Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Dropper.small.29e/ Downloader.small.58.k/ Collected.11.b/ Downloader.agent.keb/ Winfixer


  • This topic is locked This topic is locked
24 replies to this topic

#1 tintong

tintong

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 17 April 2007 - 09:07 PM

Hello,

My computer is infected with a couple of trojan viruses:

- dropper.small.29E
- downloader.small.58.K
- collected.11.B
- downloader.agent.KEB
- winfixer

I've done the various system scans listed on the preparation guide (i.e. housecall, ad aware, etc.) and appear successful in removing some of the trojan horses (although my only confirmation is that the programs didn't pick it up again on a subsequent scan).

I'm not quite sure what else is still infecting my computer other than winfixer, which I have difficulty removing (without purchasing a software at least).

Please find below a logfile of my computer's current state from hijackthis. If someone can advise me as to what I should manipulate, it will be greatly appreciated!

Thank you very much in advance!
Candy


-----------------Logfile starts-----------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:54:17 PM, on 04/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINPENJR\Win32\PenKeybd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
D:\Spyware Doctor\swdsvc.exe
D:\Spyware Doctor\svcntaux.exe
D:\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\rrxiiomh.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PenPower PenKeyboard.lnk = ?
O4 - Global Startup: Status Display.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175468776328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: KME Remote Server - Unknown owner - C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------Logfile ends------------------------------

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:11 AM

Posted 18 April 2007 - 04:04 AM

Hello tintong and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!

Regards,
SNOWHITE
Posted Image

#3 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 April 2007 - 07:12 PM

Thank you very much in advance, Snowhite! Look forward to hearing from you. :thumbsup:

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:11 AM

Posted 19 April 2007 - 02:54 PM

Hello tintong :thumbsup:

It seems to me you are running two antivirus programs free AVG and ZoneAlarm antivirus is enabled. Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Also this can lead to false positives and the computer may become less protected.

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

There are basically two types of these programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine.
Please disable one of the antivirus programs you have on your computer!
----------------------------------------------------------------------------------------------

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Step 1
Please re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\rrxiiomh.dll (file missing)
Fix the next two entries if your not using PartyPoker and playing poker:
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Step 2
Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Step 3
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Please post back with VundoFix report and dss scan reports main.txt and extra.txt.

Regards,
SNOWHITE
Posted Image

#5 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 07:31 PM

Hello Snowhite,

Attached below are my results:

-----------VundoFix report begins------------------

VundoFix V6.3.19

Checking Java version...

Sun Java not detected
Scan started at 8:06:39 PM 04/19/2007

Listing files found while scanning....

C:\WINDOWS\system32\bipjspul.dll
C:\WINDOWS\system32\cmnynhfb.dll
C:\WINDOWS\system32\iqtxsyix.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bipjspul.dll
C:\WINDOWS\system32\bipjspul.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cmnynhfb.dll
C:\WINDOWS\system32\cmnynhfb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iqtxsyix.dll
C:\WINDOWS\system32\iqtxsyix.dll Has been deleted!

Performing Repairs to the registry.
Done!

-----------VundoFix report ends------------------

Edited by tintong, 19 April 2007 - 07:34 PM.


#6 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 07:35 PM

------------Main.txt begins---------------

Deckard's System Scanner v20070411.38
Run by Candy Hon on 2007-04-19 at 20:23:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
41: 2007-04-20 00:23:11 UTC - RP41 - Deckard's System Scanner Restore Point
40: 2007-04-17 01:48:37 UTC - RP40 - Software Distribution Service 2.0
39: 2007-04-17 01:17:08 UTC - RP39 - Installed Ad-Aware SE Personal
38: 2007-04-15 23:28:32 UTC - RP38 - Installed Nero 7
37: 2007-04-15 23:27:20 UTC - RP37 - Installed DirectX


