Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
2 replies to this topic

#1 Knowell

Knowell

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 April 2007 - 09:15 PM

Hi, i have ran spybot S&D, avg anti-virus, and housecall virus scans, and still i have been getting lots of pop ups. I would appreciate any help analying my hijackthis log..thanks in advance


Logfile of HijackThis v1.99.1
Scan saved at 7:12:24 PM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\fw1082panel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netmail.verizon.net/webmail/servlet...mlet&site=C
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [StartFw1082Panel] fw1082panel.exe H
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175735722858
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1175735715061
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:26 PM

Posted 28 April 2007 - 03:20 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Knowell :thumbsup:

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


**********************************

Now go to:
D:\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 Knowell

Knowell
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 30 April 2007 - 06:22 PM

thanks for the help..

here is the combofix log

"knowell" - 07-04-30 16:07:43 Service Pack 2
ComboFix 07-04-28.V - Running from: "C:\Documents and Settings\knowell\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\hjmdnbso.dll
C:\WINDOWS\system32\iencxfcu.dll
C:\WINDOWS\system32\rrseugsq.dll
C:\WINDOWS\system32\edeeg.bak1
C:\WINDOWS\system32\edeeg.bak2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\edeeg.tmp
C:\WINDOWS\system32\ucfxcnei.ini
C:\WINDOWS\system32\qsguesrr.ini
C:\WINDOWS\system32\geede.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 16:11 49,204 --a------ C:\WINDOWS\system32\kxfpsciu.dll
2007-04-30 16:04 1,059,558 --a------ C:\ComboFix.exe
2007-04-27 19:19 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-27 19:19 <DIR> d-------- C:\Program Files\GetData
2007-04-27 18:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-27 16:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-27 05:45 <DIR> d-------- C:\Program Files\Windows Defender
2007-04-27 05:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-27 05:01 <DIR> d-------- C:\DOCUME~1\knowell\.housecall6.6
2007-04-27 01:57 26,678 --a------ C:\WINDOWS\system32\awttuuu.dll
2007-04-27 01:57 <DIR> dr-h----- C:\DOCUME~1\knowell\APPLIC~1\yahoo!
2007-04-27 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo!
2007-04-27 01:32 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-27 01:12 <DIR> d-------- C:\sysreset
2007-04-26 03:09 <DIR> d-------- C:\Screen Recordings
2007-04-26 03:09 <DIR> d-------- C:\Program Files\ZD Soft
2007-04-26 02:58 2,048 --a------ C:\WINDOWS\system32\Tr_sttool.dat
2007-04-26 02:58 <DIR> d-------- C:\Program Files\Bulent's Screen Recorder
2007-04-17 14:33 <DIR> d-------- C:\Program Files\Real
2007-04-17 14:33 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-04-17 14:33 <DIR> d-------- C:\Program Files\Common Files\Real
2007-04-17 14:33 <DIR> d-------- C:\Program Files\aod
2007-04-17 14:33 <DIR> d-------- C:\My Music
2007-04-17 14:33 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Real
2007-04-16 19:27 <DIR> d-------- C:\Program Files\iTunes
2007-04-16 19:27 <DIR> d-------- C:\Program Files\iPod
2007-04-13 18:32 <DIR> d-------- C:\Program Files\AP Tuner
2007-04-13 05:12 <DIR> d-------- C:\Program Files\Zip Repair Tool
2007-04-12 00:07 <DIR> d-------- C:\Program Files\PSPHost
2007-04-11 19:53 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Intuit
2007-04-11 19:52 <DIR> d-------- C:\Program Files\ItsDeductible2006
2007-04-11 19:51 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-11 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intuit
2007-04-11 19:50 1,716,297 --------- C:\WINDOWS\system32\InetClnt.dll
2007-04-11 19:50 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-11 19:50 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-04-11 19:49 <DIR> d-------- C:\Program Files\TurboTax
2007-04-11 19:49 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\InstallShield
2007-04-11 18:54 <DIR> d-------- C:\Program Files\PSPLink
2007-04-11 02:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-11 02:46 <DIR> d--h----- C:\DOCUME~1\knowell\APPLIC~1\GTek
2007-04-11 02:46 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Gtek
2007-04-11 02:45 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys
2007-04-11 02:45 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys
2007-04-11 02:45 28,672 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
2007-04-11 02:45 135,168 --a------ C:\WINDOWS\system32\GoProto.dll
2007-04-11 02:45 1,922,048 --a------ C:\WINDOWS\system32\gdql_lsa.dll
2007-04-11 02:45 <DIR> d-ah----- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GTek
2007-04-11 02:45 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
2007-04-10 17:15 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\vlc
2007-04-10 17:13 <DIR> d-------- C:\Program Files\VideoLAN
2007-04-10 15:37 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Sony
2007-04-10 15:36 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-04-10 15:36 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-04-10 15:36 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-04-10 15:36 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-04-10 15:36 <DIR> d-------- C:\Program Files\Sony Setup
2007-04-10 15:36 <DIR> d-------- C:\Program Files\Sony
2007-04-10 01:09 51,552 --a------ C:\WINDOWS\system32\drivers\ntgrip.sys
2007-04-10 01:09 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-10 01:09 <DIR> d-------- C:\Program Files\Gravis
