Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regscan.exe ... Again!


  • This topic is locked This topic is locked
14 replies to this topic

#1 VirusHunter

VirusHunter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2007 - 03:10 AM

WTF ... Last week, I found out that this process called "RegScan.exe" was sucking down 100% of my CPU. A few days before this, I was on YouTube and while a fancy flash-based banner ad was loading, my Avast came up and detected a virus, " Trojan.Tiny.ES". I of course deleted it but that's the only thing I can think of as far as "RegScan.exe" coming on to my computer is concerned.

Anyways, I closed down this process and did a scan but everything came up clean. The computer was still lagging like bleep. So screw it, I decided to format. No biggie for me, I just put my backup files on my other linux computer a week before this.

I'm two days off my format, and my firewall, Comodo, comes up with this piece of crap "RegScan.exe" ... AGAIN! I denied but I'm about to blow my top. How did this crap get onto my computer again? I haven't even been using my computer much.

I usually don't beg ... but can someone please tell me what on god's green earth is going on here? I'm up to my wit's end with this situation.

VH

Logfile of HijackThis v1.99.1
Scan saved at 2:50:45 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\**********\Desktop\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 February 2007 - 04:54 AM

Welcome to BC VirusHunter :thumbsup:

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold bluetext:

Files to delete:
C:\WINDOWS\system32\regscan.exe


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2007 - 05:15 AM

Thank you so much for your reply and for the kind welcome. :thumbsup:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vxvhvqci

*******************

Script file located at: \??\C:\Program Files\bfipunhb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\regscan.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 5:10:35 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 February 2007 - 05:35 AM

You’ve got Avast4 and BitDefender installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them as soon as possible.

************************

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.

************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
Exit Hijackthis.

************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*************************

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Reboot,post the DrWeb.cvs report and a new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2007 - 07:23 PM

The computer is running better, though I still don't trust it to do my home banking.

DrWeb:

PCSecurityTest.exe;C:\Program Files\AxBx\PC Security Test 2006;Program.AVTest;Incurable.Deleted.;

Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:30 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hjt\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 22 February 2007 - 08:01 PM

Download and scan with the free 15 day trial of Counterspy
Once installed launch Counterspy.
Click on 'Spyware Scan',then click 'Updates' at the top right.
Once any available updates have been installed,click the 'Scan Now' button.
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

*********************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the Counterspy report,the Comboscan.txt from the Comboscan into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2007 - 11:53 PM

First I'll post the CounterSpy and Hijackthis in full but will have to post the ComboScan in a seperate post since it's too long all together. I'm going to remove BitDefender right now. I thought two scanners would help.

CounterSpy:

[quote]Scan History Details
Start Date: 2/22/2007 10:48:10 PM
End Date: 2/22/2007 11:15:08 PM
Total Time: 26 Min 58 Sec
Detected security risks
No risks were found during this scan.[/quote]
Hijackthis:

[quote]Logfile of HijackThis v1.99.1
Scan saved at 11:45:29 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hjt\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)[/quote]

ComboScan:

[quote]ComboScan v20070221.16 run by *** on 2007-02-22 at 23:46:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as ***.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:46:42 PM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Webshots\webshots.scr
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Documents and Settings\***\Desktop\comboscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Hjt\***.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


-- Files created between 2007-01-22 and 2007-02-22 ------------------------------