-- First Restore Point --
1: 2007-04-01 21:21:59 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Candy Hon.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:23:56 PM, on 04/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINPENJR\Win32\PenKeybd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Candy Hon\Desktop\dss.exe
D:\Candy Hon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: PenPower PenKeyboard.lnk = ?
O4 - Global Startup: Status Display.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175468776328
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: KME Remote Server - Unknown owner - C:\PROGRA~1\PANASO~1\REMOTE~1\kmentsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- HijackThis Fixed Entries (D:\\backups\) -------------------------------------

backup-20070419-200427-795 O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\rrxiiomh.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ppmoucls - c:\windows\system32\drivers\ppmoucls.sys
R1 pptchpad (PenPower Touchpad) - c:\windows\system32\drivers\pptchpd5.sys
R3 BrScnUsb (Brother USB Still Image driver) - c:\windows\system32\drivers\brscnusb.sys
R3 DCamVQ110 (VQ110 Digital Video Camera) - c:\windows\system32\drivers\vq110.sys
R3 VETFDDNT (VET Floppy Boot Sector Monitor) - c:\windows\system32\drivers\vetfddnt.sys

S3 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys
S3 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys
S3 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys
S3 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys
S3 VET-FILT (VET File System Filter) - c:\windows\system32\drivers\vet-filt.sys
S3 VETMONNT (VET File and Macro Monitor) - c:\windows\system32\drivers\vetmonnt.sys
S3 VET-REC (VET File System Recognizer) - c:\windows\system32\drivers\vet-rec.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CAISafe (CA ISafe) - c:\windows\system32\zonelabs\isafe.exe
R2 KME Remote Server - c:\progra~1\panaso~1\remote~1\kmentsrv.exe
R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 sdAuxService (Spyware Doctor Auxiliary Service) - d:\spyware doctor\svcntaux.exe
S3 sdCoreService (Spyware Doctor Service) - d:\spyware doctor\swdsvc.exe


