system32.exe, Grey Loud, and other problems

neonknightmare · 02-21-2007, 07:56 AM

First post. Thank you in advance.
On system startup, I get a popup that says, "Windows cannot find 'System32.exe.' Make sure you typed the name correctly and then try again."

I am running Kaspersky anti viral software and it finds other things that are trying to run other programs. They usually won't terminate and I roll them back(whatever that means.) I am using Firefox, but get IE popups.

I have also ran ad aware, and avg anti spyware.

When I look in C\windows\system32 I see nothing, even though I have checked the view hidden files box. I have also unchecked the hide protected operating system files. There is nothing there.

My 3 primary concerns are the extremely slow startup, the Sysem32.exe issue, and the popups.

I turned off Kapersky before running the Hijakthis log.

Please advise, and thank you again.

Logfile of HijackThis v1.99.1
Scan saved at 8:44:26 AM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Creative\SBLive 24-Bit External\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\nbdos.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dennetts Hardware\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7F29B218-2BFF-0327-F49B-04D5FF22B2C8} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nmfmsvpe.dll",setvm
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [bind first] C:\DOCUME~1\DENNET~1\APPLIC~1\FUNKFA~1\Each Wma.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll
O18 - Filter: text/html - {7147713B-F7B8-421E-9435-E9380ED7A49E} - C:\WINDOWS\system32\deihz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

neonknightmare · 02-21-2007, 10:51 AM

Found System32 file contents. There were 2 system 32 folders.

neonknightmare · 02-21-2007, 11:45 AM

One more update.

I get no desktop when running in Safe Mode. I can access Task Manager though

tetonbob · 02-22-2007, 08:52 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

This is a mess, and will take several posts to clear up. You have a variant of the SDbot virus showing in your log (among other things). Even though the Virus has been identified and can be killed, because of it's backdoor functionality, there is no way to be sure what information has been stolen from your system. If you do any banking or have recently paid for goods or services online you will need to change all passwords where applicable and it would be wise to contact your bank or credit card company to inform them of your situation. This also applies to passwords for any confidential sites you use such as Paypal, Ebay, Email etc... The infection you have has the ability to download and execute files, log keystrokes, Redirect connections, Sniff sent packets for information & Steal personal information so it is a very serious threat.

Should you have any questions, please feel free to ask.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please go to: VirusTotal

At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

nbdos.exe (you'll have to find the exact location of this file...it is likely in System32. If you cannot find it there, run a search for it using Windows Search function Start>Search>All files and Folders
Click "Open".
Then click the "Send" button at the top of the VirusTotal page.
This will scan the file. Please be patient.
Once scanned, copy and paste the results in your next reply.

---------------------------------------------------------------------------------------------

Please download Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

We'll use this later.

---------------------------------------------------------------------------------------------

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

---------------------------------------------------------------------------------------------

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it.
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

---------------------------------------------------------------------------------------------

Go to Start>Run and copy/paste the following:

sc delete Windows Registry Service

Then Press Enter.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nmfmsvpe.dll",setvm
O4 - HKCU\..\Run: [bind first] C:\DOCUME~1\DENNET~1\APPLIC~1\FUNKFA~1\Each Wma.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing)
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab
O18 - Filter: text/html - {7147713B-F7B8-421E-9435-E9380ED7A49E} - C:\WINDOWS\system32\deihz.dll

Close HijackThis now.

---------------------------------------------------------------------------------------------

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

---------------------------------------------------------------------------------------------

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it.
Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

---------------------------------------------------------------------------------------------

Delete the following files/folders:

C:\WINDOWS\system32\nmfmsvpe.dll
C:\Documents and Settings\DENNET~1 (your user name)\Application Data\FUNKFA~1 <<<this will be a folder which begins with Funk Fa
C:\WINDOWS\system32\deihz.dll

---------------------------------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script. (Use Task Manager to navigate to it if you need to)
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum in your next reply.

---------------------------------------------------------------------------------------------

Next, please do this:

Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy and paste the contents of ComboScan.txthere.
A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
Please Attach Supplementary.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:

C:\ComboScan\Supplementary.txt
Click Upload.

---------------------------------------------------------------------------------------------

So, that was a lot of work, and we're just beginning. Please return with results from:

VundoFix (C:\vundofix.txt)
NoLOP (C:\NoLOP.log)
SDFix (C:\SDFix\report.txt)
ComboScan.txt
Supplementary.txt

neonknightmare · 02-23-2007, 04:48 AM

Thank you.

I ran Spyware doctor after writing my initial posts, and to my horror got rebooted and received a fatal system error. Blue screen of death. I have just finished reinstalling Windows XP, and while everything seems fine, and I have no popups or delays, I will still run the checks you suggest.

Thanks.

neonknightmare · 02-23-2007, 06:20 AM

OK, here is the results of the scans. As you might imagine, many things were not there after reinstalling Windows.
Question: Is nbdos.exe the nasty virus I must watch out for in the future?

virus total scan:

AntiVir 7.3.1.38 02.23.2007 TR/Agent.1332736
Authentium 4.93.8 02.23.2007 no virus found
Avast 4.7.936.0 02.23.2007 no virus found
AVG 386 02.23.2007 no virus found
BitDefender 7.2 02.23.2007 DeepScan:Generic.Malware.G!SKI!!FLMWX!Bprng.76C44EDE
CAT-QuickHeal 9.00 02.22.2007 no virus found
ClamAV devel-20060426 02.22.2007 no virus found
DrWeb 4.33 02.23.2007 no virus found
eSafe 7.0.14.0 02.23.2007 no virus found
eTrust-Vet 30.4.3424 02.23.2007 no virus found
Ewido 4.0 02.22.2007 no virus found
FileAdvisor 1 02.23.2007 no virus found
Fortinet 2.85.0.0 02.23.2007 suspicious
F-Prot 4.3.1.45 02.22.2007 no virus found
F-Secure 6.70.13030.0 02.23.2007 no virus found
Ikarus T3.1.0.31 02.23.2007 Backdoor.VB.EV
Kaspersky 4.0.2.24 02.23.2007 no virus found
McAfee 4969 02.22.2007 no virus found
Microsoft 1.2204 02.23.2007 no virus found
NOD32v2 2076 02.22.2007 no virus found
Norman 5.80.02 02.23.2007 no virus found
Panda 9.0.0.4 02.23.2007 no virus found
Prevx1 V2 02.23.2007 no virus found
Sophos 4.14.0 02.21.2007 no virus found
Sunbelt 2.2.907.0 02.22.2007 VIPRE.Suspicious
Symantec 10 02.23.2007 no virus found
TheHacker 6.1.6.063 02.23.2007 no virus found
UNA 1.83 02.22.2007 no virus found
VBA32 3.11.2 02.22.2007 no virus found
VirusBuster 4.3.19:9 02.22.2007 no virus found
--------------------------------------------------------------------

VundoFix V6.3.9

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.9

Scan started at 6:16:31 AM 2/23/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...
--------------------------------------------------------------------

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\ourroom\Desktop
[2/23/2007]
[6:28:49 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Fssg
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Corel
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer
C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Corel
C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts
C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Google
C:\Documents and Settings\Dennetts Hardware\Application Data\Help
C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard
C:\Documents and Settings\Dennetts Hardware\Application Data\Identities
C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust
C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc
C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia
C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla
C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Real
C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion
C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip
C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder
C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp
C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic
C:\Documents and Settings\Dennetts Hardware\Application Data\Sun
C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems
C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Netmon
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Adobe
C:\Documents and Settings\Ourroom\Application Data\Identities
C:\Documents and Settings\Ourroom\Application Data\Limewire
C:\Documents and Settings\Ourroom\Application Data\Macromedia
C:\Documents and Settings\Ourroom\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Mozilla
C:\Documents and Settings\Ourroom\Application Data\Smartftp
C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\ourroom\Desktop
[2/23/2007]
[6:28:49 AM]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Autodesk
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Fssg
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
C:\Documents and Settings\All Users\Application Data\Kodak
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Mcafee
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Move Networks
C:\Documents and Settings\All Users\Application Data\Nero
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pinnacle
C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems
C:\Documents and Settings\All Users.windows\Application Data\Macromedia
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Corel
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Real
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe
C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer
C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Corel
C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts
C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Google
C:\Documents and Settings\Dennetts Hardware\Application Data\Help
C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard
C:\Documents and Settings\Dennetts Hardware\Application Data\Identities
C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust
C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc
C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia
C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft
C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla
C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Real
C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion
C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip
C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder
C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp
C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic
C:\Documents and Settings\Dennetts Hardware\Application Data\Sun
C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems
C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent
C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Localservice\Application Data\Netmon
C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Adobe
C:\Documents and Settings\Ourroom\Application Data\Identities
C:\Documents and Settings\Ourroom\Application Data\Limewire
C:\Documents and Settings\Ourroom\Application Data\Macromedia
C:\Documents and Settings\Ourroom\Application Data\Microsoft
C:\Documents and Settings\Ourroom\Application Data\Mozilla
C:\Documents and Settings\Ourroom\Application Data\Smartftp
C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory
-------------------------------------------------------------------------

ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as ourroom.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:04:12 AM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ourroom\Desktop\comboscan.exe
C:\Documents and Settings\ourroom\Desktop\hijackthis\ourroom.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys
3R WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys
3R GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\GTNDIS5.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
4S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{076B68ED-8FBA-44CF-A42D-89CE76D0729A}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3S TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R wuauserv (Automatic Updates) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
2R WUSB54Gv42SVC - "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe"
2S WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs

-- Files created between 2007-01-23 and 2007-02-23 ------------------------------