2007-02-22 21:17:53 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-22 21:17:53 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-22 20:19:15 15544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-02-22 20:18:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software<SUNBEL~1>
2007-02-22 20:18:03 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-22 16:37:57 0 d-------- C:\Documents and Settings\***\DoctorWeb<DOCTOR~1>
2007-02-22 16:11:47 0 d-------- C:\Hjt
2007-02-22 05:05:22 0 d-------- C:\avenger
2007-02-22 02:46:17 342536 --a------ C:\WINDOWS\dbatgoy.dll
2007-02-20 05:24:18 0 d-------- C:\temp
2007-02-20 04:13:31 0 d-------- C:\Program Files\Digital TV 2050<DIGITA~1>
2007-02-20 01:49:52 0 d-------- C:\Program Files\hoonnet
2007-02-20 01:10:21 0 d-------- C:\Program Files\Free CD-DA Extractor 4.8<FREECD~1.8>
2007-02-20 01:08:31 737280 --a------ C:\WINDOWS\iun6002.exe
2007-02-20 00:39:53 0 d-------- C:\Games
2007-02-20 00:35:53 0 d-------- C:\Program Files\Doom Shareware for Windows 95<DOOMSH~1>
2007-02-20 00:25:42 0 d-------- C:\Documents and Settings\***\Application Data\Launchy
2007-02-20 00:25:36 0 d-------- C:\Program Files\Launchy
2007-02-20 00:21:48 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-20 00:21:35 0 d-------- C:\WINDOWS\Easy CD-DA Extractor<EASYCD~1>
2007-02-20 00:16:34 0 d-------- C:\Program Files\DOSBox-0.65
2007-02-19 21:08:49 5248 --a------ C:\WINDOWS\system32\drivers\a347scsi.sys
2007-02-19 21:08:49 160640 --a------ C:\WINDOWS\system32\drivers\a347bus.sys
2007-02-19 21:08:45 0 d-------- C:\Program Files\Alcohol Soft<ALCOHO~1>
2007-02-19 19:19:27 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2007-02-19 19:19:27 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2007-02-19 19:19:27 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2007-02-19 18:30:20 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-02-19 18:22:12 89184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2007-02-19 18:22:03 38912 --a------ C:\WINDOWS\system32\picn20.dll
2007-02-19 18:22:02 283920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-02-19 18:22:02 544768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-02-19 18:22:02 569344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-02-19 18:22:01 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-02-19 18:22:01 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-19 18:21:57 0 d-------- C:\Program Files\Ahead
2007-02-19 18:12:20 0 d-------- C:\Shell
2007-02-19 18:00:47 0 d-------- C:\WINDOWS\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}<HDINED~1.{00>
2007-02-19 18:00:31 0 d-------- C:\Program Files\burnatonce<BURNAT~1>
2007-02-19 17:59:24 0 d-------- C:\Program Files\CDBurnerXP Pro 3<CDBURN~1>
2007-02-19 17:58:30 0 d-------- C:\Program Files\ClipX
2007-02-19 17:54:39 0 d-------- C:\Program Files\GIF Movie Gear<GIFMOV~1>
2007-02-19 17:46:58 0 d-------- C:\Program Files\GSpot
2007-02-19 17:43:30 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-19 17:42:25 0 d-------- C:\WINDOWS\system32\windows media<WINDOW~1>
2007-02-19 17:42:12 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-02-19 17:42:05 0 d-------- C:\Program Files\Windows Media Components<WINDOW~4>
2007-02-19 17:32:37 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-19 17:32:26 0 d-------- C:\Program Files\Winamp
2007-02-19 17:32:26 0 d-------- C:\Documents and Settings\***\Application Data\Winamp
2007-02-19 17:13:02 0 d-------- C:\Documents and Settings\***\Application Data\InterVideo<INTERV~1>
2007-02-19 16:54:33 0 d-------- C:\Program Files\Webshots
2007-02-19 16:54:33 0 d-------- C:\Documents and Settings\***\Application Data\Webshots
2007-02-19 16:51:36 0 d-------- C:\Program Files\Maxthon
2007-02-19 16:49:53 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-02-19 16:46:39 266360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-02-19 16:45:37 356864 --a------ C:\WINDOWS\TrueCrypt Setup.exe<TRUECR~1.EXE>
2007-02-19 16:45:37 193632 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys<TRUECR~1.SYS>
2007-02-19 16:45:37 0 d-------- C:\Program Files\TrueCrypt<TRUECR~1>
2007-02-19 16:43:07 0 d-------- C:\Program Files\Stellarium<STELLA~1>
2007-02-19 16:42:36 0 d-------- C:\Program Files\tinySpell<TINYSP~1>
2007-02-19 16:39:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-19 16:36:59 0 d-------- C:\Program Files\Recuva
2007-02-19 16:35:48 0 d-------- C:\Documents and Settings\***\.rainlendar2<RAINLE~1>
2007-02-19 16:35:41 0 d-------- C:\Program Files\Rainlendar2<RAINLE~1>
2007-02-19 16:32:52 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-19 16:32:26 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-19 16:31:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-02-19 16:29:34 0 d-------- C:\Documents and Settings\***\Application Data\Nvu
2007-02-19 16:28:49 0 d-------- C:\Program Files\Nvu
2007-02-19 16:26:21 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-19 16:26:21 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-19 16:25:55 0 d-------- C:\Program Files\Picasa2
2007-02-19 16:23:10 0 d-------- C:\Documents and Settings\***\Application Data\iPodder
2007-02-19 16:22:57 0 d-------- C:\Program Files\Juice
2007-02-19 16:22:41 0 d-------- C:\Program Files\mIRC
2007-02-19 16:20:21 0 d-------- C:\WINDOWS\Sun
2007-02-19 16:20:21 0 d-------- C:\Documents and Settings\***\Application Data\Sun
2007-02-19 16:19:15 0 d-------- C:\Program Files\Java
2007-02-19 16:17:36 0 d-------- C:\Program Files\Common Files\Java
2007-02-19 16:13:03 0 d-------- C:\Program Files\Hamachi
2007-02-19 16:08:50 0 d-------- C:\Program Files\Hero Editor<HEROED~1>
2007-02-19 16:08:47 249856 -----n--- C:\WINDOWS\Setup1.exe
2007-02-19 16:08:44 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-19 16:01:35 0 d-------- C:\Program Files\IZArc
2007-02-19 15:56:06 0 d-------- C:\Documents and Settings\***\Application Data\Hamachi
2007-02-19 15:55:38 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-02-19 15:52:43 0 d-------- C:\Program Files\Google
2007-02-19 15:50:43 0 d-------- C:\Program Files\Foxit Software<FOXITS~1>
2007-02-19 15:48:18 0 d-------- C:\Documents and Settings\***\Application Data\FastStone<FASTST~1>
2007-02-19 15:48:13 0 d-------- C:\Program Files\FastStone Capture<FASTST~1>
2007-02-19 15:47:23 0 d-------- C:\Program Files\Exact Audio Copy<EXACTA~1>
2007-02-19 15:46:08 286720 --a------ C:\WINDOWS\system32\erasext.dll
2007-02-19 15:46:08 241664 --a------ C:\WINDOWS\system32\eraserl.exe
2007-02-19 15:46:08 618496 --a------ C:\WINDOWS\system32\Eraser.dll
2007-02-19 15:46:07 0 d-------- C:\Program Files\Eraser
2007-02-19 15:42:38 0 d-------- C:\Documents and Settings\***\Application Data\BitTorrent<BITTOR~1>
2007-02-19 15:41:58 0 d-------- C:\Program Files\BitTorrent<BITTOR~1>
2007-02-19 15:41:41 0 d-------- C:\Program Files\CCleaner
2007-02-19 15:38:50 0 d-------- C:\Program Files\Audacity
2007-02-19 15:37:13 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-19 15:35:10 0 d-------- C:\Program Files\gs
2007-02-19 15:29:58 0 d-------- C:\Program Files\Lavasoft
2007-02-19 15:29:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-19 15:29:30 87800 --a------ C:\WINDOWS\system32\cpwmon2k.dll
2007-02-19 15:29:24 0 d-------- C:\Program Files\Acro Software<ACROSO~1>
2007-02-19 15:27:46 0 d-------- C:\WINDOWS\system32\appmgmt
2007-02-19 15:25:22 0 d-------- C:\Documents and Settings\***\Application Data\Lavasoft
2007-02-19 15:21:29 0 d-------- C:\Documents and Settings\***\Application Data\Actual Tools<ACTUAL~1>
2007-02-19 15:21:25 0 d-------- C:\Program Files\Actual Transparent Window<ACTUAL~1>
2007-02-19 15:10:06 0 d-------- C:\WINDOWS\Watson