-- Files created between 2007-03-19 and 2007-04-19 -----------------------------

2007-04-19 20:06:39 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-17 21:09:18 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-04-17 21:09:18 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-04-17 21:09:18 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-04-17 21:09:18 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys<IKFILE~2.SYS>
2007-04-17 21:09:18 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys<IKFILE~1.SYS>
2007-04-17 21:09:14 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\PC Tools<PCTOOL~1>
2007-04-17 20:51:48 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-17 18:02:20 0 d-------- C:\Documents and Settings\Candy Hon\.housecall6.6<HOUSEC~1.6>
2007-04-16 21:49:58 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-16 21:17:21 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\Lavasoft
2007-04-16 21:16:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-16 21:03:52 789942 ---hs---- C:\WINDOWS\system32\uttss.bak2<UTTSS~2.BAK>
2007-04-16 20:47:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-15 21:17:08 10880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-04-15 21:17:04 15360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-04-15 21:16:57 5504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-15 21:16:53 11136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-04-15 21:16:49 19328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-15 21:16:43 85376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-15 21:16:36 17024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-15 21:16:13 53760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-15 21:15:38 28672 --a------ C:\WINDOWS\VQSETUP.DLL
2007-04-15 21:15:38 65847 --a------ C:\WINDOWS\VQ110LOC.EXE
2007-04-15 21:15:38 92672 --a------ C:\WINDOWS\system32\vqs4dec.dll
2007-04-15 21:15:38 135168 --a------ C:\WINDOWS\system32\Vq110Vex.dll
2007-04-15 21:15:38 36864 --a------ C:\WINDOWS\system32\vq110if.dll
2007-04-15 21:15:38 40960 --a------ C:\WINDOWS\system32\unVQ110.exe
2007-04-15 21:15:38 42080 --a------ C:\WINDOWS\system32\drivers\VQ110CMD.sys
2007-04-15 21:15:38 129988 --a------ C:\WINDOWS\system32\drivers\VQ110.sys
2007-04-15 21:15:38 0 d-------- C:\VQ
2007-04-15 21:13:00 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-15 21:02:58 772124 ---hs---- C:\WINDOWS\system32\uttss.bak1<UTTSS~1.BAK>
2007-04-15 19:55:55 0 d-------- C:\eJay_se
2007-04-15 19:53:28 0 d-------- C:\Ejay Special - Full<EJAYSP~1>
2007-04-15 19:45:12 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-15 19:44:43 58640 --a------ C:\WINDOWS\zllsputility.exe<ZLLSPU~1.EXE>
2007-04-15 19:44:41 11264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-04-15 19:44:40 2528528 --a------ C:\WINDOWS\system32\imslsp.dll
2007-04-15 19:44:40 627992 --a------ C:\WINDOWS\system32\imsinstall.dll<IMSINS~1.DLL>
2007-04-15 19:44:35 12288 --a------ C:\WINDOWS\system32\vetntmsg.dll
2007-04-15 19:44:35 15668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2007-04-15 19:44:34 540581 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-04-15 19:44:34 21605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2007-04-15 19:44:34 108357 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-04-15 19:44:33 741449 --a------ C:\WINDOWS\system32\vete.dll
2007-04-15 19:44:33 77824 --a------ C:\WINDOWS\system32\driverif.dll
2007-04-15 19:44:26 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-15 19:44:00 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-04-15 19:32:11 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\Ahead
2007-04-15 19:28:49 0 d-------- C:\Program Files\Nero
2007-04-15 19:28:49 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-15 19:28:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-04-15 19:13:45 26694 --a------ C:\WINDOWS\system32\ddcbxwv.dll
2007-04-15 19:08:15 0 d-------- C:\WINDOWS\Corel
2007-04-15 19:05:35 0 d-------- C:\Program Files\Common Files\Corel
2007-04-15 19:03:22 0 d-------- C:\Program Files\Corel
2007-04-15 18:23:09 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\Adobe
2007-04-15 18:22:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-15 18:09:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-15 17:36:44 218112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-04-15 17:36:43 6144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-04-15 17:36:42 7680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-04-15 17:36:42 9216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-04-15 17:36:42 7168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-04-15 17:36:42 6144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-04-15 17:36:42 6656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-04-15 17:36:42 7168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-04-15 17:36:42 6144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-04-15 17:36:42 6144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-04-15 17:36:42 6144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-04-15 17:36:42 7168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-04-15 17:36:42 6656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-04-15 17:36:07 838144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-04-15 17:36:07 1677824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-04-15 17:36:06 98304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-04-15 17:36:06 70656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-04-15 17:33:54 76288 --a------ C:\WINDOWS\system32\uniime.dll
2007-04-15 17:33:45 811064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-04-15 17:31:25 8192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-15 17:31:25 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-15 17:31:25 6144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-15 17:31:25 5632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-15 17:31:25 6144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-15 17:31:25 6144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-14 13:14:56 49152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2007-04-14 13:14:55 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-14 13:14:52 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-14 13:14:50 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-14 13:14:48 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-14 13:14:46 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-14 13:14:45 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-14 13:14:43 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-14 13:14:41 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-14 13:14:40 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-14 13:14:38 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-14 13:14:36 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-14 13:14:32 147456 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-04-14 13:14:30 10528768 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2007-04-14 13:14:30 4025984 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-04-14 13:14:30 577536 -ra------ C:\WINDOWS\soundman.exe