2007-02-23 06:45:22 0 d-------- C:\bintheredunthat<BINTHE~1>
2007-02-23 06:39:34 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-23 06:28:49 106 --a------ C:\delete.bat
2007-02-23 06:16:31 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-23 06:14:52 0 d-------- C:\SDFix
2007-02-23 06:10:05 0 d-------- C:\bfu
2007-02-22 21:13:53 0 d-------- C:\Documents and Settings\ourroom\Shared
2007-02-22 21:13:51 0 d-------- C:\Documents and Settings\ourroom\Incomplete<INCOMP~1>
2007-02-22 21:13:35 0 d-------- C:\Documents and Settings\ourroom\Application Data\LimeWire
2007-02-22 20:49:11 0 d-------- C:\Documents and Settings\ourroom\Application Data\SmartFTP
2007-02-22 20:10:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems<ADOBES~1>
2007-02-22 20:09:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-02-22 20:04:41 0 d-------- C:\Documents and Settings\ourroom\Application Data\Adobe
2007-02-22 19:45:11 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-02-22 19:25:55 0 d-------- C:\Documents and Settings\ourroom\Application Data\WinRAR
2007-02-22 19:23:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-22 19:10:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-22 19:04:04 0 d-------- C:\WINDOWS\Prefetch
2007-02-22 18:58:07 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-22 18:58:07 59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-22 18:58:02 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-22 18:58:02 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-22 18:58:02 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-22 18:58:02 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-22 18:58:02 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-22 18:58:02 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-22 18:58:02 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-22 18:58:02 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-22 18:58:02 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-22 18:58:02 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-22 18:58:02 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-22 18:58:02 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-22 18:58:02 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-22 18:58:02 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-22 18:58:02 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-22 18:58:02 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-22 18:58:02 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-22 18:58:02 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-22 18:58:02 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-22 18:58:02 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-22 18:58:02 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-22 18:58:02 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-22 18:58:02 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-22 18:58:02 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-22 18:58:02 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-22 18:58:02 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-22 18:58:02 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-22 18:58:02 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-22 18:58:02 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-22 18:58:02 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-22 18:58:02 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-22 18:58:01 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-22 18:58:01 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-22 18:58:01 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-22 18:58:01 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-22 18:58:01 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-22 18:58:01 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-22 18:58:01 263040 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-22 18:58:01 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-22 18:58:01 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-22 18:58:01 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-22 18:58:01 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-22 18:58:01 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-22 18:58:01 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-22 18:58:01 124800 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-22 18:58:01 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-22 18:58:01 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-22 18:58:01 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-22 18:58:01 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-22 18:58:01 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-22 18:58:01 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-22 18:58:01 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-22 18:58:01 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-22 18:58:01 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-22 18:58:01 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-22 18:58:01 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-22 18:58:01 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-22 18:58:00 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-22 18:58:00 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-22 18:58:00 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-22 18:58:00 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-22 18:58:00 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-22 18:58:00 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-22 18:58:00 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-22 18:58:00 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-22 18:58:00 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-22 18:58:00 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-22 18:58:00 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-22 18:58:00 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-22 18:58:00 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-22 18:58:00 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-22 18:58:00 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-22 18:58:00 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-22 18:58:00 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-22 18:58:00 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-22 18:58:00 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-22 18:57:59 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-22 18:57:59 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-22 18:57:59 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-22 18:57:59 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-22 18:57:59 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-22 18:57:59 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-22 18:57:59 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-22 18:57:59 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-22 18:57:59 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-22 18:57:59 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-22 18:57:59 50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-22 18:57:59 30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-22 18:57:59 20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-22 18:57:59 71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-22 18:57:59 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-22 18:57:59 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-22 18:57:59 14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-22 18:57:59 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-22 18:57:59 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-22 18:57:59 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-22 18:57:59 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-22 18:57:59 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-22 18:57:59 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-22 18:57:59 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-22 18:57:58 81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-22 18:57:58 24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-22 18:57:58 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-22 18:57:58 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-22 18:57:58 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-22 18:57:58 22528 -----n--- C:\WINDOWS\system32\fltmc.exe
2007-02-22 18:57:58 16896 -----n--- C:\WINDOWS\system32\fltlib.dll
2007-02-22 18:57:58 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll
2007-02-22 18:57:58 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll
2007-02-22 18:57:57 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-22 18:57:57 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-22 18:57:56 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-22 18:57:56 27136 -----n--- C:\WINDOWS\system32\mspmsnsv.dll
2007-02-22 18:57:56 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP4SDMOD.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP43DMOD.dll
2007-02-22 18:57:55 49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-22 18:57:55 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-22 18:57:55 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-22 18:57:55 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-22 18:57:55 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-22 18:57:55 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-22 18:57:55 116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-22 18:57:55 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-22 18:57:54 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-22 18:57:54 44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-22 18:57:54 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-22 18:57:54 8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-22 18:57:54 73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-22 18:57:54 32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-22 18:57:54 188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-22 18:57:54 286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-22 18:57:54 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-22 18:57:54 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-22 18:57:54 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-22 18:57:53 603648 -----n--- C:\WINDOWS\system32\WMSPDMOD.dll
2007-02-22 18:57:53 4096 -----n--- C:\WINDOWS\system32\wmsdmoe2.dll
2007-02-22 18:57:53 314880 -----n--- C:\WINDOWS\system32\wmpdxm.dll
2007-02-22 18:57:53 242688 -----n--- C:\WINDOWS\system32\wmpasf.dll
2007-02-22 18:57:53 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-02-22 18:57:53 227328 -----n--- C:\WINDOWS\system32\wmerror.dll
2007-02-22 18:57:53 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-22 18:57:52 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-22 18:57:52 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-22 18:57:52 108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-22 18:57:52 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-22 18:57:52 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-22 18:57:52 4096 -----n--- C:\WINDOWS\system32\wmvdmoe2.dll
2007-02-22 18:57:52 1329152 -----n--- C:\WINDOWS\system32\WMSPDMOE.dll
2007-02-22 18:57:51 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-22 18:57:51 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-22 18:57:51 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-22 18:57:51 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-22 18:57:51 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-22 18:57:51 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-22 18:57:51 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-22 18:57:51 32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-22 18:50:55 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-22 18:40:08 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-22 18:40:07 374752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
2007-02-22 18:40:07 339488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
2007-02-22 18:40:07 245376 --a------ C:\WINDOWS\system32\rt2500usb.sys<RT2500~1.SYS>
2007-02-22 18:40:07 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-02-22 18:40:07 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-02-22 18:31:11 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-22 18:31:10 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-22 18:31:08 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-02-22 18:31:07 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-22 18:31:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-22 18:31:04 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-22 18:31:03 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-22 18:31:02 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-22 18:30:50 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-02-22 18:30:48 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-02-22 18:30:47 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-02-22 18:30:44 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-22 18:30:43 59264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2007-02-22 18:30:42 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-22 18:30:42 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-22 18:24:10 1048576 --ah----- C:\Documents and Settings\ourroom\NTUSER.DAT
2007-02-22 18:22:27 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:22:26 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:16:58 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-02-22 18:13:49 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-02-22 18:12:06 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-22 18:11:10 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-02-22 18:09:51 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-22 18:09:51 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-22 18:09:51 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-22 18:09:43 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-22 18:09:43 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-22 18:09:42 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-22 18:09:41 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-22 18:09:41 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-22 18:09:41 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-22 18:09:41 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-22 18:09:41 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-22 18:09:38 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-22 18:09:38 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-22 18:09:34 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-22 18:09:33 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-22 18:09:33 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-22 18:09:33 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-22 18:09:33 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-22 18:09:33 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-22 18:09:33 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-22 18:09:33 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-22 18:09:33 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-22 18:09:33 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-22 18:09:32 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-22 18:09:32 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-22 18:09:32 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-22 18:09:32 678400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-22 18:09:20 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-22 18:08:12 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-22 18:08:06 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-22 18:08:06 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-22 18:08:06 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-22 18:08:06 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-22 18:08:05 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-22 18:08:05 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-22 18:08:05 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-22 18:08:05 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-22 18:08:05 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-22 18:07:59 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-22 18:07:59 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-22 18:07:59 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-22 18:07:58 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-22 18:07:58 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-22 18:07:58 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-22 18:07:58 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-22 18:07:58 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-22 18:07:58 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-22 18:07:57 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-22 18:07:57 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-22 18:07:57 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-22 18:07:57 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-22 18:07:57 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-22 18:07:57 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-22 18:07:57 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-22 18:07:57 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-22 18:07:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-22 18:07:57 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-22 18:07:57 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-22 18:07:56 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-22 18:07:56 90112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-22 18:07:56 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-22 18:07:56 949248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-22 18:07:56 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-22 18:07:56 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-22 18:07:56 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-22 18:07:55 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-22 18:07:55 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-22 18:07:54 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-22 18:07:54 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-22 18:07:54 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-22 18:07:54 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-22 18:07:54 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-22 18:07:54 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-22 18:07:54 62464 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-22 18:07:54 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-22 18:07:54 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-22 18:07:54 229888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-22 18:07:53 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-22 18:07:53 501248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-22 18:07:47 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-22 18:07:47 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-22 18:07:47 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-22 18:07:47 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-22 18:07:47 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-22 18:07:46 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-22 18:07:46 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-22 18:07:46 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-22 18:07:46 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-22 18:07:46 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-22 18:07:46 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-22 18:07:45 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-22 18:07:45 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-22 18:07:45 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-22 18:07:45 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-22 18:07:45 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-22 18:07:45 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-22 18:07:45 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-22 18:07:45 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-22 18:07:45 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-22 18:07:45 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-22 18:07:45 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-22 18:07:44 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-22 18:07:44 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-22 18:07:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-22 18:07:44 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-22 18:07:44 628224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-22 18:07:43 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-22 18:07:41 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-22 18:07:36 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-22 18:07:36 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-22 13:37:34 0 d-------- C:\068f143c3f22844b0d1240e523037b<068F14~1>
2007-02-22 11:53:45 0 d-------- C:\Program Files\s?stem
2007-02-22 11:53:05 32177 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE>
2007-02-22 11:52:16 0 d-------- C:\ffd38e13e662ce6d2c83768d99e805fd<FFD38E~1>
2007-02-22 11:34:49 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-22 11:26:13 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-22 11:25:56 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-22 11:25:22 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-22 11:25:04 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-22 11:24:52 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-02-22 11:24:36 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-22 11:22:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-02-22 11:22:45 0 d--hs---- C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU<RGVUBM~1>
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-22 11:19:51 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-22 11:19:50 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-22 11:19:49 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-22 11:19:48 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-22 11:19:48 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-22 11:19:45 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-22 11:19:42 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-22 11:19:42 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-22 11:19:42 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-22 11:19:42 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-22 11:19:41 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-22 11:19:41 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-22 11:19:41 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-22 11:19:41 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-22 11:19:41 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-22 11:19:41 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-22 11:19:41 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-22 11:19:40 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-22 11:19:40 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-22 11:19:40 68768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-02-22 11:19:40 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-22 11:19:40 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-22 11:19:40 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-22 11:19:40 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-22 11:19:39 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-22 11:19:39 69120 --a------ C:\WINDOWS\notepad.exe
2007-02-22 11:19:38 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-22 11:19:27 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents<DOCUME~1>
2007-02-22 11:18:19 0 d-------- C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}<{4CFAA~1>
2007-02-22 11:14:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
2007-02-21 21:24:14 0 d-------- C:\8f2399186ff3a900dfb1da8dc820210d<8F2399~1>
2007-02-21 19:10:22 0 d-------- C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001}<{3CFAA~1>
2007-02-21 19:10:18 92997 --a------ C:\Documents and Settings\Dennetts Hardware\bcw2.exe
2007-02-21 19:10:13 25088 --a------ C:\Documents and Settings\Dennetts Hardware\bcwin32.exe
2007-02-21 19:10:11 25600 --a------ C:\lddxxxbdla.exe<LDDXXX~1.EXE>
2007-02-21 16:33:27 0 d-------- C:\7df1ac5d04c72c2a7d4291a91491<7DF1AC~1>
2007-02-21 12:48:00 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-02-21 08:18:39 0 d-------- C:\WINDOWS\Sytem32
2007-02-20 19:21:36 0 d-------- C:\Program Files\Lavasoft
2007-02-20 18:30:33 385536 --a------ C:\is67lolawa.exe<IS67LO~1.EXE>
2007-02-20 18:12:09 0 d-------- C:\Program Files\DiskTrix
2007-02-20 10:32:55 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-02-20 10:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-02-20 10:30:35 0 d-------- C:\KAV
2007-02-19 21:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-19 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-02-19 17:14:57 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
2007-02-19 13:38:51 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-02-19 13:37:51 0 d-------- C:\Program Files\F-Secure
2007-02-19 13:09:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\GlarySoft<GLARYS~1>
2007-02-19 13:05:13 0 d-------- C:\Program Files\Glary Utilities<GLARYU~1>
2007-02-19 12:26:19 670 --a------ C:\ICSdata.dat
2007-02-19 12:26:03 0 d-------- C:\Program Files\InfoClock Screensaver<INFOCL~1>
2007-02-19 12:26:03 0 d-------- C:\DESfiles
2007-02-17 16:47:55 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-17 10:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol<JOYMEE~1>
2007-02-17 10:14:42 0 d-------- C:\Program Files\funk fast wave<FUNKFA~1>
2007-02-17 10:14:09 0 d-------- C:\Program Files\Torrent101<TORREN~1>
2007-02-12 11:36:25 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
2007-02-12 10:24:07 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1>
2007-02-12 09:34:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\uTorrent
2007-02-12 09:34:49 0 d-------- C:\Program Files\uTorrent
2007-02-06 12:57:56 0 d-------- C:\Program Files\iPod
2007-02-06 12:57:44 0 d-------- C:\Program Files\iTunes
2007-02-03 11:44:48 0 d-------- C:\Program Files\Reallusion<REALLU~1>
2007-02-02 22:49:44 5767168 --a------ C:\Documents and Settings\Dennetts Hardware\ntuser.dat
2007-02-01 18:57:50 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files<SMARTF~1.0SE>
2007-02-01 16:51:09 0 d-------- C:\Program Files\SuperCleaner<SUPERC~1>
2007-01-31 22:05:08 47360 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\pcouffin.sys
2007-01-31 22:05:08 87608 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\ezpinst.exe
2007-01-31 22:05:07 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Vso
2007-01-31 22:05:04 0 d-------- C:\Program Files\DVDFab Platinum 3<DVDFAB~1>
2007-01-31 21:34:48 0 d-------- C:\WINDOWS\WBEM
2007-01-31 21:34:46 0 d-------- C:\WINDOWS\system32\en-US
2007-01-31 21:33:08 0 d--h---c- C:\WINDOWS\ie7
2007-01-31 21:30:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-31 20:19:14 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-31 17:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-01-31 16:11:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\BitTorrent<BITTOR~1>
2007-01-31 15:27:31 0 d-------- C:\Program Files\Common Files\Creative
2007-01-31 15:20:03 0 d-------- C:\WINDOWS\system32\Data
2007-01-31 14:56:00 0 d-------- C:\Program Files\Dell Computer<DELLCO~1>
2007-01-31 14:55:42 0 d-------- C:\Program Files\PianoFX
2007-01-31 14:55:06 0 d-------- C:\Program Files\Common Files\Sonic
2007-01-31 14:54:48 0 d-------- C:\WINDOWS\system32\dla
2007-01-31 14:52:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-01-31 14:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-31 14:51:52 0 d-------- C:\Program Files\Microsoft Money<MICROS~3>
2007-01-31 13

05 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
2007-01-31 11:59:16 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
2007-01-31 11:57:04 0 d-------- C:\Program Files\Nero
2007-01-31 11:57:03 0 d-------- C:\Program Files\Common Files\Ahead
2007-01-31 09:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-01-31 09:32:27 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder<SMARTR~1>
2007-01-30 20:15:24 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1>
2007-01-30 20:11:43 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
2007-01-30 19:54:52 0 d-------- C:\Program Files\Creative
2007-01-29 20:05:25 0 d-------- C:\WINDOWS\system32\NtmsData
2007-01-29 17:35:33 0 d-------- C:\WINDOWS\Profiles
2007-01-29 17:35:31 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\InterTrust<INTERT~1>
2007-01-29 17:33:51 0 d-------- C:\WINDOWS\system32\hauppauge<HAUPPA~1>
2007-01-29 17:33:38 0 d-------- C:\MyVideos
2007-01-29 17:33:25 0 d-------- C:\Program Files\WinTV
2007-01-29 17:15:27 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-01-29 17:09:01 0 d-------- C:\WINDOWS\nview
2007-01-29 13:19:54 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-01-29 13:18:05 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1>
2007-01-29 12:38:41 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\WinRAR
2007-01-29 08:49:13 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys<RT2500~1.SYS>
2007-01-29 08:48:47 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>

-- Find3M Report ----------------------------------------------------------------

