-01-08 16:39 <DIR> d-------- C:\Program Files\Analog Devices
2007-01-08 16:37 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-01-08 16:37 <DIR> d-------- C:\WINDOWS\system32\drivers\system32
2007-01-08 16:37 <DIR> d-------- C:\WINDOWS\system32\drivers\INF
2007-01-08 16:37 <DIR> d-------- C:\Program Files\Intel
2007-01-08 16:35 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-01-08 16:34 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-01-08 16:31 <DIR> d-------- C:\Program Files\ASUS
2007-01-08 16:27 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-08 16:27 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-08 16:27 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-01-08 16:27 <DIR> d-------- C:\Program Files\My Company Name
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_n_vivid.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_n_theater.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_n_enriched.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_n_crystal.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_a_vivid.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_a_theater.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_a_enriched.sys
2007-01-08 16:26 599,424 --a------ C:\WINDOWS\system32\drivers\Bravo_a_crystal.sys
2007-01-08 16:26 46,592 --a------ C:\WINDOWS\system32\asfrench.dll
2007-01-08 16:26 46,080 --a------ C:\WINDOWS\system32\asrussian.dll
2007-01-08 16:26 46,080 --a------ C:\WINDOWS\system32\asgerman.dll
2007-01-08 16:26 46,080 --a------ C:\WINDOWS\system32\aseng.dll
2007-01-08 16:26 45,568 --a------ C:\WINDOWS\system32\askorean.dll
2007-01-08 16:26 45,568 --a------ C:\WINDOWS\system32\asjapan.dll
2007-01-08 16:26 45,568 --a------ C:\WINDOWS\system32\ASCHT.dll
2007-01-08 16:26 45,568 --a------ C:\WINDOWS\system32\aschs.dll
2007-01-08 16:26 37,888 --a------ C:\WINDOWS\system32\ATKOGL32.dll
2007-01-08 16:26 245,248 --a------ C:\WINDOWS\system32\ATKDISP.dll
2007-01-08 16:26 241,664 --a------ C:\WINDOWS\ATKKBService.exe
2007-01-08 16:26 2,033,664 --a------ C:\WINDOWS\system32\ATKOSDX32.dll
2007-01-08 16:26 11,008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys
2007-01-08 16:26 10,496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2007-01-08 16:26 1,671,168 --a------ C:\WINDOWS\system32\ATKDispCPL.dll
2007-01-08 16:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-01-08 16:25 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-01-08 16:25 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-01-08 16:25 <DIR> d-------- C:\WINDOWS\nview
2007-01-08 16:24 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-01-08 16:23 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-01-08 16:20 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-01-08 16:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-08 16:14 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-01-08 16:14 0 -rahs---- C:\MSDOS.SYS
2007-01-08 16:14 0 -rahs---- C:\IO.SYS
2007-01-08 16:14 0 --a------ C:\CONFIG.SYS
2007-01-08 16:14 0 --a------ C:\AUTOEXEC.BAT
2007-01-08 16:14 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-01-08 16:14 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-01-08 16:13 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-01-08 16:13 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-01-08 16:13 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-01-08 16:13 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-01-08 16:13 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-01-08 16:12 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-01-08 16:12 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-01-08 16:12 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-01-08 16:12 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-01-08 16:12 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-01-08 16:12 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-08 16:12 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-01-08 16:12 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-01-08 16:12 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-01-08 16:12 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-01-08 16:12 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-01-08 16:12 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-08 16:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-01-08 16:12 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-08 16:12 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-01-08 16:12 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-08 16:12 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-01-08 16:12 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-01-08 16:12 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-01-08 16:12 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-01-08 16:12 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-01-08 16:12 <DIR> d---s---- C:\WINDOWS\Tasks
2007-01-08 16:12 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-01-08 16:12 <DIR> d-------- C:\WINDOWS\srchasst
2007-01-08 16:12 <DIR> d-------- C:\Program Files\Movie Maker
2007-01-08 16:12 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-01-08 16:11 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-01-08 16:11 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-01-08 16:11 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-01-08 16:11 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-01-08 16:11 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-01-08 16:11 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-01-08 16:11 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-01-08 16:11 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-01-08 16:11 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-01-08 16:11 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-01-08 16:11 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-01-08 16:11 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-01-08 16:11 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-01-08 16:11 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-01-08 16:11 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-01-08 16:11 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-01-08 16:11 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-01-08 16:11 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-01-08 16:11 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-01-08 16:11 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-01-08 16:11 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-01-08 16:11 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-01-08 16:11 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-01-08 16:11 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-01-08 16:11 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-01-08 16:11 <DIR> d-------- C:\WINDOWS\Registration
2007-01-08 16:10 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-01-08 16:10 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-01-08 16:10 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-01-08 16:10 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-01-08 16:10 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-01-08 16:10 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-01-08 16:10 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-01-08 16:10 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-01-08 16:10 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-01-08 16:10 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-01-08 16:10 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-01-08 16:10 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-01-08 16:10 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-01-08 16:10 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-01-08 16:10 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-01-08 16:10 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-01-08 16:10 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-01-08 16:10 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-01-08 16:10 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-01-08 16:10 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-01-08 16:10 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-01-08 16:10 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-01-08 16:10 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-01-08 16:10 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-01-08 16:10 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-01-08 16:10 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-01-08 16:10 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-01-08 16:10 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-01-08 16:10 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-01-08 16:10 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-01-08 16:10 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-01-08 16:10 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-01-08 16:10 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-01-08 16:10 <DIR> d-------- C:\Program Files\Online Services
2007-01-08 16:10 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-01-08 16:10 <DIR> d-------- C:\Program Files\Messenger
2007-01-08 16:09 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-01-08 16:09 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-01-08 16:09 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-01-08 16:09 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-01-08 16:09 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-01-08 16:09 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-01-08 16:09 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-01-08 16:09 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-01-08 16:09 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-01-08 16:09 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-01-08 16:09 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-01-08 16:09 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-01-08 16:09 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-01-08 16:09 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-01-08 16:09 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-01-08 16:09 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-01-08 16:09 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-01-08 16:09 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-01-08 16:09 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-01-08 16:09 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-01-08 16:09 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-01-08 16:09 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-01-08 16:09 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-01-08 16:09 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-01-08 16:09 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-01-08 16:09 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-01-08 16:09 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-01-08 16:09 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-01-08 16:09 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-01-08 16:09 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-01-08 16:09 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-01-08 16:09 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-01-08 16:09 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-01-08 16:09 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-01-08 16:09 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-01-08 16:09 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-01-08 16:09 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-01-08 16:09 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-01-08 16:09 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-01-08 16:09 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-01-08 16:09 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-01-08 16:09 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-01-08 16:09 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-01-08 16:09 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-01-08 16:09 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-01-08 16:09 <DIR> d-------- C:\WINDOWS\system32\Com
2007-01-08 16:09 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 08:00 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\avg7
2007-01-18 21:17 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\skype
2007-01-17 19:08 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\help
2007-01-17 08:59 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\lavasoft
2007-01-16 21:13 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\pgcedit
2007-01-15 17:36 -------- d---s---- C:\Documents and Settings\Richard Busch\Application Data\microsoft
2007-01-15 15:09 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\adobe
2007-01-15 10:40 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\rainlendar
2007-01-10 10:33 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\truecrypt
2007-01-09 22:24 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\estsoft
2007-01-09 22:03 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\media player classic
2007-01-09 21:57 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\my games
2007-01-09 15:28 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\ahead
2007-01-09 14:49 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\installshield
2007-01-09 08:26 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\comodo
2007-01-08 23:55 62 --ahs---- C:\Documents and Settings\Richard Busch\Application Data\desktop.ini
2007-01-08 19:27 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\mozilla
2007-01-08 16:21 -------- d-------- C:\Documents and Settings\Richard Busch\Application Data\identities


