Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Lazar Trojan


  • This topic is locked This topic is locked
5 replies to this topic

#1 reesa9

reesa9

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:03:24 AM

Posted 09 March 2007 - 05:37 AM

G'day everyone

Well I have been advised to post my hijack log here, and that is what I shall do!

First a little background...

As software recommended by Australian Netguide, I downloaded Visual IP Trace 2005. One of my best friends - Startup Mechanic told me however that this program has the Lazar Trojan. I have ran all types of software to check for errors (eg spybot, adaware, cureit, avast) which has not pointed to this product at all. I have also sent an e-mail to the company via their support page and am awaiting response.

Could someone please just check my log to see if there is anything I need to worry about?

Many thanks,

Reesa

PS...if anything in here suggests why ie7 keeps crashing...feel free to let me know too :thumbsup:


Logfile of HijackThis v1.99.1
Scan saved at 9:07:00 PM, on 3/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172820887796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172820850624
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 09 March 2007 - 10:10 AM

Welcome reesa9 :thumbsup:

Download and scan with the free 15 day trial of Counterspy V2
Follow this tutorial on the installation/setup/scanning and cleaning any infections found:
http://tinyurl.com/39a8xq
Post the report into your next reply.

**********************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).

Post the Counterspy V2 report,the Comboscan.txt from the Comboscan into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:03:24 AM

Posted 10 March 2007 - 06:17 AM

Thanks for your quick response..

The company has replied saying they are looking into this and have suggested a newer product to download instead.

I'm definately not seeing it being picked up in any other program other than Startup Mechanic

Here are my logs

COUNTERSPY...
Scan History Details
Start Date: 3/10/2007 9:20:20 PM
End Date: 3/10/2007 9:46:20 PM
Total Time: 26 Min 0 Sec
Detected security risks
No risks were found during this scan.

COMBOSCAN

ComboScan v20070306.20 run by Theresa on 2007-03-10 at 22:09:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Theresa.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:09:15 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\lxctcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Theresa\Desktop\Applications\comboscan.exe
C:\PROGRA~1\HIJACK~1\Theresa.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Program Files\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172820887796
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172820850624
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\System32\lxctcoms.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