2007-02-23 07:02:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-23 05:37:26 0 d-------- C:\Program Files\Attitude POSitive<ATTITU~1>
2007-02-23 05:26:11 0 d-------- C:\Program Files\Java
2007-02-22 21:03:22 0 d---s---- C:\Documents and Settings\ourroom\Application Data\Microsoft<MICROS~1>
2007-02-22 20:35:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-22 19:53:43 0 d-------- C:\Documents and Settings\ourroom\Application Data\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-02-22 19:10:27 0 d-------- C:\Documents and Settings\ourroom\Application Data\Mozilla
2007-02-22 18:55:36 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-22 18:55:23 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\s?stem
2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\??stem
2007-02-22 18:24:25 0 d-------- C:\Documents and Settings\ourroom\Application Data\Identities<IDENTI~1>
2007-02-22 11:19:27 62 --ahs---- C:\Documents and Settings\ourroom\Application Data\desktop.ini
2007-02-21 14:47:20 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-20 19:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-20 19:44:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 18:10:58 0 d-------- C:\Program Files\UI
2007-02-20 18:10:58 0 d-------- C:\Program Files\scripts
2007-02-20 18:10:58 0 d-------- C:\Program Files\plugins
2007-02-20 18:10:56 0 d-------- C:\Program Files\Replay7
2007-02-20 18:05:12 0 d-------- C:\Program Files\Data
2007-02-20 18:05:11 0 d-------- C:\Program Files\MainRetail3<MAINRE~1>
2007-02-20 18:05:09 0 d-------- C:\Program Files\Common Files\mqkz
2007-02-20 17:11:38 0 d-------- C:\Program Files\Grisoft
2007-02-16 06:46:51 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-16 06:46:13 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-01 16:11:38 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-02-01 12:14:31 0 d-------- C:\Program Files\LimeWire
2007-02-01 06:26:18 0 d-------- C:\Program Files\??sks
2007-01-31 14:03:34 0 d-------- C:\Program Files\Yahoo!
2007-01-30 11:51:16 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-01-30 11:48:25 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-30 11:45:48 0 d-------- C:\Program Files\Amor SWF to Video Converter<AMORSW~1>
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\?dobe
2007-01-29 13:18:20 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-01-17 11:02:19 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-12 10:44:01 0 d-------- C:\Program Files\Luxor Mahjong<LUXORM~1>
2007-01-03 15:19:56 171008 --ahs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe<YAZZLE~1.EXE>
2006-11-25 13:54:02 449024 --a------ C:\WINDOWS\system32\InfoClock Screensaver.scr<INFOCL~1.SCR>

-- Registry Dump ----------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NWEReboot"=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
---------------------------------------------------------------------------

I was unable to attach supplementary text. Kept timing out. Here is the text

ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.40GHz
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 1022 MiB / 716.86 MiB
Pagefile Memory (total/avail): 2460.81 MiB / 2290.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1999.38 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.46 GiB total, 39.68 GiB free.
D: is Fixed (FAT32) - 93.34 GiB total, 31.01 GiB free.
E: is CDROM (No Media)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\ourroom\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STEVEANDCAREN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ourroom
LOGONSERVER=\\STEVEANDCAREN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp
TMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp
USERDOMAIN=STEVEANDCAREN
USERNAME=ourroom
USERPROFILE=C:\Documents and Settings\ourroom
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

ourroom (admin)
Administrator (new local, admin)

-- Add/Remove Programs ----------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
HijackThis 1.99.1 --> C:\Documents and Settings\ourroom\Desktop\hijackthis\HijackThis.exe /uninstall
InfoClock Screensaver 1.6.7 --> "C:\Program Files\InfoClock Screensaver\unins000.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
SmartFTP Client 2.0 (remove only) --> "C:\Program Files\SmartFTP Client 2.0\uninst-sftp.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- End of ComboScan: finished at 2007-02-23 at 07:04:45 -------------------------

HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

-- End of ComboScan: finished at 2007-02-23 at 07:04:45 -------------------------

tetonbob · 02-23-2007, 08:34 AM

Quick Questions:

Did you do a repair install, or format and install?

Did you run these scans before or after the install?

Meaning, is nbdos.exe still on your system?

neonknightmare · 02-23-2007, 09:41 AM

I did not reformat, but did do a full XP reinstall(not a repair install.) No icons, default desktop, no installed programs...etc...etc. immediately updated to sp2. I have also reinstalled Kaspersky, and it no longer sees any viruses on startup(have not done a full system scan yet.)

Yes, I did a search and found nbdos.exe in system32 file.

neonknightmare · 02-23-2007, 09:42 AM

scans were after reinstall.

tetonbob · 02-23-2007, 10:29 AM

Well, unless you formatted, what you've done is install over the top. That means infections are not wiped out. Let's move on.

Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following lines into the Step 1: Paste Text window:

C;\Windows\System32\nbdos.exe

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next, please visit TheSpyKillers forum HERE

Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop. Please put attention AndyManchesta in the thread title, and post the link to that thread here.

Once you done that, delete the file and post a new HJT log.

There are other nasties showing in the ComboScan and NoLOP logs, which we'll deal with next.

Also, I would recommend a full system scan with kaspersky, after ensuring it has the latest update definitions.

neonknightmare · 02-23-2007, 11:09 AM

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Logfile of HijackThis v1.99.1
Scan saved at 12

59 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\ourroom\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

Thank you for the quick response. You the man.

will start Kasperky scan now.

tetonbob · 02-23-2007, 11:22 AM

Thanks for helping us by uploading the file. It has been received.

I'll be offline for several hours now. I'll have more work for you to do when I return later tonight (2100EST or so)

tetonbob · 02-23-2007, 08:08 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

---------------------------------------------------------------------------------------------------

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware

From the main screen, click on update, then click the Start
update button.
After the update finishes (the status bar at the bottom will display "Update
successful")
select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"
Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Delete the following files/folders:

C:\Program Files\funk fast wave
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\mqkz
C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol

Please use caution in deleting these next folders. Before deleting, look inside them, and check their properties for creation dates. I've listed them where they were available. These folders emulate legit folder names which may also be present in these locations, and the characters may appear as English or Cyrillic.

If you have any doubts about any of them, do not delete them, but instead, make note of what's inside and post that information in your next reply.

C:\Program Files\Common Files\s?stem <<<created on 2007-02-22 18:55:16
C:\Program Files\Common Files\??stem <<<created on 2007-02-22 18:55:16
C:\Program Files\??sks <<<created on 2007-02-01 06:26:18
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe <<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft <<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft <<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Go here and do the BitDefender online virus scan.

Click "I Agree" to agree to the EULA.
Allow the ActiveX control to install when prompted.
Leave the scanning options at default and press "Click here to scan" to begin the scan.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on "Click here to export the scan results"
Save the report to your desktop then come back here and post it in your next reply.

---------------------------------------------------------------------------------------------------

Run ComboScan once again, and post the log which results.

Please return with logs from:

AVG Anti-Spyware
BitDefender
ComboScan.txt

Let me know if you encountered any problems deleting those folders, and how your system is behaving now, please.

neonknightmare · 02-24-2007, 07:37 AM

I am still with you. The Kapersky scan and the avg scan are just taking awhile. I am on another computer.

Kaspersky did find several instances of the Win32 virus and deleted them. It found nothing else. avg running now. May take several more hours.

I could not find any of these files

C:\Program Files\Common Files\s?stem<<<created on 2007-02-22 18:55:16
C:\Program Files\Common Files\??stem<<<created on 2007-02-22 18:55:16
C:\Program Files\??sks<<<created on 2007-02-01 06:26:18
C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs
C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe<<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft<<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\??sks
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem
C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32
C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft<<<Extra care here!!!
C:\Documents and Settings\Dennetts Hardware\Application Data\?asks
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec
C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols
C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts

tetonbob · 02-24-2007, 08:28 AM

Quote:

I could not find any of these files

Interesting....please note once again, they may appear as legit, meaning the ?? may appear as English Characters, but are really Cyrillic, so tools cannot read them correctly...for example:

C:\Documents and Settings\Dennetts Hardware\Application Data\??sks

Could appear as:

C:\Documents and Settings\Dennetts Hardware\Application Data\Tasks

OK, I'll be waiting for the results from the scans.

neonknightmare · 02-24-2007, 03:15 PM

Whew! Finally through scanning. I have two drives.

I did find those files. I was still half asleep the first time I looked for them. All of the folders were empty except system. It contained 3 folders and 3 files. Something about Wab32. I deleted everything.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:09:55 AM 2/24/2007

+ Scan result:

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005019.exe -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005020.dll -> Adware.Softomate : Cleaned.
C:\WINDOWS\system32\nbdos.exe -> Backdoor.Rbot.bwq : Cleaned.
C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005016.exe -> Downloader.Agent.bdr : Cleaned.
C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005017.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP16\A0004236.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP9\A0003698.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.151:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.338:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.96:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.37:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.38:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.199:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.200:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.201:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.202:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.73:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.74:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.75:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.122:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.129:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.130:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.7:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.8:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.233:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.15:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.212:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.214:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.215:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.90:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.360:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.195:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.196:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.197:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.235:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.244:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.46:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.158:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.160:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.161:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.86:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.88:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.143:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.144:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.145:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.249:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.250:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.303:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.304:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.305:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.306:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.117:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.120:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.121:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.128:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.314:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.41:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.42:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.43:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.44:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.45:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.165:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.166:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.167:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.168:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.169:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.170:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.171:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.35:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.256:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.262:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.265:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.39:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.300:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.301:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.302:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.56:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.57:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.58:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.59:C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla\Firefox\Profiles\81cdpq65.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

-------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Sat, Feb 24, 2007 - 16:00:44

Scan path: A:\;C:\;D:\;E:\;

Statistics

Time

04:21:22

Files

1273466

Folders

12265

Boot Sectors

5

Archives

9890

Packed Files

147214

Results

Identified Viruses

6

Infected Files

9

Suspect Files

4

Warnings

0

Disinfected

0

Deleted Files

13

Engines Info

Virus Definitions

393347

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\Dennetts Hardware\bcwin32.exe

Suspected of: Generic.Malware.Fdld.759EE851

C:\Documents and Settings\Dennetts Hardware\bcwin32.exe

Disinfection failed

C:\Documents and Settings\Dennetts Hardware\bcwin32.exe

Deleted

C:\is67lolawa.exe

Infected with: DeepScan:Generic.Sdbot.E9433156

C:\is67lolawa.exe

Disinfection failed

C:\is67lolawa.exe

Deleted

C:\lddxxxbdla.exe

Suspected of: Generic.Malware.Fdld.F0B9676C

C:\lddxxxbdla.exe

Disinfection failed

C:\lddxxxbdla.exe

Deleted

C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}\Update.exe

Infected with: Trojan.Downloader.Agent.DD

C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}\Update.exe

Disinfection failed

C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}\Update.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005143.exe

Infected with: MemScan:Trojan.Vundo.AD

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005143.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005143.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005145.exe

Infected with: DeepScan:Generic.Sdbot.E9433156

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005145.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005145.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005162.exe

Infected with: DeepScan:Generic.Malware.G!SKI!!FLMWX!Bprng.76C44EDE

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005162.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005162.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005757.exe

Infected with: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005757.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005757.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005759.exe

Suspected of: Generic.Malware.Fdld.759EE851

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005759.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005759.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005761.exe

Infected with: DeepScan:Generic.Sdbot.E9433156

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005761.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005761.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005762.exe

Suspected of: Generic.Malware.Fdld.F0B9676C

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005762.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005762.exe

Deleted

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005763.exe

Infected with: Trojan.Downloader.Agent.DD

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005763.exe

Disinfection failed

C:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP27\A0005763.exe

Deleted

D:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005163.EXE=>(CAB Sfx r)=>rBot.exe

Infected with: DeepScan:Generic.Malware.G!SKI!!FLMWX!Bprng.76C44EDE

D:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005163.EXE=>(CAB Sfx r)=>rBot.exe

Disinfection failed

D:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005163.EXE=>(CAB Sfx r)=>rBot.exe

Deleted

D:\System Volume Information\_restore{13A726FF-B9C1-48F9-9B4A-D960FD62303B}\RP26\A0005163.EXE=>(CAB Sfx r)

Update failed

---------------------------------------------------------------------------------------------