2007-04-14 13:14:29 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-14 13:14:29 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-14 13:14:27 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-14 13:10:03 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-04-14 13:09:59 315392 -ra------ C:\WINDOWS\alcupd.exe
2007-04-14 13:09:59 217088 -ra------ C:\WINDOWS\Alcrmv.exe
2007-04-02 16:44:19 0 d--hs---- C:\RECYCLER
2007-04-01 22:02:16 131072 --a------ C:\WINDOWS\system32\PPWORDW.DLL
2007-04-01 22:02:16 53248 --a------ C:\WINDOWS\system32\PPadApi.dll
2007-04-01 22:02:16 17216 --a------ C:\WINDOWS\system32\drivers\PPTCHPD5.SYS
2007-04-01 22:02:16 20704 --a------ C:\WINDOWS\system32\drivers\PPMOUCLS.SYS
2007-04-01 22:01:59 0 d-------- C:\WINPENJR
2007-04-01 21:59:06 0 dr------- C:\Documents and Settings\Candy Hon\Application Data\Brother
2007-04-01 21:56:40 45056 --a------ C:\WINDOWS\system32\snmp_Str.dll
2007-04-01 21:56:40 72009 --a------ C:\WINDOWS\system32\PSCLM2KC.DLL
2007-04-01 21:56:40 61507 --a------ C:\WINDOWS\system32\kme_srch.dll
2007-04-01 21:56:39 49152 --a------ C:\WINDOWS\system32\kme_srvc.dll
2007-04-01 21:56:39 61440 --a------ C:\WINDOWS\system32\kme_snmp.dll
2007-04-01 21:56:39 90175 --a------ C:\WINDOWS\system32\kme_rout.dll
2007-04-01 21:56:39 200769 --a------ C:\WINDOWS\system32\k08425sn.dll
2007-04-01 21:56:39 32768 --a------ C:\WINDOWS\system32\k08425pt.dll
2007-04-01 21:56:39 53248 --a------ C:\WINDOWS\system32\k08425ms.dll
2007-04-01 21:56:39 40960 --a------ C:\WINDOWS\system32\k08425mp.dll
2007-04-01 21:56:39 32768 --a------ C:\WINDOWS\system32\k08425ln.dll
2007-04-01 21:56:39 56429 --a------ C:\WINDOWS\system32\K08425JN.DLL
2007-04-01 21:56:39 56429 --a------ C:\WINDOWS\system32\K08425AC.DLL
2007-04-01 21:56:39 102400 --a------ C:\WINDOWS\system32\k08415sn.dll
2007-04-01 21:56:39 90112 --a------ C:\WINDOWS\system32\k08000sn.dll
2007-04-01 21:56:39 77824 --a------ C:\WINDOWS\system32\k08000sm.dll
2007-04-01 21:56:39 65536 --a------ C:\WINDOWS\system32\k08000sc.dll
2007-04-01 21:56:39 94273 --a------ C:\WINDOWS\system32\K08000RM.dll
2007-04-01 21:56:39 86081 --a------ C:\WINDOWS\system32\K08000MS.dll
2007-04-01 21:56:39 126976 --a------ C:\WINDOWS\system32\K07105sn.dll
2007-04-01 21:56:39 61440 --a------ C:\WINDOWS\system32\k07105rm.dll
2007-04-01 21:56:39 135168 --a------ C:\WINDOWS\system32\K07105pt.dll
2007-04-01 21:56:39 40960 --a------ C:\WINDOWS\system32\K07105MS.dll
2007-04-01 21:56:39 147456 --a------ C:\WINDOWS\system32\K07105mp.dll
2007-04-01 21:56:39 118784 --a------ C:\WINDOWS\system32\K07105ln.dll
2007-04-01 21:56:39 0 d-------- C:\Program Files\Panasonic<PANASO~1>
2007-04-01 21:56:39 0 d-------- C:\Program Files\Common Files\Panasonic shared<PANASO~1>
2007-04-01 21:49:58 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-01 21:49:54 31616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-01 21:49:24 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat
2007-04-01 21:48:55 15263 --a------ C:\WINDOWS\system32\drivers\BrScnUsb.sys
2007-04-01 21:48:55 131072 --a------ C:\WINDOWS\system32\bsplmf01.exe
2007-04-01 21:48:55 258048 --a------ C:\WINDOWS\system32\bsplmf01.dll
2007-04-01 21:48:55 120832 --a------ C:\WINDOWS\system32\BrWia04a.dll
2007-04-01 21:48:55 37376 --a------ C:\WINDOWS\system32\BrUSi04a.dll
2007-04-01 21:48:55 57344 --a------ C:\WINDOWS\system32\brsvc01a.exe
2007-04-01 21:48:55 45056 --a------ C:\WINDOWS\system32\brss01a.exe
2007-04-01 21:48:54 65536 -----n--- C:\WINDOWS\system32\Brmfrmps.exe
2007-04-01 21:48:54 51200 -----n--- C:\WINDOWS\system32\brinsstr.dll
2007-04-01 21:48:53 176128 -----n--- C:\WINDOWS\system32\Pdrvinst.dll
2007-04-01 21:48:53 65536 -----n--- C:\WINDOWS\system32\Brwebup.exe
2007-04-01 21:48:53 81920 -----n--- C:\WINDOWS\system32\BrWebIns.dll
2007-04-01 21:48:51 0 d-------- C:\Brother
2007-04-01 21:48:49 126976 -----n--- C:\WINDOWS\system32\BrfxD04a.dll
2007-04-01 21:48:49 147456 -----n--- C:\WINDOWS\brunin03.dll
2007-04-01 21:48:49 0 --a------ C:\WINDOWS\brdfxspd.dat
2007-04-01 21:48:49 0 d-------- C:\Program Files\Brother
2007-04-01 21:48:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2007-04-01 20:26:38 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-01 20:25:44 0 d-------- C:\Program Files\Common Files\L&H
2007-04-01 20:25:24 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-04-01 20:24:53 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-04-01 20:24:37 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-01 20:23:31 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-04-01 20:22:34 0 dr-h----- C:\MSOCache
2007-04-01 20:20:29 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-01 20:20:29 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-01 20:18:05 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\ATI
2007-04-01 20:14:50 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe
2007-04-01 20:14:33 0 d-------- C:\Program Files\ATI Technologies<ATITEC~1>
2007-04-01 20:01:27 0 d-------- C:\Program Files\MSBuild
2007-04-01 19:59:02 0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-04-01 19:58:34 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-04-01 19:57:48 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-04-01 19:57:34 0 d-------- C:\8d186ee626875679677b7fd2e5f9<8D186E~1>
2007-04-01 19:57:11 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-04-01 19:56:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-01 19:53:09 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-04-01 19:51:40 0 d-------- C:\WINDOWS\system32\URTTemp
2007-04-01 19:49:45 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-04-01 19:49:45 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-04-01 19:49:44 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-04-01 19:39:00 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-01 19:38:42 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-04-01 19:22:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-04-01 19:20:13 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-01 19:17:59 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-04-01 19:17:25 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 19:17:07 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-01 19:16:53 0 d-------- C:\ATI