2007-02-19 15:05:42 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-19 15:04:26 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-02-19 15:01:46 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-02-19 15:00:08 0 d-------- C:\Program Files\Common Files\L&H
2007-02-19 14:59:26 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-19 14:58:30 0 d-------- C:\Program Files\Microsoft Works<MIF2B0~1>
2007-02-19 14:57:47 0 d-------- C:\WINDOWS\SHELLNEW
2007-02-19 14:57:22 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-02-19 14:53:52 31744 --a------ C:\WINDOWS\system32\drivers\IcdSX.sys
2007-02-19 14:53:45 90112 -----n--- C:\WINDOWS\snymsico.dll
2007-02-19 14:53:32 26409 --a------ C:\WINDOWS\system32\drivers\Icdusb.sys
2007-02-19 14:53:25 39048 --a------ C:\WINDOWS\system32\drivers\IcdUsb2.sys
2007-02-19 14:53:18 57344 --a------ C:\WINDOWS\system32\StrmOut.dll
2007-02-19 14:53:18 208896 --a------ C:\WINDOWS\system32\ICDFConv.dll
2007-02-19 14:53:18 61440 --a------ C:\WINDOWS\system32\DSConv.dll
2007-02-19 14:53:17 90112 --a------ C:\WINDOWS\system32\IcdYsys.dll
2007-02-19 14:53:17 24576 --a------ C:\WINDOWS\system32\IcdSptSvps.dll<ICDSPT~1.DLL>
2007-02-19 14:53:17 69632 --a------ C:\WINDOWS\system32\IcdSptSv.exe
2007-02-19 14:53:16 122880 --a------ C:\WINDOWS\system32\trc.dll
2007-02-19 14:53:16 65536 --a------ C:\WINDOWS\system32\rcnv2.dll
2007-02-19 14:53:16 317440 --a------ C:\WINDOWS\system32\IcdXa.dll
2007-02-19 14:53:16 61440 --a------ C:\WINDOWS\system32\ICDUSB2.dll
2007-02-19 14:53:16 49664 --a------ C:\WINDOWS\system32\ICDUSB.dll
2007-02-19 14:53:16 209408 --a------ C:\WINDOWS\system32\IcdStor2.dll
2007-02-19 14:53:16 53248 --a------ C:\WINDOWS\system32\IcdSpi.dll
2007-02-19 14:53:16 139264 --a------ C:\WINDOWS\system32\IcdShlex.dll
2007-02-19 14:53:16 28672 --a------ C:\WINDOWS\system32\IcdShare.dll
2007-02-19 14:53:16 73728 --a------ C:\WINDOWS\system32\IcdMSCom.dll
2007-02-19 14:53:16 122880 --a------ C:\WINDOWS\system32\icdcomm2.dll
2007-02-19 14:53:16 28160 --a------ C:\WINDOWS\system32\icdcomm.dll
2007-02-19 14:53:16 86016 --a------ C:\WINDOWS\system32\IcdCdda.dll
2007-02-19 14:53:16 81920 --a------ C:\WINDOWS\system32\dsp_trc.dll
2007-02-19 14:53:15 86016 --a------ C:\WINDOWS\system32\spicc.dll
2007-02-19 14:53:15 69632 --a------ C:\WINDOWS\system32\spc.dll
2007-02-19 14:53:15 323584 --a------ C:\WINDOWS\system32\LPEC.dll
2007-02-19 14:53:15 49152 --a------ C:\WINDOWS\system32\IcdSConv.dll
2007-02-19 14:53:07 0 d-------- C:\Program Files\SONY
2007-02-19 14:51:44 0 d-------- C:\Program Files\Finale Performance Assessment<FINALE~3>
2007-02-19 14:51:36 90112 --a------ C:\WINDOWS\unvise32.exe
2007-02-19 14:51:30 0 d-------- C:\Program Files\Finale 2005<FINALE~2>
2007-02-19 14:51:09 0 d-------- C:\Psfonts
2007-02-19 14:51:04 0 d-------- C:\Program Files\Finale NotePad 2005a<FINALE~1>
2007-02-19 14:43:46 0 d-------- C:\Program Files\Microsoft Games<MICROS~2>
2007-02-19 14:33:23 35378 --a------ C:\WINDOWS\DIIUnin.dat
2007-02-19 14:33:16 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-02-19 14:33:16 94208 --a------ C:\WINDOWS\DIIUnin.exe
2007-02-19 14:28:06 0 d-------- C:\Program Files\Diablo II<DIABLO~1>
2007-02-19 13:58:36 0 d-------- C:\Extras
2007-02-19 13:58:36 0 d-------- C:\Autorun
2007-02-19 13:58:35 0 d-------- C:\Program Files\THQ
2007-02-19 13:56:46 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-02-19 13:56:46 21033 --a------ C:\WINDOWS\War3Unin.dat
2007-02-19 13:56:45 126976 --a------ C:\WINDOWS\War3Unin.exe
2007-02-19 13:51:44 0 d-------- C:\Program Files\Warcraft III<WARCRA~1>
2007-02-19 04:19:36 0 d---s---- C:\Documents and Settings\***\UserData
2007-02-19 04:12:19 0 d-------- C:\Program Files\KeePass Password Safe<KEEPAS~1>
2007-02-19 02:45:10 0 d-------- C:\Documents and Settings\***\Application Data\Google
2007-02-19 02:35:31 0 d-------- C:\Documents and Settings\***\Application Data\Comodo
2007-02-19 02:35:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-02-19 02:32:53 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-02-19 02:32:53 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-02-19 02:32:51 0 d-------- C:\Program Files\Comodo
2007-02-19 01:39:04 14 --a------ C:\Documents and Settings\***\getfile.dat
2007-02-19 01:28:03 0 d--hs---- C:\WINDOWS\CSC
2007-02-19 01:12:53 0 d--h----- C:\WINDOWS\system32\GroupPolicy<GROUPP~1>
2007-02-19 01:03:04 0 d--hs---- C:\RECYCLER
2007-02-19 01:00:32 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files<IISTEM~1>
2007-02-19 01:00:09 0 d-------- C:\WINDOWS\system32\Cache
2007-02-19 00:59:38 0 d-------- C:\WINDOWS\system32\FxsTmp
2007-02-19 00:59:21 7168 --a------ C:\WINDOWS\system32\snprfdll.dll
2007-02-19 00:59:21 12288 --a------ C:\WINDOWS\system32\smtpctrs.dll
2007-02-19 00:59:21 23040 --a------ C:\WINDOWS\system32\regtrace.exe
2007-02-19 00:59:21 43520 --a------ C:\WINDOWS\system32\fcachdll.dll
2007-02-19 00:59:21 5632 --a------ C:\WINDOWS\system32\adsiisex.dll
2007-02-19 00:58:56 7680 --a------ C:\WINDOWS\system32\ftpctrs2.dll
2007-02-19 00:58:53 5632 --a------ C:\WINDOWS\system32\w3svapi.dll
2007-02-19 00:58:53 4608 --a------ C:\WINDOWS\system32\w3ctrs.dll
2007-02-19 00:58:53 10240 --a------ C:\WINDOWS\system32\aspperf.dll
2007-02-19 00:58:52 7168 --a------ C:\WINDOWS\system32\wamregps.dll
2007-02-19 00:58:52 19968 --a------ C:\WINDOWS\system32\inetsloc.dll
2007-02-19 00:58:52 5632 --a------ C:\WINDOWS\system32\iisrstap.dll
2007-02-19 00:58:52 14336 --a------ C:\WINDOWS\system32\iisreset.exe
2007-02-19 00:58:52 3584 --a------ C:\WINDOWS\system32\iismui.dll
2007-02-19 00:58:52 6144 --a------ C:\WINDOWS\system32\ftpsapi2.dll
2007-02-19 00:58:51 18944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-02-19 00:58:51 8704 --a------ C:\WINDOWS\system32\infoctrs.dll
2007-02-19 00:58:51 56320 --a------ C:\WINDOWS\system32\convlog.exe
2007-02-19 00:58:51 6144 --a------ C:\WINDOWS\system32\admxprox.dll
2007-02-19 00:58:46 11264 --a------ C:\WINDOWS\system32\fxssend.exe
2007-02-19 00:58:46 31744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-02-19 00:58:45 132608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2007-02-19 00:58:44 111104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2007-02-19 00:58:13 0 d-------- C:\WINDOWS\system32\msmq
2007-02-19 00:58:12 0 d-------- C:\Inetpub
2007-02-19 00:58:11 0 d-------- C:\WINDOWS\system32\Logfiles
2007-02-19 00:51:29 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-02-19 00:41:54 0 d-------- C:\Program Files\DIFX
2007-02-19 00:41:35 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-19 00:41:35 36864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-02-19 00:38:45 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-19 00:38:04 0 d-------- C:\Program Files\Common Files\SureThing Shared<SURETH~1>
2007-02-19 00:37:57 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-02-19 00:36:01 0 d-------- C:\Program Files\Common Files\TiVo Shared<TIVOSH~1>
2007-02-19 00:35:59 0 d-------- C:\Program Files\Sonic
2007-02-19 00:34:10 0 d-------- C:\Program Files\Common Files\Sonic Shared<SONICS~1>
2007-02-19 00:33:18 32356 -----n--- C:\WINDOWS\system32\pusbfd1.sys
2007-02-19 00:33:17 0 d-------- C:\swsetup
2007-02-19 00:31:30 425984 --a------ C:\WINDOWS\system32\hpqPres.dll
2007-02-19 00:31:30 65536 --a------ C:\WINDOWS\system32\hpqactn.dll
2007-02-19 00:31:29 32768 --a------ C:\WINDOWS\system32\eabhbrn8.dll
2007-02-19 00:31:29 225280 --a------ C:\WINDOWS\system32\cpqinfo.dll
2007-02-19 00:31:21 5220 --a------ C:\WINDOWS\system32\drivers\EabUsb.sys
2007-02-19 00:31:21 7432 --a------ C:\WINDOWS\system32\drivers\eabfiltr.sys