2007-04-10 01:08 <DIR> d-------- C:\Gravis
2007-04-10 01:01 <DIR> d-------- C:\Program Files\Project64 1.6
2007-04-09 18:58 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Apple Computer
2007-04-09 18:57 <DIR> d-------- C:\Program Files\QuickTime
2007-04-09 18:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-04-09 18:15 <DIR> d-------- C:\Program Files\Xi
2007-04-09 06:45 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Media Player Classic
2007-04-09 06:44 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-09 06:44 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-04-09 06:44 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-04-09 06:44 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-04-09 06:44 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-04-09 06:44 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-04-09 06:44 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-04-09 06:44 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-09 06:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-04-09 06:44 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-04-09 06:44 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-04-09 06:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-04-09 05:43 <DIR> d-------- C:\Program Files\Accessdiver
2007-04-09 02:55 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Viewpoint
2007-04-09 02:51 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Aim
2007-04-09 02:50 <DIR> d-------- C:\Program Files\Viewpoint
2007-04-09 02:50 <DIR> d-------- C:\Program Files\AIM
2007-04-09 02:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-04-09 02:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-08 23:07 <DIR> d-------- C:\Program Files\FabFilter
2007-04-08 23:07 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\FabFilter
2007-04-08 23:04 <DIR> d-------- C:\Program Files\PSP VintageWarmer
2007-04-08 23:01 <DIR> d-------- C:\Program Files\Digidesign
2007-04-08 23:00 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2007-04-08 23:00 <DIR> d-------- C:\Program Files\Arturia
2007-04-08 22:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-08 22:55 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-06 00:42 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-05 03:41 61,440 --a------ C:\WINDOWS\system32\Crypserv.exe
2007-04-05 03:41 5,632 --a------ C:\WINDOWS\system32\gmidi.dll
2007-04-05 03:41 45,056 --a------ C:\WINDOWS\system32\msg32.exe
2007-04-05 03:41 37,600 --a------ C:\WINDOWS\system32\drivers\Gp2mpm.sys
2007-04-05 03:41 28,518 --a------ C:\WINDOWS\system32\Ckldrv.sys
2007-04-05 03:41 27,648 -ra------ C:\WINDOWS\Setup_ck.exe
2007-04-05 03:41 26,992 --a------ C:\WINDOWS\system32\drivers\FileSpy.sys
2007-04-05 03:41 241,664 --a------ C:\WINDOWS\system32\ewctl32.dll
2007-04-05 03:41 225,280 --a------ C:\WINDOWS\system32\drivers\Nmippexp.sys
2007-04-05 03:41 19,808 --a------ C:\WINDOWS\system32\drivers\NSTATION.sys
2007-04-05 03:41 18,432 --a------ C:\WINDOWS\Setup_ck.dll
2007-04-05 03:41 165,888 --a------ C:\WINDOWS\Ckconfig.exe
2007-04-05 03:41 135,168 --a------ C:\WINDOWS\system32\Wstrm32.dll
2007-04-05 03:41 11,776 --a------ C:\WINDOWS\Ckrfresh.exe
2007-04-05 03:41 1,693,344 --a------ C:\WINDOWS\system32\drivers\ew.sys
2007-04-05 03:40 <DIR> d-------- C:\Program Files\Tascam
2007-04-05 03:27 <DIR> d-------- C:\DOCUME~1\knowell\Incomplete
2007-04-05 03:24 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\LimeWire
2007-04-05 03:23 <DIR> d-------- C:\Program Files\LimeWire
2007-04-05 03:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-05 03:16 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-05 03:16 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-05 03:04 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Applied Acoustics Systems
2007-04-05 02:57 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2007-04-05 02:57 225,280 --------- C:\WINDOWS\system32\ReWire.dll
2007-04-05 02:57 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Propellerhead Software
2007-04-05 02:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
2007-04-05 02:56 <DIR> d-------- C:\Program Files\Propellerhead
2007-04-05 02:54 <DIR> d-------- C:\Program Files\Bornemark
2007-04-05 02:53 198,656 --a------ C:\WINDOWS\LOOP.exe
2007-04-05 02:53 <DIR> d-------- C:\Program Files\Lounge Lizard
2007-04-05 02:46 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Steinberg
2007-04-05 02:43 <DIR> d-------- C:\Program Files\Steinberg
2007-04-05 02:43 <DIR> d-------- C:\Program Files\Pinnacle
2007-04-05 02:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-04-05 02:35 <DIR> d-------- C:\Program Files\FW1082_Install
2007-04-05 02:28 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-04-05 02:28 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Leadertech
2007-04-05 02:03 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-05 02:00 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-04-05 01:58 <DIR> d-------- C:\Program Files\MSBuild
2007-04-05 01:58 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-05 01:54 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-05 01:53 <DIR> dr-h----- C:\MSOCache