-- Files created between 2007-02-10 and 2007-03-10 -----------------------------

2007-03-10 22:03:18 0 d-------- C:\Documents and Settings\All Users\Application Data\logs
2007-03-10 21:20:20 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-03-10 21:20:20 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-03-10 20:45:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software<SUNBEL~1>
2007-03-10 20:44:05 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-03-08 21:36:17 0 d-------- C:\Documents and Settings\NetworkService\Application Data\IE7pro
2007-03-08 21:26:49 14568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-03-08 21:26:48 14568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-03-08 21:26:47 14568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-03-08 21:26:47 14568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-03-08 21:26:46 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-03-08 21:26:45 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-03-08 21:26:36 83096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-03-08 21:26:25 0 d-------- C:\Program Files\Sygate
2007-03-08 20:12:07 0 d-------- C:\WINDOWS\BDOSCAN8
2007-03-08 19:24:01 0 d-------- C:\Documents and Settings\Theresa\Application Data\Lavasoft
2007-03-08 19:23:30 0 d-------- C:\Program Files\Lavasoft
2007-03-08 19:22:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-03-08 19:20:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-07 22:19:20 212480 --a------ C:\WINDOWS\pcdlib32.dll
2007-03-07 22:18:56 0 d-------- C:\Program Files\Serif
2007-03-07 22:18:56 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-03-07 22:18:20 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-03-07 21:40:08 0 d-------- C:\Documents and Settings\Theresa\vw
2007-03-07 21:39:30 0 d-------- C:\Program Files\Visualware Security Suite<VISUAL~2>
2007-03-07 21:38:53 0 d-------- C:\Program Files\Visual IP Trace<VISUAL~1>
2007-03-07 21:38:05 0 d-------- C:\WINDOWS\Downloaded Installations<DOWNLO~2>
2007-03-07 15:17:32 0 d-------- C:\Program Files\EasyChord<EASYCH~1>
2007-03-06 18:41:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-03-06 16:21:29 0 d-------- C:\Program Files\PokerStars<POKERS~1>
2007-03-06 12:50:16 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-03-06 12:47:34 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-03-06 12:47:34 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-03-06 12:47:33 0 d-------- C:\Program Files\Xvid
2007-03-06 12:28:46 0 d-------- C:\Documents and Settings\Theresa\Application Data\Adobe
2007-03-06 12:25:23 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-06 12:24:20 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-03-05 17:05:11 0 d-------- C:\WINDOWS\Sun
2007-03-04 18:38:32 0 d-------- C:\Documents and Settings\Administrator\DoctorWeb<DOCTOR~1>
2007-03-04 18:36:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\com.codeode<COM~1.COD>
2007-03-04 18:36:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer<APPLEC~1>
2007-03-04 18:36:35 1572864 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-03-04 18:24:53 0 d-------- C:\Documents and Settings\Theresa\Application Data\Sun
2007-03-04 18:16:37 0 d-------- C:\Program Files\Java
2007-03-04 18:09:51 0 d-------- C:\Program Files\Common Files\Java
2007-03-03 18:22:33 0 d-------- C:\Program Files\AC3File
2007-03-03 18:08:53 0 d-------- C:\Program Files\AV DVD Player Morpher<AVDVDP~1>
2007-03-03 17:55:19 0 d-------- C:\Documents and Settings\Theresa\Application Data\FastStone<FASTST~1>
2007-03-03 17:53:35 0 d-------- C:\Program Files\FastStone Image Viewer<FASTST~1>
2007-03-03 17:37:49 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-03-03 17:37:48 87040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-03-03 15:55:47 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-03-03 15:31:58 60288 --a------ C:\WINDOWS\system32\drivers\CDAVFS.sys
2007-03-03 15:31:40 0 d-------- C:\Program Files\CyberDefender<CYBERD~1>
2007-03-03 15:26:21 0 d-------- C:\Program Files\IE7pro
2007-03-03 15:26:19 0 d-------- C:\Documents and Settings\Theresa\Application Data\IE7pro
2007-03-03 10:54:36 444 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-03 10:43:35 0 d-------- C:\Documents and Settings\Theresa\DoctorWeb<DOCTOR~1>
2007-03-03 03:43:45 0 d-------- C:\WINDOWS\WBEM
2007-03-03 03:41:57 0 d--h---c- C:\WINDOWS\ie7
2007-03-03 03:40:33 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-03-03 03:39:41 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-03-03 03:33:02 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-03-03 03:29:38 0 d-------- C:\WINDOWS\system32\LogFiles
2007-03-03 03:29:38 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-03-03 03:27:00 0 d-------- C:\Program Files\MSBuild
2007-03-03 03:20:04 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-03-03 03:20:00 0 d-------- C:\WINDOWS\system32\en-us
2007-03-03 03:18:39 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-03-03 03:16:36 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-03-03 03:16:12 0 d-------- C:\bb526b4eadbe2b117158d216<BB526B~1>
2007-03-03 03:02:20 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-03-03 03:02:20 0 dr--s---- C:\WINDOWS\assembly
2007-03-03 03:02:15 0 d-------- C:\WINDOWS\system32\URTTemp
2007-03-03 02:51:52 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-03-03 02:51:52 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-03-03 02:51:51 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-03-03 01:41:08 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll<XA3066~1.DLL>
2007-03-03 01:41:07 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll<XA3C56~1.DLL>
2007-03-03 01:41:06 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-03-03 01:41:05 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll<XA3856~1.DLL>
2007-03-03 01:41:05 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll<X3DAUD~2.DLL>
2007-03-03 01:41:04 68888 --a------ C:\WINDOWS\system32\xinput1_3.dll<XINPUT~4.DLL>
2007-03-03 01:41:04 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-03-03 01:41:03 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll<XACTEN~4.DLL>
2007-03-03 01:41:02 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll<XINPUT~3.DLL>
2007-03-03 01:40:54 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-03-03 01:19:24 273 --a------ C:\Documents and Settings\Theresa\same.scr