ComboScan v20070221.16 run by ourroom on 2007-02-24 at 16:03:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as ourroom.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:03:36 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\ourroom\Desktop\comboscan.exe
C:\Documents and Settings\ourroom\Desktop\hijackthis\ourroom.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-24 11:36:32 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-24 11:35:32 0 d---s---- C:\Documents and Settings\ourroom\UserData
2007-02-24 10:32:55 0 d-------- C:\WINDOWS\LastGood
2007-02-24 06:26:51 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-24 06:21:40 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-02-23 09:47:01 20016 -----n--- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-02-23 09:35:37 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-23 09:31:22 262144 --a------ C:\Documents and Settings\All Users.WINDOWS\ntuser.dat
2007-02-23 09:20:37 0 d-------- C:\Documents and Settings\ourroom\Application Data\Lavasoft
2007-02-23 09:00:08 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-02-23 09:00:08 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-02-23 08:59:50 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab<KASPER~1>
2007-02-23 08:59:47 51232 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-02-23 08:59:47 5071392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-02-23 06:45:22 0 d-------- C:\bintheredunthat<BINTHE~1>
2007-02-23 06:39:34 397312 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-23 06:28:49 106 --a------ C:\delete.bat
2007-02-23 06:16:31 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-23 06:14:52 0 d-------- C:\SDFix
2007-02-23 06:10:05 0 d-------- C:\bfu
2007-02-22 21:13:53 0 d-------- C:\Documents and Settings\ourroom\Shared
2007-02-22 21:13:51 0 d-------- C:\Documents and Settings\ourroom\Incomplete<INCOMP~1>
2007-02-22 21:13:35 0 d-------- C:\Documents and Settings\ourroom\Application Data\LimeWire
2007-02-22 20:49:11 0 d-------- C:\Documents and Settings\ourroom\Application Data\SmartFTP
2007-02-22 20:10:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems<ADOBES~1>
2007-02-22 20:09:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2007-02-22 20:04:41 0 d-------- C:\Documents and Settings\ourroom\Application Data\Adobe
2007-02-22 19:45:11 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1>
2007-02-22 19:25:55 0 d-------- C:\Documents and Settings\ourroom\Application Data\WinRAR
2007-02-22 19:23:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-22 19:10:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-22 19:04:04 0 d-------- C:\WINDOWS\Prefetch
2007-02-22 18:58:07 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-02-22 18:58:07 59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-02-22 18:58:02 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-02-22 18:58:02 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-02-22 18:58:02 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-02-22 18:58:02 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-02-22 18:58:02 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-02-22 18:58:02 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-02-22 18:58:02 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-02-22 18:58:02 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-02-22 18:58:02 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-02-22 18:58:02 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-02-22 18:58:02 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-02-22 18:58:02 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-02-22 18:58:02 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-02-22 18:58:02 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-02-22 18:58:02 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-02-22 18:58:02 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-02-22 18:58:02 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-02-22 18:58:02 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-02-22 18:58:02 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-02-22 18:58:02 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-02-22 18:58:02 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-02-22 18:58:02 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-02-22 18:58:02 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-02-22 18:58:02 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-02-22 18:58:02 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-02-22 18:58:02 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-02-22 18:58:02 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-02-22 18:58:02 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-02-22 18:58:02 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-02-22 18:58:02 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-02-22 18:58:02 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-02-22 18:58:01 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-02-22 18:58:01 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-02-22 18:58:01 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-02-22 18:58:01 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-02-22 18:58:01 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-02-22 18:58:01 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-02-22 18:58:01 262784 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-02-22 18:58:01 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-02-22 18:58:01 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-02-22 18:58:01 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-02-22 18:58:01 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-02-22 18:58:01 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-02-22 18:58:01 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-02-22 18:58:01 128896 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-02-22 18:58:01 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-02-22 18:58:01 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-02-22 18:58:01 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-02-22 18:58:01 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-02-22 18:58:01 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-02-22 18:58:01 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-02-22 18:58:01 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-02-22 18:58:01 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-02-22 18:58:01 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-02-22 18:58:01 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-02-22 18:58:01 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-02-22 18:58:01 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-02-22 18:58:00 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-22 18:58:00 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-02-22 18:58:00 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-02-22 18:58:00 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-02-22 18:58:00 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-02-22 18:58:00 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-02-22 18:58:00 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-02-22 18:58:00 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-02-22 18:58:00 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-02-22 18:58:00 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-02-22 18:58:00 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-02-22 18:58:00 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-02-22 18:58:00 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-02-22 18:58:00 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-22 18:58:00 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-02-22 18:58:00 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-02-22 18:58:00 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-02-22 18:58:00 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-02-22 18:58:00 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-02-22 18:57:59 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-02-22 18:57:59 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-02-22 18:57:59 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-02-22 18:57:59 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-02-22 18:57:59 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-02-22 18:57:59 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-02-22 18:57:59 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-02-22 18:57:59 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-02-22 18:57:59 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-02-22 18:57:59 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-02-22 18:57:59 50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-02-22 18:57:59 30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-02-22 18:57:59 20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-02-22 18:57:59 71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-02-22 18:57:59 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-22 18:57:59 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-22 18:57:59 14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-02-22 18:57:59 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-02-22 18:57:59 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-02-22 18:57:59 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-02-22 18:57:59 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-02-22 18:57:59 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-02-22 18:57:59 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-02-22 18:57:59 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-02-22 18:57:58 81920 -----n--- C:\WINDOWS\system32\ieencode.dll
2007-02-22 18:57:58 24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-02-22 18:57:58 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-02-22 18:57:58 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-02-22 18:57:58 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-02-22 18:57:58 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-02-22 18:57:58 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-02-22 18:57:58 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll
2007-02-22 18:57:58 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll
2007-02-22 18:57:57 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-02-22 18:57:57 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-02-22 18:57:56 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-02-22 18:57:56 27136 -----n--- C:\WINDOWS\system32\mspmsnsv.dll
2007-02-22 18:57:56 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP4SDMOD.dll
2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP43DMOD.dll
2007-02-22 18:57:55 49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-02-22 18:57:55 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll
2007-02-22 18:57:55 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll
2007-02-22 18:57:55 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll
2007-02-22 18:57:55 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll
2007-02-22 18:57:55 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll
2007-02-22 18:57:55 116224 -----n--- C:\WINDOWS\system32\p2p.dll
2007-02-22 18:57:55 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll
2007-02-22 18:57:54 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-02-22 18:57:54 44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-02-22 18:57:54 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-02-22 18:57:54 8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-02-22 18:57:54 73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-02-22 18:57:54 32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-02-22 18:57:54 188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-02-22 18:57:54 286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-02-22 18:57:54 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-02-22 18:57:54 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-02-22 18:57:54 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-02-22 18:57:53 603648 -----n--- C:\WINDOWS\system32\WMSPDMOD.dll
2007-02-22 18:57:53 4096 -----n--- C:\WINDOWS\system32\wmsdmoe2.dll
2007-02-22 18:57:53 314880 -----n--- C:\WINDOWS\system32\wmpdxm.dll
2007-02-22 18:57:53 242688 -----n--- C:\WINDOWS\system32\wmpasf.dll
2007-02-22 18:57:53 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-02-22 18:57:53 227328 -----n--- C:\WINDOWS\system32\wmerror.dll
2007-02-22 18:57:53 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-02-22 18:57:52 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-22 18:57:52 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-22 18:57:52 108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-02-22 18:57:52 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-02-22 18:57:52 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-02-22 18:57:52 4096 -----n--- C:\WINDOWS\system32\wmvdmoe2.dll
2007-02-22 18:57:52 1329152 -----n--- C:\WINDOWS\system32\WMSPDMOE.dll
2007-02-22 18:57:51 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-02-22 18:57:51 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-02-22 18:57:51 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-02-22 18:57:51 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-02-22 18:57:51 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-22 18:57:51 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-22 18:57:51 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-22 18:57:51 32866 -----n--- C:\WINDOWS\slrundll.exe
2007-02-22 18:50:55 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-22 18:40:08 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-02-22 18:40:07 374752 --a------ C:\WINDOWS\system32\WUSBGXP.sys
2007-02-22 18:40:07 339488 --a------ C:\WINDOWS\system32\WUSB20XP.sys
2007-02-22 18:40:07 245376 --a------ C:\WINDOWS\system32\rt2500usb.sys<RT2500~1.SYS>
2007-02-22 18:40:07 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-02-22 18:40:07 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-02-22 18:31:11 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-02-22 18:31:10 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-02-22 18:31:08 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-02-22 18:31:07 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-02-22 18:31:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-02-22 18:31:04 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-02-22 18:31:03 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-02-22 18:31:02 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-02-22 18:30:50 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-02-22 18:30:48 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-02-22 18:30:47 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-02-22 18:30:44 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-02-22 18:30:43 59264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys
2007-02-22 18:30:42 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-22 18:30:42 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-22 18:24:10 1572864 --ah----- C:\Documents and Settings\ourroom\NTUSER.DAT
2007-02-22 18:22:27 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:22:26 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-02-22 18:16:58 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
2007-02-22 18:13:49 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-02-22 18:12:06 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-02-22 18:11:10 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-02-22 18:09:51 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-02-22 18:09:51 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-02-22 18:09:51 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-02-22 18:09:43 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-02-22 18:09:43 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-02-22 18:09:42 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-02-22 18:09:41 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-02-22 18:09:41 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-02-22 18:09:41 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-02-22 18:09:41 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-02-22 18:09:41 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-02-22 18:09:38 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-22 18:09:38 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-02-22 18:09:34 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-02-22 18:09:33 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-02-22 18:09:33 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-02-22 18:09:33 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-02-22 18:09:33 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-02-22 18:09:33 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-02-22 18:09:33 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-02-22 18:09:33 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-02-22 18:09:33 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-02-22 18:09:33 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-02-22 18:09:32 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-02-22 18:09:32 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-02-22 18:09:32 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-02-22 18:09:32 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-02-22 18:09:20 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-22 18:08:12 5632 --a------ C:\WINDOWS\system32\write.exe
2007-02-22 18:08:06 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-02-22 18:08:06 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-02-22 18:08:06 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-02-22 18:08:06 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-02-22 18:08:05 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-02-22 18:08:05 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-02-22 18:08:05 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-02-22 18:08:05 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-02-22 18:08:05 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-02-22 18:07:59 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-02-22 18:07:59 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-02-22 18:07:59 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-02-22 18:07:58 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-02-22 18:07:58 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-02-22 18:07:58 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-02-22 18:07:58 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-02-22 18:07:58 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-02-22 18:07:58 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-02-22 18:07:57 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-02-22 18:07:57 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-02-22 18:07:57 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-02-22 18:07:57 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-02-22 18:07:57 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-02-22 18:07:57 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-02-22 18:07:57 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-02-22 18:07:57 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-02-22 18:07:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-02-22 18:07:57 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-02-22 18:07:57 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-02-22 18:07:56 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-02-22 18:07:56 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-02-22 18:07:56 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-02-22 18:07:56 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-02-22 18:07:56 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-02-22 18:07:56 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-02-22 18:07:56 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-02-22 18:07:55 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-02-22 18:07:55 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-02-22 18:07:54 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-02-22 18:07:54 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-02-22 18:07:54 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-02-22 18:07:54 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-02-22 18:07:54 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-02-22 18:07:54 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-02-22 18:07:54 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-02-22 18:07:54 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-02-22 18:07:54 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-02-22 18:07:54 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-02-22 18:07:53 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-02-22 18:07:53 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-02-22 18:07:47 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-02-22 18:07:47 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-02-22 18:07:47 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-02-22 18:07:47 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-02-22 18:07:47 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-02-22 18:07:46 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-02-22 18:07:46 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-02-22 18:07:46 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-02-22 18:07:46 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-02-22 18:07:46 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-02-22 18:07:46 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-02-22 18:07:45 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-02-22 18:07:45 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-02-22 18:07:45 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-02-22 18:07:45 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-02-22 18:07:45 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-02-22 18:07:45 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-02-22 18:07:45 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-02-22 18:07:45 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-02-22 18:07:45 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-02-22 18:07:45 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-02-22 18:07:45 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-02-22 18:07:44 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-02-22 18:07:44 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-02-22 18:07:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-02-22 18:07:44 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-02-22 18:07:44 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-02-22 18:07:43 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-02-22 18:07:41 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-02-22 18:07:36 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-02-22 18:07:36 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-02-22 13:37:34 0 d-------- C:\068f143c3f22844b0d1240e523037b<068F14~1>
2007-02-22 11:53:45 0 d-------- C:\Program Files\s?stem
2007-02-22 11:52:16 0 d-------- C:\ffd38e13e662ce6d2c83768d99e805fd<FFD38E~1>
2007-02-22 11:34:49 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-22 11:26:13 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-22 11:25:56 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-02-22 11:25:22 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-02-22 11:25:04 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-22 11:24:52 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-02-22 11:24:36 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-02-22 11:22:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2007-02-22 11:22:45 0 d--hs---- C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU<RGVUBM~1>
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-02-22 11:19:51 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-02-22 11:19:50 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-02-22 11:19:49 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-02-22 11:19:48 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-02-22 11:19:48 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-02-22 11:19:45 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-02-22 11:19:42 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-02-22 11:19:42 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-02-22 11:19:42 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-02-22 11:19:42 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-02-22 11:19:41 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-02-22 11:19:41 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-02-22 11:19:41 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-02-22 11:19:41 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-02-22 11:19:41 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-02-22 11:19:41 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-02-22 11:19:41 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-02-22 11:19:40 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-02-22 11:19:40 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-02-22 11:19:40 68768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-02-22 11:19:40 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-02-22 11:19:40 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-02-22 11:19:40 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-02-22 11:19:40 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-02-22 11:19:39 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-02-22 11:19:39 69120 --a------ C:\WINDOWS\notepad.exe
2007-02-22 11:19:38 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-02-22 11:19:27 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents<DOCUME~1>
2007-02-22 11:18:19 0 d-------- C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}<{4CFAA~1>
2007-02-22 11:14:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak
2007-02-21 21:24:14 0 d-------- C:\8f2399186ff3a900dfb1da8dc820210d<8F2399~1>
2007-02-21 19:10:22 0 d-------- C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001}<{3CFAA~1>
2007-02-21 16:33:27 0 d-------- C:\7df1ac5d04c72c2a7d4291a91491<7DF1AC~1>
2007-02-21 12:48:00 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-02-21 08:18:39 0 d-------- C:\WINDOWS\Sytem32
2007-02-20 19:21:36 0 d-------- C:\Program Files\Lavasoft
2007-02-20 18:12:09 0 d-------- C:\Program Files\DiskTrix
2007-02-20 10:32:55 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1>
2007-02-20 10:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1>
2007-02-20 10:30:35 0 d-------- C:\KAV
2007-02-19 21:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-02-19 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-02-19 17:14:57 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue
2007-02-19 13:38:51 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2007-02-19 13:37:51 0 d-------- C:\Program Files\F-Secure
2007-02-19 13:09:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\GlarySoft<GLARYS~1>
2007-02-19 13:05:13 0 d-------- C:\Program Files\Glary Utilities<GLARYU~1>
2007-02-19 12:26:19 670 --a------ C:\ICSdata.dat
2007-02-19 12:26:03 0 d-------- C:\Program Files\InfoClock Screensaver<INFOCL~1>
2007-02-19 12:26:03 0 d-------- C:\DESfiles
2007-02-17 16:47:55 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-17 10:14:09 0 d-------- C:\Program Files\Torrent101<TORREN~1>
2007-02-12 11:36:25 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus
2007-02-12 10:24:07 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1>
2007-02-12 09:34:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\uTorrent
2007-02-12 09:34:49 0 d-------- C:\Program Files\uTorrent
2007-02-06 12:57:56 0 d-------- C:\Program Files\iPod
2007-02-06 12:57:44 0 d-------- C:\Program Files\iTunes
2007-02-03 11:44:48 0 d-------- C:\Program Files\Reallusion<REALLU~1>
2007-02-02 22:49:44 5767168 --a------ C:\Documents and Settings\Dennetts Hardware\ntuser.dat
2007-02-01 18:57:50 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files<SMARTF~1.0SE>
2007-02-01 16:51:09 0 d-------- C:\Program Files\SuperCleaner<SUPERC~1>
2007-01-31 22:05:08 47360 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\pcouffin.sys
2007-01-31 22:05:08 87608 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\ezpinst.exe
2007-01-31 22:05:07 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Vso
2007-01-31 22:05:04 0 d-------- C:\Program Files\DVDFab Platinum 3<DVDFAB~1>
2007-01-31 21:34:48 0 d-------- C:\WINDOWS\WBEM
2007-01-31 21:34:46 0 d-------- C:\WINDOWS\system32\en-US
2007-01-31 21:33:08 0 d--h---c- C:\WINDOWS\ie7
2007-01-31 21:30:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-01-31 20:19:14 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1>
2007-01-31 17:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-01-31 16:11:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\BitTorrent<BITTOR~1>
2007-01-31 15:27:31 0 d-------- C:\Program Files\Common Files\Creative
2007-01-31 15:20:03 0 d-------- C:\WINDOWS\system32\Data
2007-01-31 14:56:00 0 d-------- C:\Program Files\Dell Computer<DELLCO~1>
2007-01-31 14:55:42 0 d-------- C:\Program Files\PianoFX
2007-01-31 14:55:06 0 d-------- C:\Program Files\Common Files\Sonic
2007-01-31 14:54:48 0 d-------- C:\WINDOWS\system32\dla
2007-01-31 14:52:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1>
2007-01-31 14:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-01-31 14:51:52 0 d-------- C:\Program Files\Microsoft Money<MICROS~3>
2007-01-31 13