2007-04-01 19:09:57 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-01 19:09:55 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-01 19:09:54 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-01 19:06:34 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-01 19:06:33 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-04-01 19:06:12 0 d--hs---- C:\Documents and Settings\Candy Hon\UserData
2007-04-01 19:05:01 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-04-01 17:21:34 2359296 --ah----- C:\Documents and Settings\Candy Hon\NTUSER.DAT
2007-04-01 17:20:59 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-01 17:20:57 0 d-------- C:\WINDOWS\Prefetch
2007-04-01 17:20:55 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-01 17:20:37 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-01 17:17:09 0 d-------- C:\WINDOWS\system32\xircom
2007-04-01 17:17:09 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-01 17:16:59 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-01 17:16:51 0 -rahs---- C:\MSDOS.SYS
2007-04-01 17:16:51 0 -rahs---- C:\IO.SYS
2007-04-01 17:16:51 0 --a------ C:\CONFIG.SYS
2007-04-01 17:16:51 0 --a------ C:\AUTOEXEC.BAT
2007-04-01 17:16:31 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-01 17:15:50 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-01 17:15:40 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-01 17:15:40 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-01 17:15:30 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-01 17:15:03 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-01 17:14:31 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-01 17:14:18 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-01 17:14:16 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-01 17:14:12 0 d---s---- C:\WINDOWS\Tasks
2007-04-01 17:14:12 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-01 17:14:10 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-01 17:14:04 0 d-------- C:\WINDOWS\srchasst
2007-04-01 17:14:02 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-01 17:13:58 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-01 17:13:58 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-01 17:13:58 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-01 17:13:58 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-01 17:13:57 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-01 17:13:57 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-01 17:13:57 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-01 17:13:57 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-01 17:13:56 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-01 17:13:56 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-01 17:13:56 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-01 17:13:56 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-01 17:13:56 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-01 17:13:48 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-01 17:13:43 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-01 17:13:43 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-01 17:13:43 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-01 17:13:43 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-01 17:13:37 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-01 17:13:36 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-01 17:13:36 0 d-------- C:\WINDOWS\system32\Restore
2007-04-01 17:13:36 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-01 17:13:36 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-01 17:13:35 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-01 17:13:35 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-01 17:13:35 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-01 17:13:34 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-01 17:13:34 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-01 17:13:34 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-01 17:13:34 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-01 17:13:34 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-01 17:13:33 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-01 17:13:30 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-01 17:13:29 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-01 17:13:28 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-01 17:13:27 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-01 17:13:24 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-01 17:13:24 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-01 17:13:24 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-01 17:13:23 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-01 17:13:23 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-01 17:13:23 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-01 17:13:22 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-01 17:12:51 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-01 17:12:32 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-01 17:12:23 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-04-01 17:12:16 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-01 17:12:11 5632 --a------ C:\WINDOWS\system32\write.exe
2007-04-01 17:12:11 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-01 17:11:58 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-01 17:11:58 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-01 17:11:58 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-01 17:11:57 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-01 17:11:57 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-01 17:11:57 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-01 17:11:46 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-01 17:11:45 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-01 17:11:45 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-01 17:11:44 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-01 17:11:44 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-01 17:11:44 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-01 17:11:43 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-01 17:11:43 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-01 17:11:43 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-01 17:11:43 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-01 17:11:43 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-01 17:11:43 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-01 17:11:42 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-01 17:11:42 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-01 17:11:42 