2007-03-03 00:08:47 0 d-------- C:\WINDOWS\system32\NtmsData
2007-03-02 23:49:11 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-03-02 23:49:08 0 d--h----- C:\WINDOWS\$hf_mig$
2007-03-02 23:34:54 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-03-02 23:32:19 0 d-------- C:\WINDOWS\Prefetch
2007-03-02 18:39:11 50688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-03-02 18:39:11 19328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-03-02 18:39:10 363520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-03-02 18:39:10 17408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-03-02 18:39:10 1428480 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-03-02 18:39:10 15360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-03-02 18:39:10 11136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-03-02 18:39:10 10880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-03-02 18:39:10 85376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-03-02 18:39:10 51328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-03-02 18:39:09 15360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-03-02 18:39:09 17024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-03-02 18:39:09 11776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-03-02 18:39:08 1287168 --a------ C:\WINDOWS\system32\quartz.dll
2007-03-02 18:39:08 266240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-03-02 18:39:07 1689088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-03-02 18:39:07 1179648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-03-02 18:39:06 562176 --a------ C:\WINDOWS\system32\qedit.dll
2007-03-02 18:39:06 385024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-03-02 18:39:06 279040 --a------ C:\WINDOWS\system32\qdv.dll
2007-03-02 18:39:06 192512 --a------ C:\WINDOWS\system32\qcap.dll
2007-03-02 18:39:06 2113536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-03-02 18:39:06 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-03-02 18:39:05 211456 --a------ C:\WINDOWS\system32\qasf.dll
2007-03-02 18:39:05 204288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-03-02 18:39:05 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-02 18:39:05 223232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-03-02 18:39:05 367616 --a------ C:\WINDOWS\system32\dsound.dll
2007-03-02 18:39:05 71680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-03-02 18:39:05 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-03-02 18:39:05 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-03-02 18:39:05 5504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-03-02 18:39:05 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-03-02 18:39:05 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-03-02 18:39:05 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-03-02 18:39:05 57344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-03-02 18:39:05 212480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-03-02 18:39:05 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-03-02 18:39:05 375296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-03-02 18:39:05 23552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-03-02 18:39:05 104448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-03-02 18:39:05 181760 --a------ C:\WINDOWS\system32\dinput8.dll
2007-03-02 18:39:05 159232 --a------ C:\WINDOWS\system32\dinput.dll
2007-03-02 18:39:05 394240 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-03-02 18:39:05 59904 --a------ C:\WINDOWS\system32\devenum.dll
2007-03-02 18:39:04 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-03-02 18:39:04 1227264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-03-02 18:39:04 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-03-02 18:39:04 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-03-02 18:39:04 44032 --a------ C:\WINDOWS\system32\dimap.dll
2007-03-02 18:39:04 47616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-03-02 18:39:04 350208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-03-02 18:39:04 590336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-03-02 18:39:04 34816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-03-02 18:39:04 436224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-03-02 18:39:04 8192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-03-02 18:39:03 733696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-03-02 18:39:03 14336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-03-02 18:39:03 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-03-02 18:39:03 20480 --a------ C:\WINDOWS\system32\encapi.dll
2007-03-02 18:39:03 619008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-03-02 18:39:03 19456 --a------ C:\WINDOWS\system32\dswave.dll
2007-03-02 18:39:03 116736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-03-02 18:39:03 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-03-02 18:39:03 21504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-03-02 18:39:03 3584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-03-02 18:39:03 60928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-03-02 18:39:03 35328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-03-02 18:39:03 3584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-03-02 18:39:03 229888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-03-02 18:39:03 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-03-02 18:39:03 27136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-03-02 18:39:03 825344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-03-02 18:39:03 70656 --a------ C:\WINDOWS\system32\amstream.dll
2007-03-02 18:39:02 46592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-03-02 18:39:02 1294336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-03-02 18:39:02 181760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-03-02 18:39:02 103424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-03-02 18:39:02 105984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-03-02 18:39:02 82432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-03-02 18:39:02 35840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-03-02 18:39:02 181248 --a------ C:\WINDOWS\system32\dmime.dll
2007-03-02 18:39:02 61440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-03-02 18:39:02 28672 --a------ C:\WINDOWS\system32\dmband.dll