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"AsusServiceProvider"="C:\\Program Files\\ASUS\\AASP\\1.00.05\\aaCenter.exe"
"Ai Nap"="\"C:\\Program Files\\ASUS\\AI Suite\\AiNap\\AiNap.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"Arovax Shield"="D:\\Utilities\\Arovax Shield\\ArovaxShield.exe -tray"
"Comodo Firewall"="\"D:\\Utilities\\Comodo\\Firewall\\CPF.exe\" /background"
"AVG7_CC"="D:\\UTILIT~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"Flags"=dword:00000080

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\UTILIT~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="D:\\UTILIT~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_FRONT
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ROREG

Completion time: 07-01-19 8:22:52



******* Step 2, HiJackThis *******



Logfile of HijackThis v1.99.1
Scan saved at 8:40:47 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Utilities\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Utilities\Arovax Shield\ArovaxShield.exe
D:\Utilities\Comodo\Firewall\CPF.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Utilities\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Communications\Mozilla Firefox\firefox.exe
H:\Drive E\Protection\HJT\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\Utilities\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Utilities\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Utilities\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Rainlendar.lnk = D:\Utilities\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20230228-7684-4583-8F6C-75EF378BB042}: NameServer = 202.98.160.68 202.98.161.68
O20 - Winlogon Notify: !SASWinLogon - D:\Utilities\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Utilities\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 18 January 2007 - 07:49 PM

Need the SuperAntiSpy log

Edited by MFDnSC, 18 January 2007 - 07:49 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 18 January 2007 - 08:20 PM

Superspy report just got finished. It didn't find anything though....