2007-02-19 00:31:09 115880 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-02-19 00:31:09 108544 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-19 00:30:46 0 d-------- C:\Program Files\muvee Technologies<MUVEET~1>
2007-02-19 00:30:46 0 d-------- C:\Program Files\Common Files\muvee Technologies<MUVEET~1>
2007-02-19 00:30:22 0 d-------- C:\Documents and Settings\All Users\Application Data\muvee Technologies<MUVEET~1>
2007-02-19 00:29:49 0 d-------- C:\Program Files\Zone.com
2007-02-19 00:25:57 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-19 00:24:21 69724 --a------ C:\WINDOWS\system32\SynTPFcs.dll
2007-02-19 00:24:19 81920 --a------ C:\WINDOWS\system32\SynTPCo2.dll
2007-02-19 00:24:19 90204 --a------ C:\WINDOWS\system32\SynTPAPI.dll
2007-02-19 00:24:19 191456 --a------ C:\WINDOWS\system32\drivers\SynTP.sys
2007-02-19 00:24:18 114688 --a------ C:\WINDOWS\system32\SynCtrl.dll
2007-02-19 00:24:18 82015 --a------ C:\WINDOWS\system32\SynCOM.dll
2007-02-19 00:24:17 0 d-------- C:\Program Files\Synaptics<SYNAPT~1>
2007-02-19 00:23:42 0 d-------- C:\Program Files\Hp
2007-02-19 00:23:42 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-02-19 00:23:35 0 d-------- C:\WINDOWS\Hewlett-Packard<HEWLET~1>
2007-02-19 00:22:58 0 d-------- C:\Program Files\CPQ
2007-02-19 00:21:29 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll<IV828C~1.DLL>
2007-02-19 00:21:29 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll<IV760B~1.DLL>
2007-02-19 00:21:29 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll<IVIRES~4.DLL>
2007-02-19 00:21:29 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll<IVIRES~3.DLL>
2007-02-19 00:21:29 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll<IVIRES~2.DLL>
2007-02-19 00:21:29 20480 --a------ C:\WINDOWS\system32\IVIresize.dll<IVIRES~1.DLL>
2007-02-19 00:21:13 0 d-------- C:\Program Files\InterVideo<INTERV~1>
2007-02-19 00:18:21 0 d-------- C:\Program Files\HPQ
2007-02-19 00:16:52 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-19 00:16:52 0 dr--s---- C:\WINDOWS\assembly
2007-02-19 00:16:49 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-19 00:16:27 176128 -----n--- C:\WINDOWS\system32\bcmwlu00.EXE
2007-02-19 00:16:27 69632 -----n--- C:\WINDOWS\system32\bcmwlD2K.EXE
2007-02-19 00:16:25 371712 -----n--- C:\WINDOWS\system32\drivers\BCMWL5.SYS
2007-02-19 00:16:09 0 d-------- C:\Program Files\CONEXANT
2007-02-19 00:16:03 39018 --a------ C:\WINDOWS\system32\hsfci012.dll
2007-02-19 00:16:03 200192 --a------ C:\WINDOWS\system32\drivers\HSFHWATI.sys
2007-02-19 00:16:02 1038208 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2007-02-19 00:16:02 703232 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2007-02-19 00:15:35 69760 --a------ C:\WINDOWS\system32\drivers\Rtlnicxp.sys
2007-02-19 00:15:34 0 d-------- C:\WINDOWS\OPTIONS
2007-02-19 00:15:17 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-19 00:15:08 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-19 00:15:05 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-19 00:15:04 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-02-19 00:15:02 0 d-------- C:\WINDOWS\tiinst
2007-02-19 00:15:02 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-19 00:15:01 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-19 00:14:59 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-19 00:14:58 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-19 00:14:57 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-19 00:14:54 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-02-19 00:14:52 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-02-19 00:14:51 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-02-19 00:14:31 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-19 00:14:10 346496 -ra------ C:\WINDOWS\system32\drivers\camc6hal.sys
2007-02-19 00:14:10 37760 -ra------ C:\WINDOWS\system32\drivers\camc6aud.sys
2007-02-19 00:14:10 11589 -ra------ C:\WINDOWS\system32\CAUDINST.dll
2007-02-19 00:14:10 28672 -ra------ C:\WINDOWS\ciaunwdm.exe
2007-02-19 00:14:08 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-19 00:14:08 145920 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-19 00:14:07 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-19 00:12:31 0 d-------- C:\SYSTEM.SAV
2007-02-19 00:06:52 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-19 00:06:47 0 d-------- C:\WINDOWS\Prefetch
2007-02-18 23:59:16 12800 -----n--- C:\WINDOWS\system32\spiisupd.exe
2007-02-18 23:59:16 40832 -----n--- C:\WINDOWS\system32\drivers\irbus.sys
2007-02-18 23:59:16 9728 -----n--- C:\WINDOWS\system32\comsdupd.exe
2007-02-18 23:59:16 32768 -----n--- C:\WINDOWS\system32\asr_pfu.exe
2007-02-18 23:59:12 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-18 23:59:12 1273344 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-18 23:59:12 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-18 23:59:12 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-18 23:59:12 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-18 23:59:12 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-18 23:59:12 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-18 23:59:12 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-18 23:59:12 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-18 23:59:12 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-18 23:59:12 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-18 23:59:12 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-18 23:59:12 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-18 23:59:12 37376 -----n--- C:\WINDOWS\system32\drivers\amdk7.sys
2007-02-18 23:59:12 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-18 23:59:12 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-18 23:59:12 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-18 23:59:12 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-18 23:59:12 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-18 23:59:12 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-18 23:59:12 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-18 23:59:12 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-18 23:59:12 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-18 23:59:12 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-18 23:59:12 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-18 23:59:11 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-18 23:59:11 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-18 23:59:11 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-18 23:59:11 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-18 23:59:11 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-18 23:59:11 124800 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-18 23:59:11 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-18 23:59:11 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-18 23:59:11 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-18 23:59:11 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-18 23:59:11 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-18 23:59:11 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-18 23:59:11 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-18 23:59:11 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-18 23:59:11 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-18 23:59:11 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-18 23:59:11 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-18 23:59:11 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-18 23:59:11 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-18 23:59:11 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-18 23:59:11 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-18 23:59:11 