2007-03-02 18:37:35 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-03-02 18:37:35 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-03-02 18:37:35 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-03-02 18:37:35 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-03-02 18:37:34 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-03-02 18:37:33 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-03-02 18:34:28 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-03-02 18:31:50 0 d--hs---- C:\Documents and Settings\Theresa\UserData
2007-03-02 18:31:17 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-03-02 18:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-03-02 18:21:46 0 d-------- C:\Documents and Settings\Theresa\Application Data\5400 Series<5400SE~1>
2007-03-02 18:21:32 0 d-------- C:\Program Files\Lx_cats
2007-03-02 18:20:27 40960 --a------ C:\WINDOWS\system32\lxctpmon.dll
2007-03-02 18:20:27 32768 --a------ C:\WINDOWS\system32\LXCTFXPU.DLL
2007-03-02 18:20:07 12288 --a------ C:\WINDOWS\system32\lxctpmrc.dll
2007-03-02 18:20:07 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-03-02 18:20:07 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-03-02 18:20:04 0 d-------- C:\Documents and Settings\All Users\Application Data\5400 Series<5400SE~1>
2007-03-02 18:18:45 0 d-------- C:\Program Files\Lexmark Toolbar<LEXMAR~2>
2007-03-02 18:18:43 0 d-------- C:\Program Files\Lexmark 5400 Series<LEXMAR~1>
2007-03-02 18:17:47 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint<ABBYYF~1.0SP>
2007-03-02 18:17:23 274432 --a------ C:\WINDOWS\system32\LXCTinst.dll
2007-03-02 18:15:54 335872 -ra------ C:\WINDOWS\system32\lxctcoin.dll
2007-03-02 18:15:53 77824 --a------ C:\WINDOWS\system32\lxctcfg.dll
2007-03-02 18:09:48 0 d-------- C:\Documents and Settings\Theresa\Application Data\com.codeode<COM~1.COD>
2007-03-02 18:09:48 0 d-------- C:\Documents and Settings\Theresa\Application Data\Apple Computer<APPLEC~1>
2007-03-02 18:09:45 2621440 --ah----- C:\Documents and Settings\Theresa\NTUSER.DAT
2007-03-02 18:08:23 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-03-02 18:06:34 0 d-------- C:\Documents and Settings\Default User\Application Data\com.codeode<COM~1.COD>
2007-03-02 18:06:34 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer<APPLEC~1>
2007-03-02 17:58:30 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-03-02 17:58:29 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-03-02 17:58:11 0 d-------- C:\Program Files\BitLord
2007-03-02 17:56:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer<APPLEC~1>
2007-03-02 17:56:32 0 d-------- C:\Program Files\iPod
2007-03-02 17:56:11 0 d-------- C:\Program Files\iTunes
2007-03-02 17:55:31 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-02 17:55:09 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-02 17:55:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-03-02 17:51:07 0 d-------- C:\Program Files\Ad Muncher<ADMUNC~1>
2007-03-02 17:42:02 0 d-------- C:\Program Files\IncrediMail<INCRED~1>
2007-03-02 17:24:12 0 d-------- C:\Documents and Settings\Owner\Application Data\com.codeode<COM~1.COD>
2007-03-02 17:24:08 0 d-------- C:\Program Files\Cactus Spam Filter 2.13<CACTUS~1.13>
2007-03-02 17:22:12 28005 -ra------ C:\WINDOWS\system32\drivers\enethusb.sys
2007-03-02 17:01:48 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-02 17:01:47 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-02 17:01:47 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-02 17:01:46 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-02 17:01:46 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-02 17:01:40 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-03-02 17:01:40 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-03-02 17:01:40 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-03-02 17:01:40 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-02 17:01:40 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-02 17:01:35 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-03-02 17:01:05 0 d-------- C:\Program Files\Startup Mechanic<STARTU~1>
2007-03-02 16:50:31 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-03-02 16:50:16 1310720 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-03-02 16:49:58 786432 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-03-02 16:49:57 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-03-02 16:42:15 0 d-------- C:\WINDOWS\system32\xircom
2007-03-02 16:42:15 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-03-02 16:42:08 1310720 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-03-02 16:41:39 0 -rahs---- C:\MSDOS.SYS
2007-03-02 16:41:39 0 -rahs---- C:\IO.SYS
2007-03-02 16:41:39 0 --a------ C:\CONFIG.SYS
2007-03-02 16:41:39 0 --a------ C:\AUTOEXEC.BAT
2007-03-02 16:41:22 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-02 16:40:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-03-02 16:39:52 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-03-02 16:39:52 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-03-02 16:39:17 0 d-------- C:\WINDOWS\srchasst
2007-03-02 16:39:12 0 d-------- C:\WINDOWS\system32\Macromed
2007-03-02 16:39:12 0 d-------- C:\WINDOWS\system32\DirectX
2007-03-02 16:39:06 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-03-02 16:39:06 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-03-02 16:38:55 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-03-02 16:38:55 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-03-02 16:38:55 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-03-02 16:38:55 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-03-02 16:38:55 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-02 16:38:50 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-03-02 16:38:50 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-03-02 16:38:50 0 d-------- C:\WINDOWS\system32\Restore
2007-03-02 16:38:50 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-02 16:38:49 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-03-02 16:38:49 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-02 16:38:49 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-02 16:38:49 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-03-02 16:38:49 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-03-02 16:38:49 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-03-02 16:38:49 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-02 16:38:48 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-03-02 16:38:48 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-03-02 16:38:48 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-02 16:38:48 0 d-------- C:\WINDOWS\PCHEALTH