05 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0>
2007-01-31 11:59:16 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead
2007-01-31 11:57:04 0 d-------- C:\Program Files\Nero
2007-01-31 11:57:03 0 d-------- C:\Program Files\Common Files\Ahead
2007-01-31 09:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1>
2007-01-31 09:32:27 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder<SMARTR~1>
2007-01-30 20:15:24 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1>
2007-01-30 20:11:43 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Creative
2007-01-30 19:54:52 0 d-------- C:\Program Files\Creative
2007-01-29 23:09:14 23196 --a------ C:\WINDOWS\system32\drivers\klop.dat
2007-01-29 23:04:00 200768 --a------ C:\WINDOWS\system32\klogon.dll
2007-01-29 20:05:25 0 d-------- C:\WINDOWS\system32\NtmsData
2007-01-29 17:35:33 0 d-------- C:\WINDOWS\Profiles
2007-01-29 17:35:31 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\InterTrust<INTERT~1>
2007-01-29 17:33:51 0 d-------- C:\WINDOWS\system32\hauppauge<HAUPPA~1>
2007-01-29 17:33:38 0 d-------- C:\MyVideos
2007-01-29 17:33:25 0 d-------- C:\Program Files\WinTV
2007-01-29 17:15:27 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1>
2007-01-29 17:09:01 0 d-------- C:\WINDOWS\nview
2007-01-29 13:19:54 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1>
2007-01-29 13:18:05 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1>
2007-01-29 12:38:41 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\WinRAR
2007-01-29 08:49:13 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys<RT2500~1.SYS>
2007-01-29 08:48:47 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1>
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-25 19:27:38 109848 --a------ C:\WINDOWS\system32\drivers\kl1.sys

-- Find3M Report ----------------------------------------------------------------

2007-02-24 11:34:38 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-02-24 10:21:10 0 d-------- C:\Program Files\Common Files\??stem
2007-02-24 06:21:40 0 d-------- C:\Program Files\Grisoft
2007-02-23 11:40:53 0 d---s---- C:\Documents and Settings\ourroom\Application Data\Microsoft<MICROS~1>
2007-02-23 05:37:26 0 d-------- C:\Program Files\Attitude POSitive<ATTITU~1>
2007-02-23 05:26:11 0 d-------- C:\Program Files\Java
2007-02-22 20:35:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-22 19:53:43 0 d-------- C:\Documents and Settings\ourroom\Application Data\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Macromedia<MACROM~1>
2007-02-22 19:50:46 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1>
2007-02-22 19:10:27 0 d-------- C:\Documents and Settings\ourroom\Application Data\Mozilla
2007-02-22 18:55:36 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-22 18:55:23 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-22 18:24:25 0 d-------- C:\Documents and Settings\ourroom\Application Data\Identities<IDENTI~1>
2007-02-22 11:19:27 62 --ahs---- C:\Documents and Settings\ourroom\Application Data\desktop.ini
2007-02-21 14:47:20 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-20 19:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-20 19:44:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 18:10:58 0 d-------- C:\Program Files\UI
2007-02-20 18:10:58 0 d-------- C:\Program Files\scripts
2007-02-20 18:10:58 0 d-------- C:\Program Files\plugins
2007-02-20 18:10:56 0 d-------- C:\Program Files\Replay7
2007-02-20 18:05:12 0 d-------- C:\Program Files\Data
2007-02-20 18:05:11 0 d-------- C:\Program Files\MainRetail3<MAINRE~1>
2007-02-16 06:46:51 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-16 06:46:13 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-02-01 16:11:38 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1>
2007-02-01 12:14:31 0 d-------- C:\Program Files\LimeWire
2007-01-31 14:03:34 0 d-------- C:\Program Files\Yahoo!
2007-01-30 11:51:16 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1>
2007-01-30 11:48:25 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1>
2007-01-30 11:45:48 0 d-------- C:\Program Files\Amor SWF to Video Converter<AMORSW~1>
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\?dobe
2007-01-29 13:18:20 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1>
2007-01-17 11:02:19 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-12 10:44:01 0 d-------- C:\Program Files\Luxor Mahjong<LUXORM~1>
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-27 08:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 08:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll
2006-11-25 13:54:02 449024 --a------ C:\WINDOWS\system32\InfoClock Screensaver.scr<INFOCL~1.SCR>

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NWEReboot"=""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5

-- End of ComboScan: finished at 2007-02-24 at 16

27 -------------------------

Seems I had a lot of stuff on there. I am learning a lot. Mostly learning to be more careful.

tetonbob · 02-25-2007, 09:42 AM

Good job!

Please look for and delete these folders:

C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}
C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001}

C:\Program Files\Common Files\?dobe <<<May appear as Adobe, created on 2007-01-29 17:35:31

This next folder appears to be empty, if it is, delete it, if it is not, let me know what's in it:

C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU

----------------------------------------

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Let me know if you have any trouble finding or deleting those folders, please.

Due to BitDefender finding other random bots, I'd like you to run this additional scanner (sorry, I know that with 2 drives it will take a long time, but there's been backdoors on this system, so we need to be thorough):

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

tetonbob · 02-25-2007, 09:45 AM

I see you're already here viewing, so rather than edit my post, I'll add this so you're sure to see it.

Please also delete this folder if it still exists:

C:\Program Files\Common Files\??stem <<<may appear as System, created on 2007-02-24 10:21:10

Again, check the properties and contents of this folder before deletion.

neonknightmare · 02-26-2007, 06:01 AM

OK, I didn't really have a chance to do this yesterday. I will today. I have deleted all of the files you mentioned except the Adobe file. I have several Adobe programs and there are what seem to be needed Adobe files in there, licences, plugins and other things.

If after reading this, you still think I should delete them I will.

I have run the quick scan and it found nothing in the memory processes.

Will start the quick scan here shortly, and get the results to you this evening.

Thanks again.

tetonbob · 02-26-2007, 09:12 AM

Right....there may be a legit Adobe folder there. Leave that, as you did. Mine has several folders within....Acrobat, Color, Help, TypeSpt and Updater 5, yours may be different, but a malware folder would not contain such items. There might be an exe or dll file within a malware folder of this type.

Look at the end of the Program Files\Common Files folder, for another one which may appear as Adobe, and check it's properties for time/date of creation.

C:\Program Files\Common Files\?dobe <<<May appear as Adobe, created on 2007-01-29 17:35:31

If the legit Adobe folder is the only one in that location, then we'll consider it a glitch in reporting.

02-21-2007, 07:56 AM	#1 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	system32.exe, Grey Loud, and other problems First post. Thank you in advance. On system startup, I get a popup that says, "Windows cannot find 'System32.exe.' Make sure you typed the name correctly and then try again." I am running Kaspersky anti viral software and it finds other things that are trying to run other programs. They usually won't terminate and I roll them back(whatever that means.) I am using Firefox, but get IE popups. I have also ran ad aware, and avg anti spyware. When I look in C\windows\system32 I see nothing, even though I have checked the view hidden files box. I have also unchecked the hide protected operating system files. There is nothing there. My 3 primary concerns are the extremely slow startup, the Sysem32.exe issue, and the popups. I turned off Kapersky before running the Hijakthis log. Please advise, and thank you again. Logfile of HijackThis v1.99.1 Scan saved at 8:44:26 AM, on 2/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\lsass.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Creative\SBLive 24-Bit External\Entertainment Center\EAXLoadr.exe C:\WINDOWS\system32\nbdos.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Dennetts Hardware\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {7F29B218-2BFF-0327-F49B-04D5FF22B2C8} - blank (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nmfmsvpe.dll",setvm O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe O4 - HKCU\..\Run: [bind first] C:\DOCUME~1\DENNET~1\APPLIC~1\FUNKFA~1\Each Wma.exe O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll O18 - Filter: text/html - {7147713B-F7B8-421E-9435-E9380ED7A49E} - C:\WINDOWS\system32\deihz.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Registry Service - Unknown owner - C:\WINDOWS\lsass.exe O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing)

02-21-2007, 10:51 AM	#2 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	Update Found System32 file contents. There were 2 system 32 folders.