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-18 23:59:11 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-18 23:59:11 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-18 23:59:11 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-18 23:59:11 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-18 23:59:11 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-18 23:59:10 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-18 23:59:10 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-18 23:59:10 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-18 23:59:10 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-18 23:59:10 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-18 23:59:10 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-18 23:59:10 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-18 23:59:10 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-18 23:59:10 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-18 23:59:10 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-18 23:59:10 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-18 23:59:10 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-18 23:59:10 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-18 23:59:10 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-18 23:59:10 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-18 23:59:10 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-18 23:59:10 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-18 23:59:10 13059 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-18 23:59:10 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-18 23:59:10 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-18 23:59:10 263040 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-18 23:59:10 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-18 23:59:09 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-18 23:59:09 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-18 23:59:09 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-18 23:59:09 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-18 23:59:09 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-18 23:59:09 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-18 23:59:09 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-18 23:59:09 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-18 23:59:09 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-18 23:59:09 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-18 23:59:09 26624 -----n--- C:\WINDOWS\system32\drivers\usbehci.sys
2007-02-18 23:59:09 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-18 23:59:09 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-18 23:59:09 12416 -----n--- C:\WINDOWS\system32\drivers\tunmp.sys
2007-02-18 23:59:09 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-18 23:59:09 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-18 23:59:09 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-18 23:59:09 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-18 23:59:09 20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-18 23:59:09 71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-18 23:59:09 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-18 23:59:09 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-18 23:59:09 14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-18 23:59:09 639872 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-02-18 23:59:09 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-18 23:59:09 2365472 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-02-18 23:59:09 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-18 23:59:09 205312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-02-18 23:59:09 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-18 23:59:09 212992 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-02-18 23:59:08 24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-18 23:59:08 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-18 23:59:08 7168 -----n--- C:\WINDOWS\system32\hccoin.dll
2007-02-18 23:59:08 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-18 23:59:08 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-18 23:59:08 22528 -----n--- C:\WINDOWS\system32\fltmc.exe
2007-02-18 23:59:08 16896 -----n--- C:\WINDOWS\system32\fltlib.dll
2007-02-18 23:59:08 186368 -----n--- C:\WINDOWS\system32\encdec.dll
2007-02-18 23:59:08 20480 -----n--- C:\WINDOWS\system32\encapi.dll
2007-02-18 23:59:08 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll
2007-02-18 23:59:08 4096 -----n--- C:\WINDOWS\system32\dsprpres.dll
2007-02-18 23:59:08 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll
2007-02-18 23:59:08 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-18 23:59:08 50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-18 23:59:08 30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-18 23:59:07 81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-18 23:59:05 134656 -----n--- C:\WINDOWS\system32\mssap.dll
2007-02-18 23:59:05 25088 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2007-02-18 23:59:05 537088 -----n--- C:\WINDOWS\system32\msftedit.dll
2007-02-18 23:59:05 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-18 23:59:05 384512 -----n--- C:\WINDOWS\system32\mp4sdmod.dll
2007-02-18 23:59:05 310272 -----n--- C:\WINDOWS\system32\mp43dmod.dll
2007-02-18 23:59:05 86016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-02-18 23:59:05 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-18 23:59:05 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-18 23:59:05 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-18 23:59:05 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-18 23:59:05 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-18 23:59:05 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-18 23:59:05 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-18 23:59:05 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-18 23:59:05 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-18 23:59:05 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-18 23:59:05 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-18 23:59:04 49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-18 23:59:04 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-18 23:59:04 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-18 23:59:04 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-18 23:59:04 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-18 23:59:04 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-18 23:59:04 116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-18 23:59:04 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-18 23:59:04 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-18 23:59:03 150016 --a------ C:\WINDOWS\system32\wmidx.dll
2007-02-18 23:59:03 189440 --a------ C:\WINDOWS\system32\wmerror.dll
2007-02-18 23:59:03 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-18 23:59:03 351232 -----n--- C:\WINDOWS\system32\winhttp.dll
2007-02-18 23:59:03 937984 -----n--- C:\WINDOWS\system32\winbrand.dll
2007-02-18 23:59:03 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-18 23:59:03 44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-18 23:59:03 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-18 23:59:03 8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-18 23:59:03 73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-18 23:59:03 32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-18 23:59:03 188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-18 23:59:03 286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-18 23:59:03 73832 -----n--- C:&#