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-01 17:11:42 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-01 17:11:42 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-01 17:11:42 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-01 17:11:42 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-01 17:11:42 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-01 17:11:42 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-01 17:11:41 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-01 17:11:40 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-01 17:11:40 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-01 17:11:40 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-01 17:11:40 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-01 17:11:40 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-01 17:11:39 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-01 17:11:39 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-01 17:11:39 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-01 17:11:09 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-01 17:11:09 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-01 17:11:09 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-01 17:11:08 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-01 17:11:08 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-01 17:11:07 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-01 17:11:07 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-01 17:11:07 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-01 17:11:06 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-01 17:11:06 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-01 17:11:06 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-01 17:11:06 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-01 17:11:05 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-01 17:11:05 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-01 17:11:05 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-01 17:11:05 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-01 17:11:05 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-01 17:11:04 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-01 17:11:04 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-01 17:11:04 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-01 17:11:04 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-01 17:11:03 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-01 17:11:03 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-01 17:11:03 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-01 17:11:03 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-01 17:11:03 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-01 17:11:03 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-01 17:11:02 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-01 17:11:02 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-01 17:11:02 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-01 17:11:02 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-01 17:11:01 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-01 17:11:01 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-01 17:11:01 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-01 17:11:01 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-01 17:10:59 0 d-------- C:\WINDOWS\system32\Com
2007-04-01 17:10:59 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-01 17:10:59 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-01 17:10:59 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-01 17:10:58 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-01 17:10:58 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-01 17:10:57 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-01 17:10:57 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-01 17:10:56 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-01 17:10:46 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-01 17:10:46 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-01 17:10:46 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-01 17:10:45 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-01 17:10:42 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-01 17:10:42 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-01 13:06:44 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-01 13:05:57 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-01 13:05:15 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-01 13:03:35 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-04-01 13:03:34 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-01 13:03:29 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-01 13:03:28 0 dr------- C:\Program Files<PROGRA~1>
2007-04-01 13:03:24 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-01 13:03:24 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-01 13:03:24 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-01 13:03:21 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-01 13:03:21 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-01 13:03:17 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-01 13:03:17 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-01 13:03:17 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-01 13:03:16 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-01 13:03:16 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-01 13:03:16 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-01 13:03:16 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-01 13:03:14 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-01 13:03:14 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-01 13:03:14 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-01 13:03:14 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-01 13:03:14 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-01 13:03:10 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-01 13:03:10 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-01 13:03:10 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-01 13:03:10 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-01 13:03:10 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-01 13:03:09 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-01 13:03:09 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-01 13:03:07 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-01 13:03:06 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-01 13:03:06 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-01 13:03:06 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-01 13:03:06 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-01 