02-22-2007, 08:52 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. This is a mess, and will take several posts to clear up. You have a variant of the SDbot virus showing in your log (among other things). Even though the Virus has been identified and can be killed, because of it's backdoor functionality, there is no way to be sure what information has been stolen from your system. If you do any banking or have recently paid for goods or services online you will need to change all passwords where applicable and it would be wise to contact your bank or credit card company to inform them of your situation. This also applies to passwords for any confidential sites you use such as Paypal, Ebay, Email etc... The infection you have has the ability to download and execute files, log keystrokes, Redirect connections, Sniff sent packets for information & Steal personal information so it is a very serious threat. Should you have any questions, please feel free to ask. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please go to: VirusTotal At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD: nbdos.exe (you'll have to find the exact location of this file...it is likely in System32. If you cannot find it there, run a search for it using Windows Search function Start>Search>All files and Folders Click "Open". Then click the "Send" button at the top of the VirusTotal page. This will scan the file. Please be patient. Once scanned, copy and paste the results in your next reply. --------------------------------------------------------------------------------------------- Please download Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU). We'll use this later. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) We'll use this later. --------------------------------------------------------------------------------------------- Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt in your next reply Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. --------------------------------------------------------------------------------------------- Please Download NoLop to your desktop from one of the links below... Link 1 Link 2 Link 3 First close any other programs you have running as this will require a reboot Double click NoLop.exe to run it. Now click the button labelled "Search and Destroy" <<your computer will now be scanned for infected files>> When scanning is finished you will be prompted to reboot only if infected, Click OK Now click the "REBOOT" Button. A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply. --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. -- --------------------------------------------------------------------------------------------- Go to Start>Run and copy/paste the following: sc delete Windows Registry Service Then Press Enter. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\nmfmsvpe.dll",setvm O4 - HKCU\..\Run: [bind first] C:\DOCUME~1\DENNET~1\APPLIC~1\FUNKFA~1\Each Wma.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - blank (file missing) O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123 O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/061...ie06101001.cab O18 - Filter: text/html - {7147713B-F7B8-421E-9435-E9380ED7A49E} - C:\WINDOWS\system32\deihz.dll Close HijackThis now. --------------------------------------------------------------------------------------------- Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. --------------------------------------------------------------------------------------------- Then, please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Beside the scriptline to execute field click the folder icon and select alcanshorty.bfu by double clicking on it. Press Execute and let it do it’s job. (You ought to see a blue progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. Press exit to terminate the BFU program. --------------------------------------------------------------------------------------------- Delete the following files/folders: C:\WINDOWS\system32\nmfmsvpe.dll C:\Documents and Settings\DENNET~1 (your user name)\Application Data\FUNKFA~1 <<<this will be a folder which begins with Funk Fa C:\WINDOWS\system32\deihz.dll --------------------------------------------------------------------------------------------- Open the extracted SDFix folder and double click RunThis.bat to start the script. (Use Task Manager to navigate to it if you need to) Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum in your next reply. --------------------------------------------------------------------------------------------- Next, please do this: Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on comboscan.exe to run it, and follow the prompts. When the scan is complete, a text file will open - ComboScan.txt Copy and paste the contents of ComboScan.txthere. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt Please Attach Supplementary.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\ComboScan\Supplementary.txt Click Upload. --------------------------------------------------------------------------------------------- So, that was a lot of work, and we're just beginning. Please return with results from: VundoFix (C:\vundofix.txt) NoLOP (C:\NoLOP.log) SDFix (C:\SDFix\report.txt) ComboScan.txt Supplementary.txt __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-23-2007, 06:20 AM	#6 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	OK, here is the results of the scans. As you might imagine, many things were not there after reinstalling Windows. Question: Is nbdos.exe the nasty virus I must watch out for in the future? virus total scan: AntiVir 7.3.1.38 02.23.2007 TR/Agent.1332736 Authentium 4.93.8 02.23.2007 no virus found Avast 4.7.936.0 02.23.2007 no virus found AVG 386 02.23.2007 no virus found BitDefender 7.2 02.23.2007 DeepScan:Generic.Malware.G!SKI!!FLMWX!Bprng.76C44EDE CAT-QuickHeal 9.00 02.22.2007 no virus found ClamAV devel-20060426 02.22.2007 no virus found DrWeb 4.33 02.23.2007 no virus found eSafe 7.0.14.0 02.23.2007 no virus found eTrust-Vet 30.4.3424 02.23.2007 no virus found Ewido 4.0 02.22.2007 no virus found FileAdvisor 1 02.23.2007 no virus found Fortinet 2.85.0.0 02.23.2007 suspicious F-Prot 4.3.1.45 02.22.2007 no virus found F-Secure 6.70.13030.0 02.23.2007 no virus found Ikarus T3.1.0.31 02.23.2007 Backdoor.VB.EV Kaspersky 4.0.2.24 02.23.2007 no virus found McAfee 4969 02.22.2007 no virus found Microsoft 1.2204 02.23.2007 no virus found NOD32v2 2076 02.22.2007 no virus found Norman 5.80.02 02.23.2007 no virus found Panda 9.0.0.4 02.23.2007 no virus found Prevx1 V2 02.23.2007 no virus found Sophos 4.14.0 02.21.2007 no virus found Sunbelt 2.2.907.0 02.22.2007 VIPRE.Suspicious Symantec 10 02.23.2007 no virus found TheHacker 6.1.6.063 02.23.2007 no virus found UNA 1.83 02.22.2007 no virus found VBA32 3.11.2 02.22.2007 no virus found VirusBuster 4.3.19:9 02.22.2007 no virus found -------------------------------------------------------------------- VundoFix V6.3.9 Checking Java version... Java version is 1.5.0.3 Java version is 1.5.0.9 Scan started at 6:16:31 AM 2/23/2007 Listing files found while scanning.... No infected files were found. Beginning removal... -------------------------------------------------------------------- NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\ourroom\Desktop [2/23/2007] [6:28:49 AM] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Adobe Systems C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Autodesk C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Fssg C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Intuit C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol C:\Documents and Settings\All Users\Application Data\Kaspersky Lab C:\Documents and Settings\All Users\Application Data\Kodak C:\Documents and Settings\All Users\Application Data\Macromedia C:\Documents and Settings\All Users\Application Data\Macrovision C:\Documents and Settings\All Users\Application Data\Mcafee C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Move Networks C:\Documents and Settings\All Users\Application Data\Nero C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Pinnacle C:\Documents and Settings\All Users\Application Data\Pinnacle Studio C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Trymedia C:\Documents and Settings\All Users\Application Data\Ulead Systems C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\All Users\Application Data\Yahoo! Companion C:\Documents and Settings\All Users.windows\Application Data\Adobe C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems C:\Documents and Settings\All Users.windows\Application Data\Macromedia C:\Documents and Settings\All Users.windows\Application Data\Microsoft C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage C:\Documents and Settings\Default User\Application Data\Adobe C:\Documents and Settings\Default User\Application Data\Corel C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Jasc Software Inc C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Real C:\Documents and Settings\Default User\Application Data\Sonic C:\Documents and Settings\Default User.windows\Application Data\Microsoft C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent C:\Documents and Settings\Dennetts Hardware\Application Data\Corel C:\Documents and Settings\Dennetts Hardware\Application Data\Creative C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft C:\Documents and Settings\Dennetts Hardware\Application Data\Google C:\Documents and Settings\Dennetts Hardware\Application Data\Help C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard C:\Documents and Settings\Dennetts Hardware\Application Data\Identities C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Real C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic C:\Documents and Settings\Dennetts Hardware\Application Data\Sun C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft C:\Documents and Settings\Dennetts Hardware\Application Data\??sks C:\Documents and Settings\Dennetts Hardware\Application Data\??stem C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32 C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft C:\Documents and Settings\Dennetts Hardware\Application Data\?asks C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Mozilla C:\Documents and Settings\Localservice\Application Data\Netmon C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft C:\Documents and Settings\Ourroom\Application Data\Adobe C:\Documents and Settings\Ourroom\Application Data\Identities C:\Documents and Settings\Ourroom\Application Data\Limewire C:\Documents and Settings\Ourroom\Application Data\Macromedia C:\Documents and Settings\Ourroom\Application Data\Microsoft C:\Documents and Settings\Ourroom\Application Data\Mozilla C:\Documents and Settings\Ourroom\Application Data\Smartftp C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory NoLop! Log by Skate_Punk_21 Fix running from: C:\Documents and Settings\ourroom\Desktop [2/23/2007] [6:28:49 AM] ---Infection Files Found/Removed--- NO INFECTION FILES FOUND - Cleaning Aborted. ---Listing AppData sub directories--- C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\Adobe Systems C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Autodesk C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Fssg C:\Documents and Settings\All Users\Application Data\Installshield C:\Documents and Settings\All Users\Application Data\Intuit C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol C:\Documents and Settings\All Users\Application Data\Kaspersky Lab C:\Documents and Settings\All Users\Application Data\Kodak C:\Documents and Settings\All Users\Application Data\Macromedia C:\Documents and Settings\All Users\Application Data\Macrovision C:\Documents and Settings\All Users\Application Data\Mcafee C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Move Networks C:\Documents and Settings\All Users\Application Data\Nero C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory C:\Documents and Settings\All Users\Application Data\Pinnacle C:\Documents and Settings\All Users\Application Data\Pinnacle Studio C:\Documents and Settings\All Users\Application Data\Quicktime C:\Documents and Settings\All Users\Application Data\Trymedia C:\Documents and Settings\All Users\Application Data\Ulead Systems C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\Yahoo! C:\Documents and Settings\All Users\Application Data\Yahoo! Companion C:\Documents and Settings\All Users.windows\Application Data\Adobe C:\Documents and Settings\All Users.windows\Application Data\Adobe Systems C:\Documents and Settings\All Users.windows\Application Data\Macromedia C:\Documents and Settings\All Users.windows\Application Data\Microsoft C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage C:\Documents and Settings\Default User\Application Data\Adobe C:\Documents and Settings\Default User\Application Data\Corel C:\Documents and Settings\Default User\Application Data\Identities C:\Documents and Settings\Default User\Application Data\Jasc Software Inc C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Default User\Application Data\Real C:\Documents and Settings\Default User\Application Data\Sonic C:\Documents and Settings\Default User.windows\Application Data\Microsoft C:\Documents and Settings\Dennetts Hardware\Application Data\Adobe C:\Documents and Settings\Dennetts Hardware\Application Data\Adobeum -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead C:\Documents and Settings\Dennetts Hardware\Application Data\Apple Computer C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus C:\Documents and Settings\Dennetts Hardware\Application Data\Bittorrent C:\Documents and Settings\Dennetts Hardware\Application Data\Corel C:\Documents and Settings\Dennetts Hardware\Application Data\Creative C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts C:\Documents and Settings\Dennetts Hardware\Application Data\Glarysoft C:\Documents and Settings\Dennetts Hardware\Application Data\Google C:\Documents and Settings\Dennetts Hardware\Application Data\Help C:\Documents and Settings\Dennetts Hardware\Application Data\Hewlett-packard C:\Documents and Settings\Dennetts Hardware\Application Data\Identities C:\Documents and Settings\Dennetts Hardware\Application Data\Intertrust C:\Documents and Settings\Dennetts Hardware\Application Data\Jasc Software Inc C:\Documents and Settings\Dennetts Hardware\Application Data\Lavasoft C:\Documents and Settings\Dennetts Hardware\Application Data\Macromedia C:\Documents and Settings\Dennetts Hardware\Application Data\Microsoft C:\Documents and Settings\Dennetts Hardware\Application Data\Mozilla C:\Documents and Settings\Dennetts Hardware\Application Data\Opera -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Real C:\Documents and Settings\Dennetts Hardware\Application Data\Reallusion C:\Documents and Settings\Dennetts Hardware\Application Data\Seven Zip C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder C:\Documents and Settings\Dennetts Hardware\Application Data\Smartftp C:\Documents and Settings\Dennetts Hardware\Application Data\Sonic C:\Documents and Settings\Dennetts Hardware\Application Data\Sun C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols C:\Documents and Settings\Dennetts Hardware\Application Data\Ulead Systems C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue C:\Documents and Settings\Dennetts Hardware\Application Data\Utorrent C:\Documents and Settings\Dennetts Hardware\Application Data\Vso -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\Winrar -- EMPTY Directory C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft C:\Documents and Settings\Dennetts Hardware\Application Data\??sks C:\Documents and Settings\Dennetts Hardware\Application Data\??stem C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32 C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft C:\Documents and Settings\Dennetts Hardware\Application Data\?asks C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory C:\Documents and Settings\Localservice\Application Data\Microsoft C:\Documents and Settings\Localservice\Application Data\Mozilla C:\Documents and Settings\Localservice\Application Data\Netmon C:\Documents and Settings\Localservice.nt Authority\Application Data\Microsoft C:\Documents and Settings\Networkservice\Application Data\Microsoft C:\Documents and Settings\Networkservice.nt Authority\Application Data\Microsoft C:\Documents and Settings\Ourroom\Application Data\Adobe C:\Documents and Settings\Ourroom\Application Data\Identities C:\Documents and Settings\Ourroom\Application Data\Limewire C:\Documents and Settings\Ourroom\Application Data\Macromedia C:\Documents and Settings\Ourroom\Application Data\Microsoft C:\Documents and Settings\Ourroom\Application Data\Mozilla C:\Documents and Settings\Ourroom\Application Data\Smartftp C:\Documents and Settings\Ourroom\Application Data\Winrar -- EMPTY Directory ------------------------------------------------------------------------- ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- Successfully created restore point. Performed disk cleanup. -- HijackThis (run as ourroom.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:04:12 AM, on 2/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\ourroom\Desktop\comboscan.exe C:\Documents and Settings\ourroom\Desktop\hijackthis\ourroom.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing) -- File Associations ------------------------------------------------------------ .bat - batfile - "%1" %* .chm - chm.file - "C:\WINDOWS\hh.exe" %1 .cmd - cmdfile - "%1" %* .com - comfile - "%1" %* .exe - exefile - "%1" %* .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1 .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1 .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1 .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %* .lnk - lnkfile - {00021401-0000-0000-C000-000000000046} .pif - piffile - "%1" %* .reg - regfile - regedit.exe "%1" .scr - scrfile - "%1" /S .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1 .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------- 2R AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.3.0) - C:\WINDOWS\system32\drivers\AegisP.sys 3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys 3R hidusb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys 1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys 1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys 3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys 3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys 3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys 0R ohci1394 (OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys 3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\usbaudio.sys 3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys 3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys 3R usbstor (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys 3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys 3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys 3R WUSB54GPV4SRV (Linksys Home Wireless-G USB Adaptor Driver) - C:\WINDOWS\system32\drivers\rt2500usb.sys 3R GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - C:\WINDOWS\system32\GTNDIS5.