Edited by VirusHunter, 22 February 2007 - 11:54 PM.


#8 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 22 February 2007 - 11:56 PM

-----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-18 23:59:03 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-18 23:59:03 159232 -----n--- C:\WINDOWS\system32\sbeio.dll
2007-02-18 23:59:03 270848 -----n--- C:\WINDOWS\system32\sbe.dll
2007-02-18 23:59:03 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-18 23:59:02 165888 -----n--- C:\WINDOWS\system32\wuauclt1.exe
2007-02-18 23:59:02 430592 -----n--- C:\WINDOWS\system32\wuapi.dll
2007-02-18 23:59:02 108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-18 23:59:02 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-18 23:59:02 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-18 23:59:02 999424 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-02-18 23:59:02 936960 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-02-18 23:59:02 531192 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-02-18 23:59:02 1116160 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-02-18 23:59:02 282624 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-02-18 23:59:02 135168 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-02-18 23:59:01 187392 -----n--- C:\WINDOWS\system32\xpsp1res.dll
2007-02-18 23:59:01 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-18 23:59:01 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-18 23:59:01 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-18 23:59:01 120320 -----n--- C:\WINDOWS\system32\wuweb.dll
2007-02-18 23:59:01 36864 -----n--- C:\WINDOWS\system32\wups.dll
2007-02-18 23:59:01 112640 -----n--- C:\WINDOWS\system32\wucltui.dll
2007-02-18 23:59:01 183296 -----n--- C:\WINDOWS\system32\wuaueng1.dll
2007-02-18 23:59:01 32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-18 23:58:59 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-02-18 23:58:59 0 d-------- C:\WINDOWS\peernet
2007-02-18 23:58:49 290816 --a------ C:\WINDOWS\system32\adsiis.dll
2007-02-18 23:58:45 10752 --a------ C:\WINDOWS\system32\smtpapi.dll
2007-02-18 23:58:36 9728 --a------ C:\WINDOWS\system32\rwnh.dll
2007-02-18 23:58:35 68608 --a------ C:\WINDOWS\system32\iisext.dll
2007-02-18 23:58:35 14336 --a------ C:\WINDOWS\system32\exstrace.dll
2007-02-18 23:58:26 13312 --a------ C:\WINDOWS\system32\infoadmn.dll
2007-02-18 23:58:21 64512 --a------ C:\WINDOWS\system32\iismap.dll
2007-02-18 23:58:21 43520 --a------ C:\WINDOWS\system32\admwprox.dll
2007-02-18 23:58:19 133632 --a------ C:\WINDOWS\system32\iisRtl.dll
2007-02-18 23:58:18 8192 --a------ C:\WINDOWS\system32\staxmem.dll
2007-02-18 23:58:11 24064 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-02-18 23:58:07 23552 --a------ C:\WINDOWS\system32\fxsmon.dll
2007-02-18 23:58:07 285184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-02-18 23:57:59 22528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-02-18 23:57:57 92160 --a------ C:\WINDOWS\system32\evntwin.exe
2007-02-18 23:57:56 267776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-02-18 23:57:49 6144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-02-18 23:57:47 400384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-02-18 23:57:40 39936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-02-18 23:57:26 6656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-02-18 23:57:23 246272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-02-18 23:57:22 23552 --a------ C:\WINDOWS\system32\fxsext32.dll
2007-02-18 23:57:14 452096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-02-18 23:57:13 562176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-02-18 23:57:12 192512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2007-02-18 23:57:10 229376 --a------ C:\WINDOWS\system32\fxscover.exe
2007-02-18 23:56:59 32768 --a------ C:\WINDOWS\system32\snmp.exe
2007-02-18 23:56:57 8704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-02-18 23:56:54 397312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-02-18 23:56:48 72192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-02-18 23:56:45 8704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-02-18 23:56:39 154112 --a------ C:\WINDOWS\system32\fxsui.dll
2007-02-18 23:56:32 55296 --a------ C:\WINDOWS\system32\fxsevent.dll
2007-02-18 23:56:30 18944 --a------ C:\WINDOWS\system32\lprmon.dll
2007-02-18 23:56:20 27136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-02-18 23:56:11 35328 --a------ C:\WINDOWS\system32\iprip.dll
2007-02-18 23:56:09 143360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-02-18 23:56:05 33792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-02-18 23:55:55 101888 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-02-18 23:55:52 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-18 23:51:18 2897920 -----n--- C:\WINDOWS\system32\xpsp2res.dll
2007-02-18 23:49:39 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-02-18 23:49:30 15872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-18 23:46:37 0 d-------- C:\WINDOWS\EHome
2007-02-18 23:37:53 0 d-------- C:\WINDOWS\system32\NtmsData
2007-02-18 23:32:37 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-02-18 23:32:37 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-02-18 23:32:37 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-02-18 23:32:35 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-02-18 23:32:35 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-02-18 23:32:30 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-02-18 23:32:30 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-02-18 23:32:26 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-02-18 23:27:50 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-02-18 23:27:34 2621440 --ah----- C:\Documents and Settings\***\NTUSER.DAT
2007-02-18 23:26:46 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-18 23:26:39 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-02-18 23:26:39 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-02-18 23:23:38 0 d-------- C:\WINDOWS\system32\xircom
2007-02-18 23:23:38 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-02-18 23:23:25 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-02-18 23:23:17 0 -rahs---- C:\MSDOS.SYS
2007-02-18 23:23:17 0 -rahs---- C:\IO.SYS
2007-02-18 23:23:17 0 --a------ C:\CONFIG.SYS
2007-02-18 23:23:17 50 --a------ C:\AUTOEXEC.BAT
2007-02-18 23:23:03 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-18 23:22:12 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-02-18 23:21:59 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-02-18 23:21:59 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-02-18 23:21:29 0 d-------- C:\WINDOWS\srchasst
2007-02-18 23:21:22 0 d-------- C:\WINDOWS\system32\DirectX
2007-02-18 23:21:21 0 d-------- C:\WINDOWS\system32\Macromed
2007-02-18 23:21:07 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-18 23:21:07 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-18 23:21:05 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-18 23:20:48 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-18 23:20:48 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-18 23:20:48 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-18 23:20:48 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-18 23:20:48 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-18 23:20:36 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-18 23:20:36 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-18 23:20:36 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-18 23:20:36 0 d-------- C:\WINDOWS\system32\Restore
2007-02-18 23:20:35 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-18 23:20:34 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-18 23:20:34 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-18 23:20:34 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-18 23:20:34 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-18 23:20:34 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-18 23:20:34 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-18 23:20:34 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-18 23:20:30 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-18 23:20:30 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-18 23:20:30 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-18 23:20:30 0 d-------- C:\WINDOWS\PCHEALTH
2007-02-18 23:20:28 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-18 23:20:28 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-18 23:20:24 0 d---s---- C:\WINDOWS\Tasks
2007-02-18 23:20:24 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-18 23:20:23 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-18 23:20:23 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-18 23:20:23 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-18 23:20:23 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-18 23:20:23 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-18 23:20:23 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-18 23:20:23 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-18 23:20:21 0 d-------- C:\Program Files\Common Files\MSSoap
2007-02-18 23:19:44 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-18 23:19:21 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-02-18 23:19:11 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-02-18 23:19:11 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-02-18 23:19:04 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-18 23:18:52 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-18 23:18:52 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-02-18 23:18:44 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-18 23:18:44 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-18 23:18:44 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-18 23:18:44 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-18 23:18:43 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-18 23:18:43 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-18 23:18:43 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-18 23:18:43 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-18 23:18:43 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-18 23:18:43 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-18 23:18:42 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-18 23:18:41 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-18 23:18:38 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-18 23:18:37 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-18 23:18:37 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-18 23:18:36 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-18 23:18:36 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-18 23:18:36 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-18 23:18:36 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-18 23:18:35 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-18 23:18:35 1134592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-18 23:18:35 111104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-18 23:18:35 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-18 23:18:35 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-18 23:18:35 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-18 23:18:35 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-18 23:18:35 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-18 23:18:34 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-18 23:18:34 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-18 23:18:34 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-18 23:18:34 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-18 23:18:34 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-18 23:18:34 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-18 23:18:34 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-18 23:18:34 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-18 23:18:33 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-18 23:18:33 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-18 23:18:33 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-18 23:18:33 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-18 23:18:33 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-18 23:18:33 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-18 23:18:33 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-18 23:18:33 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-18 23:18:33 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-18 23:18:33 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-18 23:18:33 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-18 23:18:33 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-18 23:18:33 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-18 23:18:32 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-18 23:18:32 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-18 23:18:32 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-18 23:18:32 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-18 23:18:32 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-18 23:18:32 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-18 23:18:32 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-18 23:18:32 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-18 23:18:32 0 d-------- C:\WINDOWS\system32\MsDtc