2007-03-02 16:38:47 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-03-02 16:38:47 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-02 16:38:44 0 d---s---- C:\WINDOWS\Tasks
2007-03-02 16:38:44 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-03-02 16:38:44 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-03-02 16:38:44 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-03-02 16:38:44 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-02 16:38:44 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-03-02 16:38:44 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-03-02 16:38:44 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-02 16:38:43 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-03-02 16:38:42 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-02 16:38:33 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-03-02 16:38:13 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-03-02 16:37:28 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-03-02 16:37:14 5632 --a------ C:\WINDOWS\system32\write.exe
2007-03-02 16:37:14 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-03-02 16:37:08 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-03-02 16:37:08 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-03-02 16:37:08 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-03-02 16:37:08 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-03-02 16:37:08 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-03-02 16:37:08 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-03-02 16:37:08 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-03-02 16:37:08 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-03-02 16:37:08 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-03-02 16:37:08 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-03-02 16:37:07 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-03-02 16:37:07 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-03-02 16:37:03 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-03-02 16:37:03 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-03-02 16:37:02 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-03-02 16:37:02 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-03-02 16:37:02 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-03-02 16:37:02 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-03-02 16:37:01 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-03-02 16:37:01 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-03-02 16:37:01 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-03-02 16:37:01 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-03-02 16:37:01 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-03-02 16:37:01 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-03-02 16:37:01 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-03-02 16:37:01 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-02 16:37:01 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-02 16:37:01 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-02 16:37:00 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-03-02 16:37:00 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-03-02 16:37:00 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-03-02 16:37:00 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-03-02 16:37:00 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-03-02 16:37:00 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-03-02 16:37:00 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-03-02 16:37:00 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-03-02 16:37:00 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-03-02 16:37:00 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-03-02 16:37:00 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-03-02 16:37:00 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-03-02 16:37:00 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-03-02 16:37:00 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-03-02 16:37:00 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-03-02 16:37:00 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-03-02 16:36:59 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-03-02 16:36:59 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-03-02 16:36:59 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-03-02 16:36:59 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-03-02 16:36:59 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-03-02 16:36:59 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-03-02 16:36:59 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-03-02 16:36:59 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-03-02 16:36:59 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-03-02 16:36:59 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-03-02 16:36:59 0 d-------- C:\WINDOWS\system32\MsDtc
2007-03-02 16:36:59 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-03-02 16:36:59 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-03-02 16:36:59 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-03-02 16:36:59 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-03-02 16:36:58 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-03-02 16:36:58 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-03-02 16:36:58 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-03-02 16:36:58 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-03-02 16:36:58 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-03-02 16:36:58 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-03-02 16:36:58 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-03-02 16:36:58 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-03-02 16:36:58 0 d-------- C:\WINDOWS\system32\Com