2007-04-05 01:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-05 01:48 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-04-04 22:42 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-04 22:42 41,088 --a------ C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-04 22:42 32,768 --a------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-04-04 22:42 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-04 22:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-04 22:41 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-04 22:41 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-04 22:40 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-04 22:40 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-04 22:40 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-04 22:40 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-04 22:40 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-04 22:40 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-04 22:40 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-04 22:40 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-04 22:40 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-04 22:40 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-04 22:40 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-04 22:40 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-04 22:40 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-04 22:40 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-04 22:40 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-04 22:40 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-04 22:40 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-04 22:40 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-04 22:40 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-04 22:40 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-04 22:40 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-04 22:40 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-04 22:40 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-04 22:40 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-04 22:40 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-04 22:40 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-04 22:40 <DIR> dr------- C:\Program Files
2007-04-04 22:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-04 22:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-04 22:40 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-04 22:40 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-04 22:40 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-04 22:40 <DIR> d-------- C:\Documents and Settings
2007-04-04 22:28 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-04 22:28 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-04 22:28 <DIR> dr------- C:\WINDOWS\Web
2007-04-04 22:28 <DIR> d--h----- C:\WINDOWS\inf
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system32
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\system
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\security
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Resources
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\repair
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\mui
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\msapps
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\msagent
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Media
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\ime
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Help
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Debug
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\Config
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS\addins
2007-04-04 22:28 <DIR> d-------- C:\WINDOWS
2007-04-04 22:12 <DIR> d-------- C:\Program Files\Serato
2007-04-04 22:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-04 20:52 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Help
2007-04-04 20:51 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-04 20:51 348,160 --------- C:\WINDOWS\system32\msvcr71.dll
2007-04-04 20:11 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-04 20:11 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-04 20:11 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-04 20:11 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-04 20:11 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-04 20:11 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-04 20:11 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-04 20:11 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-04 20:11 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-04 20:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-04 20:11 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-04 20:11 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-04 20:11 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-04 20:11 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-04 19:59 98,304 -ra------ C:\WINDOWS\system32\nvwrspt.dll
2007-04-04 19:59 98,304 -ra------ C:\WINDOWS\system32\nvwrsit.dll
2007-04-04 19:59 98,304 -ra------ C:\WINDOWS\system32\nvwrses.dll
2007-04-04 19:59 98,304 -ra------ C:\WINDOWS\system32\nvrsja.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrstr.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrssk.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsru.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsptb.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrspl.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsnl.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrshu.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsfr.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsfi.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvwrsde.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvrsko.dll
2007-04-04 19:59 94,208 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2007-04-04 19:59 90,112 -ra------ C:\WINDOWS\system32\nvwrssv.dll
2007-04-04 19:59 90,112 -ra------ C:\WINDOWS\system32\nvwrsno.dll
2007-04-04 19:59 90,112 -ra------ C:\WINDOWS\system32\nvwrsda.dll
2007-04-04 19:59 86,016 -ra------ C:\WINDOWS\system32\nvwrssl.dll
2007-04-04 19:59 86,016 -ra------ C:\WINDOWS\system32\nvwrseng.dll
2007-04-04 19:59 86,016 -ra------ C:\WINDOWS\system32\nvwrscs.dll
2007-04-04 19:59 81,920 -ra------ C:\WINDOWS\system32\nvwrsar.dll