2007-02-18 23:18:32 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-18 23:18:32 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-18 23:18:32 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-18 23:18:32 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-18 23:18:31 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-18 23:18:31 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-18 23:18:31 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-18 23:18:31 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-18 23:18:31 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-18 23:18:30 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-18 23:18:30 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-18 23:18:30 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-18 23:18:30 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-18 23:18:29 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-18 23:18:29 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-18 23:18:29 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-18 23:18:29 0 d-------- C:\WINDOWS\system32\Com
2007-02-18 23:18:29 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-18 23:18:29 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-18 23:18:29 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-18 23:18:28 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-18 23:18:28 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-18 23:18:28 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-18 23:18:28 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-18 23:18:27 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-18 23:18:27 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-18 23:18:14 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-18 23:18:14 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-18 23:18:14 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-18 23:18:14 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-18 23:18:12 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-18 23:18:12 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-18 18:15:21 838144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-02-18 18:15:21 1677824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-02-18 18:15:20 70656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-02-18 18:15:19 98304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-02-18 18:15:00 76288 --a------ C:\WINDOWS\system32\uniime.dll
2007-02-18 18:14:34 218112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-02-18 18:14:33 6144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-02-18 18:14:13 7680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-02-18 18:14:13 9216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-02-18 18:14:13 7168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-02-18 18:14:13 6144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-02-18 18:14:13 6656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-02-18 18:14:13 7168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-02-18 18:14:13 6144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-02-18 18:14:13 6144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-02-18 18:14:13 6144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-02-18 18:14:13 7168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-02-18 18:14:12 811064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-02-18 18:13:26 6656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-02-18 18:13:25 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-02-18 18:13:25 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-02-18 18:13:25 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-02-18 18:13:25 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-02-18 18:13:25 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-02-18 18:13:25 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-02-18 18:13:24 185344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2007-02-18 18:13:24 6144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2007-02-18 18:13:24 5632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2007-02-18 18:13:24 5120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2007-02-18 18:13:24 5120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2007-02-18 18:13:24 5120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2007-02-18 18:13:24 10752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-02-18 18:13:22 5632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbda3.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbda2.dll
2007-02-18 18:13:22 5632 -ra------ C:\WINDOWS\system32\kbda1.dll
2007-02-18 18:13:19 5632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2007-02-18 18:13:15 6144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2007-02-18 18:13:15 6144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2007-02-18 18:13:15 5632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2007-02-18 18:13:15 5632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2007-02-18 18:13:15 6144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-02-18 18:11:20 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-18 18:10:55 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-18 18:10:25 20992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2007-02-18 18:10:14 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-18 18:10:12 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2007-02-18 18:10:11 14080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2007-02-18 18:10:11 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2007-02-18 18:10:03 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-18 18:09:46 8832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2007-02-18 18:08:36 0 d-------- C:\Program Files\Common Files\ODBC
2007-02-18 18:08:31 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-02-18 18:08:30 0 dr------- C:\Program Files<PROGRA~1>
2007-02-18 18:08:28 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-18 18:08:28 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-18 18:08:28 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-18 18:08:27 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-18 18:08:27 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-18 18:08:25 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-18 18:08:25 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-18 18:08:25 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-18 18:08:25 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-18 18:08:25 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-18 18:08:25 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-18 18:08:25 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-18 18:08:24 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-18 18:08:24 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-18 18:08:24 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-18 18:08:24 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-18 18:08:24 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-18 18:08:22 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-18 18:08:22 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-18 18:08:22 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-18 18:08:22 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-18 18:08:22 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-18 18:08:20 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-18 18:08:20 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-18 18:08:20 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-18 18:08:19 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-18 18:08:19 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-18 18:08:19 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-18 18:08:19 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-18 18:08:19 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-18 18:08:19 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-18 18:08:18 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-18 18:08:18 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-18 18:08:18 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-18 18:08:18 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-18 18:08:18 68768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-02-18 18:08:18 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-18 18:08:17 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-18 18:08:17 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-18 18:08:17 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-18 18:08:17 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-18 18:08:17 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-18 18:08:17 69120 --a------ C:\WINDOWS\notepad.exe
2007-02-18 18:08:06 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-02-18 18:07:53 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-02-18 18:07:53 0 d-------- C:\WINDOWS\system32\CatRoot
2007-02-18 18:07:26 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-02-18 18:01:17 0 d-------- C:\WINDOWS
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\WinSxS
2007-02-18 18:01:17 0 dr------- C:\WINDOWS\Web
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\twain_32
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\wins
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\wbem
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\usmt
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\spool
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\ShellExt
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\Setup
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\ras
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\oobe
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\npp
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\mui
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\inetsrv
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\IME
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\icsxml
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\ias
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\export
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\drivers
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-02-18 18:01:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\dhcp
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\config
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\3076
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\2052
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1054
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1042
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1041
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1037
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1033
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1031
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1028
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system32\1025
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\system
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\security
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\repair
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\mui
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\msapps
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\msagent
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Media
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\java
2007-02-18 18:01:17 0 d--h----- C:\WINDOWS\inf
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\ime
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Help
2007-02-18 18:01:17 0 dr--s---- C:\WINDOWS\Fonts
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Debug
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Cursors
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\Config
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\AppPatch
2007-02-18 18:01:17 0 d-------- C:\WINDOWS\addins
2007-02-10 10:24:54 24816 --a------ C:\WINDOWS\system32\SBBD.exe