2007-03-02 16:36:57 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-03-02 16:36:57 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-03-02 16:36:57 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-03-02 16:36:57 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-03-02 16:36:50 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-03-02 16:36:50 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-03-02 16:36:50 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-03-02 16:36:50 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-03-02 16:36:50 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-02 16:36:50 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-03-02 12:19:08 0 d-------- C:\Program Files\messenger<MESSEN~1>
2007-03-02 12:18:21 0 d-------- C:\WINDOWS\peernet
2007-03-02 12:18:19 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-03-02 12:14:15 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-03-02 12:06:55 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-03-02 12:06:31 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-02 12:01:56 0 d-------- C:\WINDOWS\EHome
2007-03-02 11:31:53 11776 -----n--- C:\WINDOWS\system32\spnpinst.exe
2007-03-02 11:31:52 4569 -----n--- C:\WINDOWS\system32\secupd.dat
2007-03-02 11:01:32 154 --a------ C:\same.scr
2007-03-02 08:34:53 33599 --a------ C:\WINDOWS\system32\drivers\watv04nt.sys
2007-03-02 08:34:51 23615 --a------ C:\WINDOWS\system32\drivers\wch7xxnt.sys
2007-03-02 08:34:50 12063 --a------ C:\WINDOWS\system32\drivers\wsiintxx.sys
2007-03-02 08:34:48 19455 --a------ C:\WINDOWS\system32\drivers\wvchntxx.sys
2007-03-02 08:34:44 19551 --a------ C:\WINDOWS\system32\drivers\watv02nt.sys
2007-03-02 08:34:43 29311 --a------ C:\WINDOWS\system32\drivers\watv01nt.sys
2007-03-02 08:34:41 11775 --a------ C:\WINDOWS\system32\drivers\wadv05nt.sys
2007-03-02 08:34:39 12127 --a------ C:\WINDOWS\system32\drivers\wadv02nt.sys
2007-03-02 08:34:37 12415 --a------ C:\WINDOWS\system32\drivers\wadv01nt.sys
2007-03-02 08:34:34 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-02 08:34:32 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-02 08:34:31 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-02 08:34:26 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-02 08:34:24 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-03-02 08:34:22 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-02 08:34:21 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-02 08:34:17 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-02 08:34:12 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-02 08:30:33 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-02 08:28:22 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-02 08:27:56 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-02 08:27:28 9759 --a------ C:\WINDOWS\system32\HSF_INST.dll
2007-03-02 08:27:28 488383 --a------ C:\WINDOWS\system32\drivers\HSF_V124.sys
2007-03-02 08:27:28 50751 --a------ C:\WINDOWS\system32\drivers\HSF_TONE.sys
2007-03-02 08:27:28 73279 --a------ C:\WINDOWS\system32\drivers\HSF_SPKP.sys
2007-03-02 08:27:28 44863 --a------ C:\WINDOWS\system32\drivers\HSF_SOAR.sys
2007-03-02 08:27:28 57471 --a------ C:\WINDOWS\system32\drivers\HSF_SAMP.sys
2007-03-02 08:27:28 542879 --a------ C:\WINDOWS\system32\drivers\HSF_MSFT.sys
2007-03-02 08:27:28 391199 --a------ C:\WINDOWS\system32\drivers\HSF_K56K.sys
2007-03-02 08:27:28 115807 --a------ C:\WINDOWS\system32\drivers\HSF_FSKS.sys
2007-03-02 08:27:28 199711 --a------ C:\WINDOWS\system32\drivers\HSF_FAXX.sys
2007-03-02 08:27:28 289887 --a------ C:\WINDOWS\system32\drivers\HSF_FALL.sys
2007-03-02 08:27:28 67167 --a------ C:\WINDOWS\system32\drivers\HSF_BSC2.sys
2007-03-02 08:27:28 150239 --a------ C:\WINDOWS\system32\drivers\HSF_AMOS.sys
2007-03-02 08:27:11 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-03-02 08:27:10 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-02 08:27:10 96256 --a------ C:\WINDOWS\system32\drivers\ac97intc.sys
2007-03-02 08:26:57 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-02 08:26:51 161020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
2007-03-02 08:26:50 702845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
2007-03-02 08:25:26 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-02 08:25:22 0 dr------- C:\Program Files<PROGRA~1>
2007-03-02 08:25:22 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-03-02 08:25:16 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-02 08:25:16 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-02 08:25:16 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-02 08:25:16 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-02 08:25:16 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-02 08:25:16 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-02 08:25:16 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-02 08:25:16 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-02 08:25:15 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-02 08:25:15 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-02 08:25:15 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-02 08:25:15 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-02 08:25:15 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-02 08:25:15 68768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-03-02 08:25:15 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-02 08:25:15 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-02 08:25:14 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-02 08:25:14 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-02 08:25:14 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-02 08:25:14 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-02 08:25:14 69120 --a------ C:\WINDOWS\notepad.exe
2007-03-02 08:25:03 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-03-02 08:24:48 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-03-02 08:24:48 0 d-------- C:\WINDOWS\system32\CatRoot
2007-03-02 08:24:29 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-03-02 08:20:50 0 d-------- C:\WINDOWS
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\WinSxS
2007-03-02 08:20:50 0 dr------- C:\WINDOWS\Web
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\twain_32
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\wins
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\wbem
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\usmt
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\spool
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\ShellExt
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\Setup
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\ras