13:03:05 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-01 13:03:05 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-01 13:03:05 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-01 13:03:05 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-01 13:03:05 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-01 13:03:04 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-01 13:03:03 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-01 13:03:03 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-01 13:03:03 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-01 13:03:03 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-01 13:03:03 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-01 13:03:02 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-01 13:03:02 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-01 13:03:02 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-01 13:03:01 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-01 13:03:01 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-01 13:02:52 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-04-01 13:02:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-01 13:02:35 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-01 13:01:57 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-04-01 13:01:56 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-01 12:53:04 0 d-------- C:\WINDOWS
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\WinSxS
2007-04-01 12:53:04 0 dr------- C:\WINDOWS\Web
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\twain_32
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\wins
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\wbem
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\usmt
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\spool
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\Setup
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\ras
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\oobe
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\npp
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\mui
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\IME
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\ias
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\export
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\drivers
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-01 12:53:04 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\config
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\3076
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\2052
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1054
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1042
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1041
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1037
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1033
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1031
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1028
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system32\1025
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\system
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\security
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\repair
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\PeerNet
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\pchealth
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\mui
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\msapps
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\msagent
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Media
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\java
2007-04-01 12:53:04 0 d--h----- C:\WINDOWS\inf
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\ime
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Help
2007-04-01 12:53:04 0 dr--s---- C:\WINDOWS\Fonts
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\ehome
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Debug
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Cursors
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\Config
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\AppPatch
2007-04-01 12:53:04 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-04-18 20:10:47 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\AVG7
2007-04-15 19:39:03 0 d---s---- C:\Documents and Settings\Candy Hon\Application Data\Microsoft<MICROS~1>
2007-04-01 21:41:08 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\Macromedia<MACROM~1>
2007-04-01 17:21:43 0 d-------- C:\Documents and Settings\Candy Hon\Application Data\Identities<IDENTI~1>
2007-04-01 13:02:52 62 --ahs---- C:\Documents and Settings\Candy Hon\Application Data\desktop.ini
2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 19:27:58 972336 --a------ C:\WINDOWS\UNRecode.exe
2007-03-14 19:19:56 95864 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-03-14 19:19:26 972336 --a------ C:\WINDOWS\UNNeroBackItUp.exe<UNNERO~2.EXE>
2007-03-12 18:54:30 239152 --a------ C:\WINDOWS\NuNInst.exe
2007-03-12 13:51:08 972336 --a------ C:\WINDOWS\UNNeroMediaHome.exe<UNNERO~4.EXE>
2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 11:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-02 16:57:04 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-02 16:54:35 307200 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-02 16:53:36 265728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-03-02 16:47:51 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-02 16:47:42 110592 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-03-02 16:47:35 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-02 16:47:30 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-02 16:47:19 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-02 16:46:12 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-02 16:45:32 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-03-02 16:38:53 2824512 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-03-02 16:29:23 1288960 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-03-02 16:29:08 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-03-02 16:21:15 5398528 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-02 16:17:37 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-02 16:16:23 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-02 16:11:44 348160 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-28 20:53:50 972336 --a------ C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-02-28 15:41:02 972336 --a------ C:\WINDOWS\UNNeroShowTime.exe<UNNERO~3.EXE>
2007-02-26 11:44:06 147685 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll

Edited by tintong, 19 April 2007 - 07:36 PM.


#7 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 07:37 PM

--------------continuation of Main.txt-----------------



-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04a\\BrStDvPt.exe"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"PPHIDPAD"="C:\\WINPENJR\\Win32\\pphidpad.exe"
"SoundMan"="SOUNDMAN.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SecurDisc"="C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-19 at 20:24:17 ---------


-------------Main.txt ends----------------------------

#8 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 07:39 PM

-------------extra.txt begins--------------------

Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1022.48 MiB / 583 MiB
Pagefile Memory (total/avail): 2459.8 MiB / 2069.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1977.59 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 25 GiB total, 16.57 GiB free.
D: is Fixed (NTFS) - 17.5 GiB total, 17.35 GiB free.
E: is Fixed (NTFS) - 14.75 GiB total, 5.17 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v5.5.062.000 (Zone Labs, Inc.)
AV: ZoneAlarm Security Suite Antivirus v5.5.062.000 (Zone Labs, Inc.) Disabled Outdated
AV: AVG 7.5.446 v7.5.446 (GRISOFT)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Candy Hon\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CANDY-XPPRO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Candy Hon
LOGONSERVER=\\CANDY-XPPRO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CANDYH~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CANDYH~1\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=CANDY-XPPRO
USERNAME=Candy Hon
USERPROFILE=C:\Documents and Settings\Candy Hon
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Candy Hon (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Corel Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
HijackThis 1.99.1 --> D:\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSTPCRT --> MsiExec.exe /I{10106AA7-38E7-4348-8396-9F535DF763EF}
MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 7 --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Panasonic KX-P7105 and KX-P7110 Ver2.31 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31CF0A98-8618-4829-921A-036714CF01A6}\Setup.exe" -l0x9
PartyPoker --> "E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\Uninstall.exe" "E:\Personal Files\(BH) Belden Hon\Under 19 Restricted\PartyPoker\install.log"
PenPowerJR-6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7D53B02-2C51-4CF5-9A51-F7A6D658EA5A}\setup.exe" -l0x9
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4 --> "D:\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> D:\Spyware Doctor\unins000.exe
VQ110 Digital Video Camera --> C:\WINDOWS\system32\unVQ110.exe
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- End of Deckard's System Scanner: finished at 2007-04-19 at 20:24:17 ---------


-------------extra.txt ends-----------------------

#9 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 07:42 PM

*Phew* I never knew how long the logs were. I hope I performed your instructions correctly. Thank you in advance, Snowhite!

#10 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 19 April 2007 - 08:10 PM

Quick update Snowhite - out of curiosity I did a quick scan of the computer using Spyware doctor after performing your instructions, and it's still reporting that 1 files has been infected with "Downloader.WinFixer!sd5". I'm not quite sure what this implies, but I figure I should let you know in case it affects your analysis.

Thanks again! :thumbsup:

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:11 AM

Posted 22 April 2007 - 01:29 PM

Hello tintong sorry for the delay, please follow the steps bellow :thumbsup:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Also run another scan with dss and post the contents of main.txt here.
SNOWHITE
Posted Image

#12 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 22 April 2007 - 03:34 PM

Hi snowhite!

Thank you once again for helping me with the analysis! You have no idea how appreciative I am.

My silly brother came by yesterday, and unaware that I've been working with you on resolving these issues, he did a system restore on my computer without letting me know! I only found this out while I was reading your post. (No worries, I've kicked his butt big time on your behalf because of all the awesome and hard work you've put into this.) Rest assure, I am very very very appreciative of your assistance throughout this whole thing.

Thanks a million!! *big hug*

#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:03:11 AM

Posted 23 April 2007 - 10:35 AM

Hi tintong :thumbsup:

he did a system restore on my computer


That doesn't mean that the computer is clean, it is very possible that the system restore was infected. So before we state that your computer is clean, please run the scans i asked from you and post the results here :flowers:
SNOWHITE
Posted Image

#14 tintong

tintong
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 25 April 2007 - 06:48 AM

Hi Snowhite!

Thanks for letting me know! I performed your instructions and am attaching both the AVG scan result and main.txt to this message.

Thank you in advance!

Attached Files



#15 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:04:11 AM

Posted 26 April 2007 - 02:03 PM

please could you copy paste the text of the reports to your posts rather than attach them
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users