-- Find3M Report ----------------------------------------------------------------

2007-02-19 23:37:28 0 d---s---- C:\Documents and Settings\***\Application Data\Microsoft<MICROS~1>
2007-02-19 02:45:34 0 d-------- C:\Documents and Settings\***\Application Data\Phoenix
2007-02-19 02:45:23 0 d-------- C:\Documents and Settings\***\Application Data\Mozilla
2007-02-19 02:30:32 0 d-------- C:\Documents and Settings\***\Application Data\Macromedia<MACROM~1>
2007-02-18 23:27:47 0 d-------- C:\Documents and Settings\***\Application Data\Identities<IDENTI~1>
2007-02-18 18:08:06 62 --ahs---- C:\Documents and Settings\***\Application Data\desktop.ini


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"KeePass Password Safe"="C:\\Program Files\\KeePass Password Safe\\KeePass.exe"
"tinySpell"="C:\\Program Files\\tinySpell\\tinyspell.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"BDNewsAgent"="\"c:\\program files\\softwin\\bitdefender8\\bdnagent.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
@=""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SBAPIFS
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SBCSSVC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SBHR


-- End of ComboScan: finished at 2007-02-22 at 23:47:39 -------------------------



#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 23 February 2007 - 05:49 AM

C:\WINDOWS\iun6002.exe [Spyware.DsktopSurveil].
If you're not aware of it being on your pc then delete it,more info here:
http://www.symantec.com/security_response/...-092111-1952-99

******************************

Have you any idea what these files are:

C:\WINDOWS\system32\2052
C:\WINDOWS\system32\1054
C:\WINDOWS\system32\1042
C:\WINDOWS\system32\1041
C:\WINDOWS\system32\1037
C:\WINDOWS\system32\1033
C:\WINDOWS\system32\1031
C:\WINDOWS\system32\1028
C:\WINDOWS\system32\1025

If you haven't,please do the following:

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\3076
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
C:\WINDOWS\system32\3076
Then click on 'Send'.
Post the results into your next reply.

Then scan the rest of the list above,post all the results please in your next reply.
Also post a new Hijackthis log and let me know how your pc is running now.
Posted Image
Posted Image

#10 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 25 February 2007 - 04:55 AM

Had no idea what iun6002.exe so I nuked it without trouble.

All the folders that you mentioned were empty except for 1033. In 1033, there contained a DLL called "dwintl.dll". I scaned it with Jotti.

Scan taken on 25 Feb 2007 09:45:23 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
VirusBuster Found nothing
VBA32 Found nothing


I deleted all the folders except 1033.

The computer is running much better. :thumbsup:

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 February 2007 - 07:51 AM

Thanks :thumbsup:

Reboot,post a new Hijackthis log please.
Posted Image
Posted Image

#12 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 25 February 2007 - 02:25 PM

Here's a new Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:20:41 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KeePass Password Safe\KeePass.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hjt\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KeePass Password Safe] C:\Program Files\KeePass Password Safe\KeePass.exe
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu1.html
O8 - Extra context menu item: Note this item (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.17-607859404.dll/gn_menu2.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe



#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 February 2007 - 02:38 PM

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

You should now go to Windows Update and install any available critical/high priority updates.

Read through the info found here,to help you prevent any possible future infections.
How did I get infected?
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#14 VirusHunter

VirusHunter
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 25 February 2007 - 03:20 PM

Thank you very kindly for your help. Not only were you helpful but you also prevented me from going berserk.

Thank you! :thumbsup: :flowers:

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 25 February 2007 - 03:22 PM

You're welcome VirusHunter :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users