2007-04-04 19:59 81,920 -ra------ C:\WINDOWS\system32\nvrszht.dll
2007-04-04 19:59 81,920 -ra------ C:\WINDOWS\system32\nvrszhc.dll
2007-04-04 19:59 77,824 -ra------ C:\WINDOWS\system32\nvwrshe.dll
2007-04-04 19:59 69,632 -ra------ C:\WINDOWS\system32\nvclock.dll
2007-04-04 19:59 622,592 -ra------ C:\WINDOWS\system32\nvqtwk.dll
2007-04-04 19:59 61,440 -ra------ C:\WINDOWS\system32\nvwrsko.dll
2007-04-04 19:59 61,440 -ra------ C:\WINDOWS\system32\nvwrsja.dll
2007-04-04 19:59 61,440 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2007-04-04 19:59 544,837 -ra------ C:\WINDOWS\system32\nview.dll
2007-04-04 19:59 49,152 -ra------ C:\WINDOWS\system32\nvwrszht.dll
2007-04-04 19:59 49,152 -ra------ C:\WINDOWS\system32\nvwrszhc.dll
2007-04-04 19:59 45,056 -ra------ C:\WINDOWS\system32\memtest.dll
2007-04-04 19:59 372,736 -ra------ C:\WINDOWS\system32\nwiz.exe
2007-04-04 19:59 37,880 -ra------ C:\WINDOWS\system32\drivers\vgauti.sys
2007-04-04 19:59 37,880 -ra------ C:\WINDOWS\system32\drivers\msicpl.sys
2007-04-04 19:59 348,231 -ra------ C:\WINDOWS\system32\nvshell.dll
2007-04-04 19:59 278,528 -ra------ C:\WINDOWS\system32\dmcpl.exe
2007-04-04 19:59 266,240 -ra------ C:\WINDOWS\system32\nvrshe.dll
2007-04-04 19:59 24,576 -ra------ C:\WINDOWS\system32\msiuins.exe
2007-04-04 19:59 237,568 -ra------ C:\WINDOWS\system32\msicpl.dll
2007-04-04 19:59 2,916,352 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2007-04-04 19:59 2,043,904 -ra------ C:\WINDOWS\system32\nvcpl.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\nvrsel.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\msipol.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\msijpn.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\msiger.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\msifre.dll
2007-04-04 19:59 139,264 -ra------ C:\WINDOWS\system32\msicht.dll
2007-04-04 19:59 135,168 -ra------ C:\WINDOWS\system32\nvrspt.dll
2007-04-04 19:59 135,168 -ra------ C:\WINDOWS\system32\nvrsit.dll
2007-04-04 19:59 135,168 -ra------ C:\WINDOWS\system32\nvrses.dll
2007-04-04 19:59 135,168 -ra------ C:\WINDOWS\system32\msisim.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrstr.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrssk.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrsru.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrsptb.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrsnl.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrshu.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrsfr.dll
2007-04-04 19:59 131,072 -ra------ C:\WINDOWS\system32\nvrsde.dll
2007-04-04 19:59 126,976 -ra------ C:\WINDOWS\system32\nvrssv.dll
2007-04-04 19:59 126,976 -ra------ C:\WINDOWS\system32\nvrspl.dll
2007-04-04 19:59 126,976 -ra------ C:\WINDOWS\system32\nvrsfi.dll
2007-04-04 19:59 126,976 -ra------ C:\WINDOWS\system32\nvrsda.dll
2007-04-04 19:59 126,976 -ra------ C:\WINDOWS\system32\nvrscs.dll
2007-04-04 19:59 122,880 -ra------ C:\WINDOWS\system32\nvrsno.dll
2007-04-04 19:59 122,880 -ra------ C:\WINDOWS\system32\nvrseng.dll
2007-04-04 19:59 118,784 -ra------ C:\WINDOWS\system32\nvrsar.dll
2007-04-04 19:59 102,400 -ra------ C:\WINDOWS\system32\nvwrsel.dll
2007-04-04 19:59 1,290,240 -ra------ C:\WINDOWS\system32\nvrssl.dll
2007-04-04 19:59 <DIR> d-------- C:\WINDOWS\nview
2007-04-04 19:49 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Azureus
2007-04-04 19:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-04 19:25 <DIR> d-------- C:\Program Files\Azureus
2007-04-04 19:21 <DIR> d-------- C:\Program Files\Google
2007-04-04 19:21 <DIR> d-------- C:\DOCUME~1\knowell\APPLIC~1\Google
2007-04-04 19:12 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-04 19:06 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-04 19:06 <DIR> d-------- C:\WINDOWS\peernet
2007-04-04 19:05 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-04 19:02 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-04 19:02 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-04 19:00 <DIR> d-------- C:\WINDOWS\EHome
2007-04-04 18:57 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-04-04 18:57 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-04 18:31 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-04 18:30 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-04 18:30 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-04 18:30 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-04 18:30 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-04 18:29 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-04 18:29 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-04 18:29 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-04 18:29 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-04 18:29 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-04 18:29 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-04 18:29 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-04 18:29 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-04 18:29 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-04 18:29 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-04-04 18:29 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-04 18:29 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-04 18:29 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-04 18:29 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-04 18:29 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-04 18:29 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-04 18:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-04 18:26 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-04 18:26 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$