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\oobe
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\npp
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\mui
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\inetsrv
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\IME
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\icsxml
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\ias
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\export
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\drivers
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-02 08:20:50 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\dhcp
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\config
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\3076
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\2052
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1054
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1042
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1041
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1037
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1033
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1031
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1028
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system32\1025
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\system
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\security
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\repair
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\mui
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\msapps
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\msagent
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Media
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\java
2007-03-02 08:20:50 0 d--h----- C:\WINDOWS\inf
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\ime
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Help
2007-03-02 08:20:50 0 dr--s---- C:\WINDOWS\Fonts
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Debug
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Cursors
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\Config
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\AppPatch
2007-03-02 08:20:50 0 d-------- C:\WINDOWS\addins
2007-03-02 03:14:01 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-03-02 03:14:01 66560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-03-02 03:14:01 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-03-02 03:14:00 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-03-02 03:14:00 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-03-02 03:13:59 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-03-02 03:13:59 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-03-02 03:13:58 397824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-03-02 03:13:58 1285120 --a------ C:\WINDOWS\system32\ole32.dll
2007-03-02 03:13:57 101376 --a------ C:\WINDOWS\system32\txflog.dll
2007-03-02 03:13:57 243200 --a------ C:\WINDOWS\system32\es.dll
2007-03-02 03:13:57 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-03-02 03:13:56 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-03-02 03:13:56 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-03-02 03:13:56 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-03-02 03:13:55 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-03-02 03:13:12 39936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-02 03:13:10 614912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-03-02 03:13:09 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-03-02 03:13:09 77312 --a------ C:\WINDOWS\system32\browser.dll
2007-03-02 03:03:29 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-03-02 03:00:45 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-03-02 03:00:45 0 d--h---c- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1>
2007-03-02 00:19:26 0 d-------- C:\Documents and Settings\Theresa\Contacts
2007-03-02 00:18:31 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-03-02 00:18:11 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-03-02 00:07:16 0 d-------- C:\WINDOWS\system32\bits
2007-03-02 00:05:36 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-03-02 00:05:36 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-03-02 00:05:36 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-03-02 00:05:36 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-03-02 00:05:35 351232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-03-01 23:40:45 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-02-10 10:24:54 24816 --a------ C:\WINDOWS\system32\SBBD.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-09 20:21:51 0 d---s---- C:\Documents and Settings\Theresa\Application Data\Microsoft<MICROS~1>
2007-03-02 17:43:36 0 d-------- C:\Documents and Settings\Theresa\Application Data\Macromedia<MACROM~1>
2007-03-02 16:50:28 0 d-------- C:\Documents and Settings\Theresa\Application Data\Identities<IDENTI~1>
2007-03-02 08:25:03 62 --ahs---- C:\Documents and Settings\Theresa\Application Data\desktop.ini
2007-01-29 19:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertu

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 10 March 2007 - 06:45 AM

I'm definately not seeing it being picked up in any other program other than Startup Mechanic

You're going to have to put this down as a false positive reesa9,because you're clean.

******************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Exit Hijackthis.

******************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

Read through the information found here,to help you prevent any possible future infections.
Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Posted Image
Posted Image

#5 reesa9

reesa9
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Batchelor, NT, Australia
  • Local time:03:24 AM

Posted 10 March 2007 - 06:52 AM

Thank you so much for your extremely quick replies! I will follow your last steps now.

You're a fair dinkum champ, and I'll be sure to donate soon. I have put my full faith in this site!

Many thanks again
Theresa

:thumbsup:

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 10 March 2007 - 07:38 AM

You're most welcome Theresa,glad to help out :thumbsup:

Since your problem appears to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users