SUPERAntiSpyware Scan Log
Generated 01/19/2007 at 09:00 AM

Application Version : 3.5.1016

Core Rules Database Version : 3167
Trace Rules Database Version: 1178

Scan type : Complete Scan
Total Scan Time : 00:15:24

Memory items scanned : 426
Memory threats detected : 0
Registry items scanned : 4662
Registry threats detected : 0
File items scanned : 26890
File threats detected : 0



And so I would expect the following HiJackThis to be the same as the one before the scan.


Logfile of HijackThis v1.99.1
Scan saved at 9:13:49 AM, on 1/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Utilities\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Utilities\Arovax Shield\ArovaxShield.exe
D:\Utilities\Comodo\Firewall\CPF.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Utilities\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Drive E\Protection\HJT\HijackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\Utilities\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Utilities\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Utilities\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Rainlendar.lnk = D:\Utilities\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20230228-7684-4583-8F6C-75EF378BB042}: NameServer = 202.98.160.68 202.98.161.68
O20 - Winlogon Notify: !SASWinLogon - D:\Utilities\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Utilities\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 19 January 2007 - 10:24 AM

How are things???
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 20 January 2007 - 02:40 AM

So far it looks to be good, no problems. I'll give it a couple of days to be sure, but gladly extend my thanks now! :thumbsup: Much appreciated. I seem to have gotten into this mess by having to get online and download all the various protection programs when I bought the new computer. Now I will keep a 'setup dvd' on hand for the future...

--Richard

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 20 January 2007 - 09:10 AM

Turn off restore points, boot, turn them back on – here’s how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#11 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 25 January 2007 - 08:45 AM

Hi there,

Has been crazy lately. Everything seems A-Okay! Thank you so much for your assistance, I appreciate it very much - especially as it is freely given. Thanks so much!

--Richard

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 27 January 2007 - 07:25 AM

Hello rbusch. MFDnSC is not available. Glad to hear everything appears ok but there is one more thing I would like to check for. Some malware will hide certain entries in a hijackthis log to prevent detection so I need you to rename it. Please open the HijackThis Folder, find the HijackThis.exe file, right click on it and select rename. Type Analyze.exe and hit "Enter". Double-click on Analyze.exe (which is still HijackThis) and post back with a new log in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 29 January 2007 - 12:16 AM

Ay Ay Captain! :thumbsup: Here is the log after renaming HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 1:12:33 PM, on 1/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Utilities\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Utilities\Arovax Shield\ArovaxShield.exe
D:\Utilities\Comodo\Firewall\CPF.exe
D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Communications\uTorrent\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Utilities\TrueCrypt\TrueCrypt.exe
d:\Video\Quicktime\QuickTimePlayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
D:\Communications\Mozilla Firefox\firefox.exe
D:\Utilities\Rainlendar\Rainlendar.exe
G:\Drive E\Protection\HJT\analyze.exe.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Arovax Shield] D:\Utilities\Arovax Shield\ArovaxShield.exe -tray
O4 - HKLM\..\Run: [Comodo Firewall] "D:\Utilities\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] D:\UTILIT~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Rainlendar.lnk = D:\Utilities\Rainlendar\Rainlendar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20230228-7684-4583-8F6C-75EF378BB042}: NameServer = 202.98.160.68 202.98.161.68
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\UTILIT~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Utilities\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


There is bound to be a 'few' more things than last log, I've begun to rebuild the system. Hopefully nothing that doesn't belong however...!

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 29 January 2007 - 07:59 AM

Your log still looks clean.

To protect yourself against malware and reduce the potential for re-infection, read:
• "Simple and easy ways to keep your computer safe".
• "The Ten Most Dangerous Things Users Do Online".
• "How did I get infected?, With steps so it does not happen again!".
• "Secure Your Home Computer - A guide for online users".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 rbusch

rbusch
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 30 January 2007 - 06:42 AM

Thank you very much, I feel like getting a clean bill of health at a yearly physical. :thumbsup: Seriously, thank you, I appreciate it!

--Richard




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users