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- 3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" 4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService 3R ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe 4S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe 4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe 3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch 2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com 3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService 2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe 3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter 3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe 2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService 4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe 3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe 3S MSIServer (Windows Installer) - C:\WINDOWS\system32\msiexec.exe /V 4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe 4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe 3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe 3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe 3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe 2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe 2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe 3S RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe 4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe 2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss 3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe 2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe 3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe 2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs 2R SharedAccess (Windows Firewall/Internet Connection Sharing (ICS)) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe 2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService 3S stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc 3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{076B68ED-8FBA-44CF-A42D-89CE76D0729A} 3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe 3S TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3R TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch 2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService 3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe 3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe 2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService 2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs 3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe 3S WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe" 2R wscsvc (Security Center) - C:\WINDOWS\System32\svchost.exe -k netsvcs 2R wuauserv (Automatic Updates) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup 2R WUSB54Gv42SVC - "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe" 2S WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs 3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs -- Files created between 2007-01-23 and 2007-02-23 ------------------------------ 2007-02-23 06:45:22 0 d-------- C:\bintheredunthat<BINTHE~1> 2007-02-23 06:39:34 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-02-23 06:28:49 106 --a------ C:\delete.bat 2007-02-23 06:16:31 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-02-23 06:14:52 0 d-------- C:\SDFix 2007-02-23 06:10:05 0 d-------- C:\bfu 2007-02-22 21:13:53 0 d-------- C:\Documents and Settings\ourroom\Shared 2007-02-22 21:13:51 0 d-------- C:\Documents and Settings\ourroom\Incomplete<INCOMP~1> 2007-02-22 21:13:35 0 d-------- C:\Documents and Settings\ourroom\Application Data\LimeWire 2007-02-22 20:49:11 0 d-------- C:\Documents and Settings\ourroom\Application Data\SmartFTP 2007-02-22 20:10:58 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems<ADOBES~1> 2007-02-22 20:09:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2007-02-22 20:04:41 0 d-------- C:\Documents and Settings\ourroom\Application Data\Adobe 2007-02-22 19:45:11 0 d-------- C:\WINDOWS\system32\QuickTime<QUICKT~1> 2007-02-22 19:25:55 0 d-------- C:\Documents and Settings\ourroom\Application Data\WinRAR 2007-02-22 19:23:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage<WINDOW~1> 2007-02-22 19:10:31 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-22 19:04:04 0 d-------- C:\WINDOWS\Prefetch 2007-02-22 18:58:07 9216 -----n--- C:\WINDOWS\system32\proxycfg.exe 2007-02-22 18:58:07 59392 -----n--- C:\WINDOWS\system32\logman.exe 2007-02-22 18:58:02 63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys 2007-02-22 18:58:02 31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys 2007-02-22 18:58:02 73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys 2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys 2007-02-22 18:58:02 28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys 2007-02-22 18:58:02 104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys 2007-02-22 18:58:02 52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys 2007-02-22 18:58:02 14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys 2007-02-22 18:58:02 13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys 2007-02-22 18:58:02 57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys 2007-02-22 18:58:02 701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-02-22 18:58:02 327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys 2007-02-22 18:58:02 34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys 2007-02-22 18:58:02 29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys 2007-02-22 18:58:02 36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys 2007-02-22 18:58:02 21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys 2007-02-22 18:58:02 26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys 2007-02-22 18:58:02 63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys 2007-02-22 18:58:02 30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys 2007-02-22 18:58:02 12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys 2007-02-22 18:58:02 11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys 2007-02-22 18:58:02 56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys 2007-02-22 18:58:02 43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys 2007-02-22 18:58:02 42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys 2007-02-22 18:58:02 44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys 2007-02-22 18:58:02 42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys 2007-02-22 18:58:02 3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll 2007-02-22 18:58:02 3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll 2007-02-22 18:58:02 3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll 2007-02-22 18:58:02 3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll 2007-02-22 18:58:02 3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll 2007-02-22 18:58:02 3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll 2007-02-22 18:58:02 4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll 2007-02-22 18:58:01 1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys 2007-02-22 18:58:01 126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys 2007-02-22 18:58:01 15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys 2007-02-22 18:58:01 11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys 2007-02-22 18:58:01 29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys 2007-02-22 18:58:01 36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys 2007-02-22 18:58:01 263040 -----n--- C:\WINDOWS\system32\drivers\http.sys 2007-02-22 18:58:01 1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys 2007-02-22 18:58:01 685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys 2007-02-22 18:58:01 220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys 2007-02-22 18:58:01 15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys 2007-02-22 18:58:01 25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys 2007-02-22 18:58:01 46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys 2007-02-22 18:58:01 124800 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys 2007-02-22 18:58:01 15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll 2007-02-22 18:58:01 18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys 2007-02-22 18:58:01 35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys 2007-02-22 18:58:01 274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys 2007-02-22 18:58:01 100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys 2007-02-22 18:58:01 38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys 2007-02-22 18:58:01 17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys 2007-02-22 18:58:01 17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll 2007-02-22 18:58:01 14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll 2007-02-22 18:58:01 25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll 2007-02-22 18:58:01 11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll 2007-02-22 18:58:01 21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll 2007-02-22 18:58:00 78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys 2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-02-22 18:58:00 44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys 2007-02-22 18:58:00 6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys 2007-02-22 18:58:00 13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys 2007-02-22 18:58:00 95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys 2007-02-22 18:58:00 404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys 2007-02-22 18:58:00 129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys 2007-02-22 18:58:00 41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys 2007-02-22 18:58:00 3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll 2007-02-22 18:58:00 10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys 2007-02-22 18:58:00 11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys 2007-02-22 18:58:00 67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys 2007-02-22 18:58:00 166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys 2007-02-22 18:58:00 30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-02-22 18:58:00 59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys 2007-02-22 18:58:00 13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys 2007-02-22 18:58:00 1897408 -----n--- C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-02-22 18:58:00 180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys 2007-02-22 18:58:00 12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys 2007-02-22 18:58:00 452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys 2007-02-22 18:57:59 25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys 2007-02-22 18:57:59 22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys 2007-02-22 18:57:59 11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys 2007-02-22 18:57:59 11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys 2007-02-22 18:57:59 11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys 2007-02-22 18:57:59 11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys 2007-02-22 18:57:59 13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys 2007-02-22 18:57:59 42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys 2007-02-22 18:57:59 11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll 2007-02-22 18:57:59 13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll 2007-02-22 18:57:59 50688 -----n--- C:\WINDOWS\system32\btpanui.dll 2007-02-22 18:57:59 30208 -----n--- C:\WINDOWS\system32\bthserv.dll 2007-02-22 18:57:59 20992 -----n--- C:\WINDOWS\system32\bthci.dll 2007-02-22 18:57:59 71680 -----n--- C:\WINDOWS\system32\blastcln.exe 2007-02-22 18:57:59 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll 2007-02-22 18:57:59 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll 2007-02-22 18:57:59 14336 -----n--- C:\WINDOWS\system32\auditusr.exe 2007-02-22 18:57:59 516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll 2007-02-22 18:57:59 32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll 2007-02-22 18:57:59 1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll 2007-02-22 18:57:59 870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll 2007-02-22 18:57:59 201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll 2007-02-22 18:57:59 377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll 2007-02-22 18:57:59 229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll 2007-02-22 18:57:58 81920 -----n--- C:\WINDOWS\system32\ieencode.dll 2007-02-22 18:57:58 24576 -----n--- C:\WINDOWS\system32\httpapi.dll 2007-02-22 18:57:58 32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll 2007-02-22 18:57:58 60416 -----n--- C:\WINDOWS\system32\fwcfg.dll 2007-02-22 18:57:58 193024 -----n--- C:\WINDOWS\system32\fsquirt.exe 2007-02-22 18:57:58 22528 -----n--- C:\WINDOWS\system32\fltmc.exe 2007-02-22 18:57:58 16896 -----n--- C:\WINDOWS\system32\fltlib.dll 2007-02-22 18:57:58 2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll 2007-02-22 18:57:58 1689088 -----n--- C:\WINDOWS\system32\d3d9.dll 2007-02-22 18:57:57 86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll 2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdukx.dll 2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll 2007-02-22 18:57:57 7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll 2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdno1.dll 2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll 2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll 2007-02-22 18:57:57 5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll 2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll 2007-02-22 18:57:57 6656 -----n--- C:\WINDOWS\system32\kbdinben.dll 2007-02-22 18:57:57 6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll 2007-02-22 18:57:57 7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll 2007-02-22 18:57:56 1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll 2007-02-22 18:57:56 27136 -----n--- C:\WINDOWS\system32\mspmsnsv.dll 2007-02-22 18:57:56 118784 -----n--- C:\WINDOWS\system32\msdadiag.dll 2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP4SDMOD.dll 2007-02-22 18:57:56 4096 -----n--- C:\WINDOWS\system32\MP43DMOD.dll 2007-02-22 18:57:55 49152 -----n--- C:\WINDOWS\system32\powercfg.exe 2007-02-22 18:57:55 48640 -----n--- C:\WINDOWS\system32\pnrpnsp.dll 2007-02-22 18:57:55 526848 -----n--- C:\WINDOWS\system32\p2psvc.dll 2007-02-22 18:57:55 88064 -----n--- C:\WINDOWS\system32\p2pnetsh.dll 2007-02-22 18:57:55 312320 -----n--- C:\WINDOWS\system32\p2pgraph.dll 2007-02-22 18:57:55 86016 -----n--- C:\WINDOWS\system32\p2pgasvc.dll 2007-02-22 18:57:55 116224 -----n--- C:\WINDOWS\system32\p2p.dll 2007-02-22 18:57:55 4274816 -----n--- C:\WINDOWS\system32\nv4_disp.dll 2007-02-22 18:57:54 15872 -----n--- C:\WINDOWS\system32\w3ssl.dll 2007-02-22 18:57:54 44032 -----n--- C:\WINDOWS\system32\twext.dll 2007-02-22 18:57:54 75776 -----n--- C:\WINDOWS\system32\strmfilt.dll 2007-02-22 18:57:54 8192 -----n--- C:\WINDOWS\system32\smbinst.exe 2007-02-22 18:57:54 73796 -----n--- C:\WINDOWS\system32\slserv.exe 2007-02-22 18:57:54 32866 -----n--- C:\WINDOWS\system32\slrundll.exe 2007-02-22 18:57:54 188508 -----n--- C:\WINDOWS\system32\slgen.dll 2007-02-22 18:57:54 286792 -----n--- C:\WINDOWS\system32\slextspk.dll 2007-02-22 18:57:54 73832 -----n--- C:\WINDOWS\system32\slcoinst.dll 2007-02-22 18:57:54 29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll 2007-02-22 18:57:54 397056 -----n--- C:\WINDOWS\system32\s3gnb.dll 2007-02-22 18:57:53 603648 -----n--- C:\WINDOWS\system32\WMSPDMOD.dll 2007-02-22 18:57:53 4096 -----n--- C:\WINDOWS\system32\wmsdmoe2.dll 2007-02-22 18:57:53 314880 -----n--- C:\WINDOWS\system32\wmpdxm.dll 2007-02-22 18:57:53 242688 -----n--- C:\WINDOWS\system32\wmpasf.dll 2007-02-22 18:57:53 157184 --a------ C:\WINDOWS\system32\wmidx.dll 2007-02-22 18:57:53 227328 -----n--- C:\WINDOWS\system32\wmerror.dll 2007-02-22 18:57:53 17408 -----n--- C:\WINDOWS\system32\winshfhc.dll 2007-02-22 18:57:52 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-02-22 18:57:52 465176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-02-22 18:57:52 108032 -----n--- C:\WINDOWS\system32\wshbth.dll 2007-02-22 18:57:52 81408 -----n--- C:\WINDOWS\system32\wscsvc.dll 2007-02-22 18:57:52 13824 -----n--- C:\WINDOWS\system32\wscntfy.exe 2007-02-22 18:57:52 4096 -----n--- C:\WINDOWS\system32\wmvdmoe2.dll 2007-02-22 18:57:52 1329152 -----n--- C:\WINDOWS\system32\WMSPDMOE.dll 2007-02-22 18:57:51 438784 -----n--- C:\WINDOWS\system32\xpob2res.dll 2007-02-22 18:57:51 50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll 2007-02-22 18:57:51 129536 -----n--- C:\WINDOWS\system32\xmlprov.dll 2007-02-22 18:57:51 173536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-02-22 18:57:51 41240 --a------ C:\WINDOWS\system32\wups.dll 2007-02-22 18:57:51 127256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-02-22 18:57:51 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-02-22 18:57:51 32866 -----n--- C:\WINDOWS\slrundll.exe 2007-02-22 18:50:55 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-02-22 18:40:08 20747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-02-22 18:40:07 374752 --a------ C:\WINDOWS\system32\WUSBGXP.sys 2007-02-22 18:40:07 339488 --a------ C:\WINDOWS\system32\WUSB20XP.sys 2007-02-22 18:40:07 245376 --a------ C:\WINDOWS\system32\rt2500usb.sys<RT2500~1.SYS> 2007-02-22 18:40:07 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll 2007-02-22 18:40:07 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys 2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys 2007-02-22 18:40:04 17992 --a------ C:\WINDOWS\system32\bcm42rly.sys 2007-02-22 18:31:11 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-02-22 18:31:10 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-02-22 18:31:08 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-02-22 18:31:07 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-02-22 18:31:06 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-02-22 18:31:04 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-02-22 18:31:03 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-02-22 18:31:02 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-02-22 18:30:50 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-02-22 18:30:48 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-02-22 18:30:47 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-02-22 18:30:44 4096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-02-22 18:30:43 59264 --a------ C:\WINDOWS\system32\drivers\usbaudio.sys 2007-02-22 18:30:42 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-02-22 18:30:42 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-02-22 18:24:10 1048576 --ah----- C:\Documents and Settings\ourroom\NTUSER.DAT 2007-02-22 18:22:27 229376 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT 2007-02-22 18:22:26 229376 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT 2007-02-22 18:16:58 229376 ---h----- C:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT 2007-02-22 18:13:49 24576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-02-22 18:12:06 112128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-02-22 18:11:10 0 d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM 2007-02-22 18:09:51 45568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-02-22 18:09:51 29696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-02-22 18:09:51 43520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-02-22 18:09:51 11264 --a------ C:\WINDOWS\system32\atrace.dll 2007-02-22 18:09:43 