2007-04-04 18:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-04 18:18 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-04 18:18 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-04 18:18 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-04 18:18 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-04 18:18 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-04 18:18 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-04 18:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-04 18:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-04 18:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-04 18:15 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-04 18:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-04 18:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-04 18:15 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-04 18:12 <DIR> d---s---- C:\DOCUME~1\knowell\UserData
2007-04-04 18:10 <DIR> d--hs---- C:\RECYCLER
2007-04-04 18:09 <DIR> d-------- C:\WINDOWS\pss
2007-04-04 18:07 3,407,872 --ah----- C:\DOCUME~1\knowell\NTUSER.DAT
2007-04-04 18:07 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-04 18:06 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-04 18:06 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-04 18:06 <DIR> d--hs---- C:\System Volume Information
2007-04-04 18:03 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-04 18:03 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-04 18:03 0 -rahs---- C:\MSDOS.SYS
2007-04-04 18:03 0 -rahs---- C:\IO.SYS
2007-04-04 18:03 0 --a------ C:\CONFIG.SYS
2007-04-04 18:03 0 --a------ C:\AUTOEXEC.BAT
2007-04-04 18:03 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-04 18:03 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-04 18:02 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-04 18:02 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-04 18:02 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-04 18:02 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-04 18:02 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-04 18:02 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-04 18:01 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-04 18:01 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-04 18:01 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-04 18:01 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-04 18:01 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-04 18:01 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-04 18:01 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-04 18:01 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-04 18:01 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-04 18:01 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-04 18:01 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-04 18:01 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-04 18:01 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-04 18:01 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-04 18:01 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-04 18:01 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-04 18:01 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-04 18:01 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-04 18:01 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-04 18:01 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-04 18:01 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-04 18:01 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-04 18:01 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-04 18:01 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-04 18:01 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-04 18:01 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-04 18:01 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-04 18:01 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-04 18:01 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-04 18:01 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-04 18:00 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-04 18:00 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-04 18:00 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-04 18:00 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-04 18:00 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-04 18:00 <DIR> d-------- C:\WINDOWS\Registration
2007-04-04 18:00 <DIR> d-------- C:\Program Files\Online Services
2007-04-04 18:00 <DIR> d-------- C:\Program Files\Messenger
2007-04-04 18:00 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-04 17:59 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-04 17:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-04 17:59 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-04 17:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-04 17:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-04 17:59 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-04 17:59 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-04 17:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-04 17:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-04 17:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-04 17:59 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-04 17:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-04 17:59 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-04 17:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-04 17:59 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-04 17:59 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-04 17:59 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-04 17:59 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-04 17:59 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-04 17:59 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-04 17:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-04 17:59 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-04 17:59 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-04 17:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-04 17:59 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-04 17:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-04 17:59 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-04 17:59 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-04 17:59 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-04 17:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-04 17:59 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-04 17:59 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-04 17:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-04 17:59 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-04 17:59 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-04 17:59 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-04 17:59 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-04 17:59 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-04 17:59 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-04 17:59 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-04 17:59 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-04 17:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-04 17:59 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-04 17:59 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-04 17:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-04 17:59 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-04 17:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-04 17:59 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-04 17:59 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-04 17:59 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-04 17:59 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-04 17:59 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-04 17:59 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-04 17:59 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-04 17:59 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-04 17:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-04 17:59 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-04 17:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-04 17:59 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-04 17:59 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-04 17:59 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-04 17:59 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-04 17:59 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-04 17:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-04 17:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-04 17:59 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-04 17:59 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-04 17:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-04 17:59 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-04 17:59 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-04 17:59 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-04 17:59 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-04 17:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-04 17:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-04 17:59 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-04 17:59 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-04 17:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-04 17:59 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-04 17:59 <DIR> d-------- C:\Program Files\Windows NT
2007-04-04 17:59 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-04 03:38 45,056 --a------ C:\WINDOWS\system32\scrvid.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-04 22:40 62 --ahs---- C:\DOCUME~1\knowell\APPLIC~1\desktop.ini
2007-04-04 19:56 35712 --a------ C:\WINDOWS\system32\drivers\SeratoUsb.sys
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll"
"{83B80A9C-D91A-4F22-8DCF-EA7204039F79}"="C:\Program Files\Xi\NetXfer\NXIEHelper.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{E9FE24FA-3113-4A03-908E-FF71D5AC683C}"="C:\WINDOWS\system32\awttuuu.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"StartFw1082Panel"="fw1082panel.exe H"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"TkBellExe"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"EasyLinkAdvisor"="\"C:\\Program Files\\Linksys EasyLink Advisor\\LinksysAgent.exe\" /startup"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
"{E9FE24FA-3113-4A03-908E-FF71D5AC683C}"="C:\WINDOWS\system32\awttuuu.dll"


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awttuuu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkklj

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^knowell^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\knowell\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rrseugsq"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\WINDOWS\\system32\\rrseugsq.dll\",realset"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="evntsvc"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Real\\Update_OB\\evntsvc.exe -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 04:15:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 4:15:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-30 04:15




and here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:16:51 AM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\fw1082panel.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\HijackThis\abc.bat.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netmail.verizon.net/webmail/servlet...mlet&site=C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users