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-02-22 18:09:43 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-02-22 18:09:43 64512 --a------ C:\WINDOWS\system32\acctres.dll 2007-02-22 18:09:42 48128 --a------ C:\WINDOWS\system32\inetres.dll 2007-02-22 18:09:41 81920 --a------ C:\WINDOWS\system32\isign32.dll 2007-02-22 18:09:41 274432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-02-22 18:09:41 65536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-02-22 18:09:41 73728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-02-22 18:09:41 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-02-22 18:09:38 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-02-22 18:09:38 382464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-02-22 18:09:34 239104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-02-22 18:09:33 170496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-02-22 18:09:33 67584 --a------ C:\WINDOWS\system32\srclient.dll 2007-02-22 18:09:33 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-02-22 18:09:33 105984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-02-22 18:09:33 252928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-02-22 18:09:33 69632 --a------ C:\WINDOWS\system32\msconf.dll 2007-02-22 18:09:33 34560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-02-22 18:09:33 81920 --a------ C:\WINDOWS\system32\ils.dll 2007-02-22 18:09:33 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-02-22 18:09:32 190976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-02-22 18:09:32 12288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-02-22 18:09:32 274944 --a------ C:\WINDOWS\system32\mstask.dll 2007-02-22 18:09:32 678400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-02-22 18:09:20 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> 2007-02-22 18:08:12 5632 --a------ C:\WINDOWS\system32\write.exe 2007-02-22 18:08:06 138752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-02-22 18:08:06 131584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-02-22 18:08:06 345088 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-02-22 18:08:06 183808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-02-22 18:08:05 35328 --a------ C:\WINDOWS\system32\winchat.exe 2007-02-22 18:08:05 44544 --a------ C:\WINDOWS\system32\hticons.dll 2007-02-22 18:08:05 73216 --a------ C:\WINDOWS\system32\avwav.dll 2007-02-22 18:08:05 227840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-02-22 18:08:05 16384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-02-22 18:07:59 605696 --a------ C:\WINDOWS\system32\getuname.dll 2007-02-22 18:07:59 80384 --a------ C:\WINDOWS\system32\charmap.exe 2007-02-22 18:07:59 114688 --a------ C:\WINDOWS\system32\calc.exe 2007-02-22 18:07:58 119808 --a------ C:\WINDOWS\system32\winmine.exe 2007-02-22 18:07:58 56832 --a------ C:\WINDOWS\system32\sol.exe 2007-02-22 18:07:58 126976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-02-22 18:07:58 55296 --a------ C:\WINDOWS\system32\freecell.exe 2007-02-22 18:07:58 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-02-22 18:07:58 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-02-22 18:07:57 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-02-22 18:07:57 16384 --a------ C:\WINDOWS\system32\tskill.exe 2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\tscon.exe 2007-02-22 18:07:57 14848 --a------ C:\WINDOWS\system32\shadow.exe 2007-02-22 18:07:57 15872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-02-22 18:07:57 9728 --a------ C:\WINDOWS\system32\reset.exe 2007-02-22 18:07:57 33792 --a------ C:\WINDOWS\system32\regini.exe 2007-02-22 18:07:57 67072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-02-22 18:07:57 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-02-22 18:07:57 22016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-02-22 18:07:57 20480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-02-22 18:07:57 16896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-02-22 18:07:57 20992 --a------ C:\WINDOWS\system32\msg.exe 2007-02-22 18:07:57 15360 --a------ C:\WINDOWS\system32\logoff.exe 2007-02-22 18:07:56 11776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-02-22 18:07:56 90112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-02-22 18:07:56 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-02-22 18:07:56 949248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-02-22 18:07:56 58880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-02-22 18:07:56 6144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-02-22 18:07:56 15872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-02-22 18:07:55 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-02-22 18:07:55 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-02-22 18:07:54 54272 --a------ C:\WINDOWS\system32\stclient.dll 2007-02-22 18:07:54 4096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-02-22 18:07:54 20480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-02-22 18:07:54 540160 --a------ C:\WINDOWS\system32\comuid.dll 2007-02-22 18:07:54 82432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-02-22 18:07:54 25600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-02-22 18:07:54 62464 --a------ C:\WINDOWS\system32\colbact.dll 2007-02-22 18:07:54 110080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-02-22 18:07:54 85504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-02-22 18:07:54 229888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-02-22 18:07:53 147456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-02-22 18:07:53 501248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-02-22 18:07:47 56320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-02-22 18:07:47 343040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-02-22 18:07:47 123392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-02-22 18:07:47 17408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-02-22 18:07:47 185344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-02-22 18:07:46 6656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-02-22 18:07:46 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-02-22 18:07:46 124184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-02-22 18:07:46 538624 --a------ C:\WINDOWS\system32\spider.exe 2007-02-22 18:07:46 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-02-22 18:07:46 102912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-02-22 18:07:45 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-02-22 18:07:45 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-02-22 18:07:45 295424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-02-22 18:07:45 140800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-02-22 18:07:45 60416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-02-22 18:07:45 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-02-22 18:07:45 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-02-22 18:07:45 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-02-22 18:07:45 147968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-02-22 18:07:45 655360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-02-22 18:07:45 407552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-02-22 18:07:44 62464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-02-22 18:07:44 425472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-02-22 18:07:44 11264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-02-22 18:07:44 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-02-22 18:07:44 628224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-02-22 18:07:43 1251840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-02-22 18:07:41 58880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-02-22 18:07:36 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-02-22 18:07:36 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-02-22 13:37:34 0 d-------- C:\068f143c3f22844b0d1240e523037b<068F14~1> 2007-02-22 11:53:45 0 d-------- C:\Program Files\s?stem 2007-02-22 11:53:05 32177 --ahs---- C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe<YAZZLE~2.EXE> 2007-02-22 11:52:16 0 d-------- C:\ffd38e13e662ce6d2c83768d99e805fd<FFD38E~1> 2007-02-22 11:34:49 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1> 2007-02-22 11:26:13 21504 --a------ C:\WINDOWS\system32\hidserv.dll 2007-02-22 11:25:56 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-02-22 11:25:22 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-02-22 11:25:04 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-02-22 11:24:52 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys 2007-02-22 11:24:36 74240 --a------ C:\WINDOWS\system32\usbui.dll 2007-02-22 11:22:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon 2007-02-22 11:22:45 0 d--hs---- C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU<RGVUBM~1> 2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-02-22 11:19:51 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-02-22 11:19:51 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-02-22 11:19:50 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-02-22 11:19:49 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-02-22 11:19:48 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-02-22 11:19:48 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-02-22 11:19:48 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-02-22 11:19:48 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-02-22 11:19:46 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-02-22 11:19:46 6144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-02-22 11:19:45 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-02-22 11:19:45 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-02-22 11:19:45 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-02-22 11:19:42 13312 --a------ C:\WINDOWS\system32\irclass.dll 2007-02-22 11:19:42 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-02-22 11:19:42 85020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-02-22 11:19:42 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-02-22 11:19:41 24661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-02-22 11:19:41 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-02-22 11:19:41 9008 --a------ C:\WINDOWS\system\VER.DLL 2007-02-22 11:19:41 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-02-22 11:19:41 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-02-22 11:19:41 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-02-22 11:19:41 82944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-02-22 11:19:40 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-02-22 11:19:40 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-02-22 11:19:40 68768 --a------ C:\WINDOWS\system\mmsystem.dll 2007-02-22 11:19:40 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-02-22 11:19:40 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-02-22 11:19:40 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-02-22 11:19:40 69584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-02-22 11:19:39 8704 --a------ C:\WINDOWS\system32\batt.dll 2007-02-22 11:19:39 69120 --a------ C:\WINDOWS\notepad.exe 2007-02-22 11:19:38 74752 --a------ C:\WINDOWS\system32\storprop.dll 2007-02-22 11:19:27 0 dr------- C:\Documents and Settings\All Users.WINDOWS\Documents<DOCUME~1> 2007-02-22 11:18:19 0 d-------- C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001}<{4CFAA~1> 2007-02-22 11:14:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Systweak 2007-02-21 21:24:14 0 d-------- C:\8f2399186ff3a900dfb1da8dc820210d<8F2399~1> 2007-02-21 19:10:22 0 d-------- C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001}<{3CFAA~1> 2007-02-21 19:10:18 92997 --a------ C:\Documents and Settings\Dennetts Hardware\bcw2.exe 2007-02-21 19:10:13 25088 --a------ C:\Documents and Settings\Dennetts Hardware\bcwin32.exe 2007-02-21 19:10:11 25600 --a------ C:\lddxxxbdla.exe<LDDXXX~1.EXE> 2007-02-21 16:33:27 0 d-------- C:\7df1ac5d04c72c2a7d4291a91491<7DF1AC~1> 2007-02-21 12:48:00 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1> 2007-02-21 08:18:39 0 d-------- C:\WINDOWS\Sytem32 2007-02-20 19:21:36 0 d-------- C:\Program Files\Lavasoft 2007-02-20 18:30:33 385536 --a------ C:\is67lolawa.exe<IS67LO~1.EXE> 2007-02-20 18:12:09 0 d-------- C:\Program Files\DiskTrix 2007-02-20 10:32:55 0 d-------- C:\Program Files\Kaspersky Lab<KASPER~1> 2007-02-20 10:32:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1> 2007-02-20 10:30:35 0 d-------- C:\KAV 2007-02-19 21:27:57 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2007-02-19 18:34:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-02-19 17:14:57 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Uniblue 2007-02-19 13:38:51 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg 2007-02-19 13:37:51 0 d-------- C:\Program Files\F-Secure 2007-02-19 13:09:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\GlarySoft<GLARYS~1> 2007-02-19 13:05:13 0 d-------- C:\Program Files\Glary Utilities<GLARYU~1> 2007-02-19 12:26:19 670 --a------ C:\ICSdata.dat 2007-02-19 12:26:03 0 d-------- C:\Program Files\InfoClock Screensaver<INFOCL~1> 2007-02-19 12:26:03 0 d-------- C:\DESfiles 2007-02-17 16:47:55 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1> 2007-02-17 10:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol<JOYMEE~1> 2007-02-17 10:14:42 0 d-------- C:\Program Files\funk fast wave<FUNKFA~1> 2007-02-17 10:14:09 0 d-------- C:\Program Files\Torrent101<TORREN~1> 2007-02-12 11:36:25 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Azureus 2007-02-12 10:24:07 0 d-------- C:\WINDOWS\vbSkinner<VBSKIN~1> 2007-02-12 09:34:53 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\uTorrent 2007-02-12 09:34:49 0 d-------- C:\Program Files\uTorrent 2007-02-06 12:57:56 0 d-------- C:\Program Files\iPod 2007-02-06 12:57:44 0 d-------- C:\Program Files\iTunes 2007-02-03 11:44:48 0 d-------- C:\Program Files\Reallusion<REALLU~1> 2007-02-02 22:49:44 5767168 --a------ C:\Documents and Settings\Dennetts Hardware\ntuser.dat 2007-02-01 18:57:50 0 d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files<SMARTF~1.0SE> 2007-02-01 16:51:09 0 d-------- C:\Program Files\SuperCleaner<SUPERC~1> 2007-01-31 22:05:08 47360 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\pcouffin.sys 2007-01-31 22:05:08 87608 --a------ C:\Documents and Settings\Dennetts Hardware\Application Data\ezpinst.exe 2007-01-31 22:05:07 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Vso 2007-01-31 22:05:04 0 d-------- C:\Program Files\DVDFab Platinum 3<DVDFAB~1> 2007-01-31 21:34:48 0 d-------- C:\WINDOWS\WBEM 2007-01-31 21:34:46 0 d-------- C:\WINDOWS\system32\en-US 2007-01-31 21:33:08 0 d--h---c- C:\WINDOWS\ie7 2007-01-31 21:30:17 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1> 2007-01-31 20:19:14 0 d-------- C:\Program Files\FLVPlayer<FLVPLA~1> 2007-01-31 17:31:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2007-01-31 16:11:21 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\BitTorrent<BITTOR~1> 2007-01-31 15:27:31 0 d-------- C:\Program Files\Common Files\Creative 2007-01-31 15:20:03 0 d-------- C:\WINDOWS\system32\Data 2007-01-31 14:56:00 0 d-------- C:\Program Files\Dell Computer<DELLCO~1> 2007-01-31 14:55:42 0 d-------- C:\Program Files\PianoFX 2007-01-31 14:55:06 0 d-------- C:\Program Files\Common Files\Sonic 2007-01-31 14:54:48 0 d-------- C:\WINDOWS\system32\dla 2007-01-31 14:52:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion<YAHOO!~1> 2007-01-31 14:51:59 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-01-31 14:51:52 0 d-------- C:\Program Files\Microsoft Money<MICROS~3> 2007-01-31 1305 0 d-------- C:\Program Files\SmartFTP Client 2.0<SMARTF~1.0> 2007-01-31 11:59:16 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Ahead 2007-01-31 11:57:04 0 d-------- C:\Program Files\Nero 2007-01-31 11:57:03 0 d-------- C:\Program Files\Common Files\Ahead 2007-01-31 09:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1> 2007-01-31 09:32:27 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Smart Recorder<SMARTR~1> 2007-01-30 20:15:24 0 d--h----- C:\Program Files\Creative Installation Information<CREATI~1> 2007-01-30 20:11:43 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\Creative 2007-01-30 19:54:52 0 d-------- C:\Program Files\Creative 2007-01-29 20:05:25 0 d-------- C:\WINDOWS\system32\NtmsData 2007-01-29 17:35:33 0 d-------- C:\WINDOWS\Profiles 2007-01-29 17:35:31 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\InterTrust<INTERT~1> 2007-01-29 17:33:51 0 d-------- C:\WINDOWS\system32\hauppauge<HAUPPA~1> 2007-01-29 17:33:38 0 d-------- C:\MyVideos 2007-01-29 17:33:25 0 d-------- C:\Program Files\WinTV 2007-01-29 17:15:27 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles<NVIEW_~1> 2007-01-29 17:09:01 0 d-------- C:\WINDOWS\nview 2007-01-29 13:19:54 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield<INSTAL~1> 2007-01-29 13:18:05 0 d-------- C:\Program Files\Ulead Systems<ULEADS~1> 2007-01-29 12:38:41 0 d-------- C:\Documents and Settings\Dennetts Hardware\Application Data\WinRAR 2007-01-29 08:49:13 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys<RT2500~1.SYS> 2007-01-29 08:48:47 0 d-------- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor<LINKSY~1> -- Find3M Report ---------------------------------------------------------------- 2007-02-23 07:02:35 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1> 2007-02-23 05:37:26 0 d-------- C:\Program Files\Attitude POSitive<ATTITU~1> 2007-02-23 05:26:11 0 d-------- C:\Program Files\Java 2007-02-22 21:03:22 0 d---s---- C:\Documents and Settings\ourroom\Application Data\Microsoft<MICROS~1> 2007-02-22 20:35:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-02-22 19:53:43 0 d-------- C:\Documents and Settings\ourroom\Application Data\Macromedia<MACROM~1> 2007-02-22 19:50:46 0 d-------- C:\Program Files\Macromedia<MACROM~1> 2007-02-22 19:50:46 0 d-------- C:\Program Files\Common Files\Macromedia<MACROM~1> 2007-02-22 19:10:27 0 d-------- C:\Documents and Settings\ourroom\Application Data\Mozilla 2007-02-22 18:55:36 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-02-22 18:55:23 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\s?stem 2007-02-22 18:55:16 0 d-------- C:\Program Files\Common Files\??stem 2007-02-22 18:24:25 0 d-------- C:\Documents and Settings\ourroom\Application Data\Identities<IDENTI~1> 2007-02-22 11:19:27 62 --ahs---- C:\Documents and Settings\ourroom\Application Data\desktop.ini 2007-02-21 14:47:20 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3> 2007-02-20 19:45:24 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1> 2007-02-20 19:44:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-02-20 18:10:58 0 d-------- C:\Program Files\UI 2007-02-20 18:10:58 0 d-------- C:\Program Files\scripts 2007-02-20 18:10:58 0 d-------- C:\Program Files\plugins 2007-02-20 18:10:56 0 d-------- C:\Program Files\Replay7 2007-02-20 18:05:12 0 d-------- C:\Program Files\Data 2007-02-20 18:05:11 0 d-------- C:\Program Files\MainRetail3<MAINRE~1> 2007-02-20 18:05:09 0 d-------- C:\Program Files\Common Files\mqkz 2007-02-20 17:11:38 0 d-------- C:\Program Files\Grisoft 2007-02-16 06:46:51 0 d-------- C:\Program Files\QuickTime<QUICKT~1> 2007-02-16 06:46:13 0 d-------- C:\Program Files\Apple Software Update<APPLES~1> 2007-02-01 16:11:38 0 d-------- C:\Program Files\MUSICMATCH<MUSICM~1> 2007-02-01 12:14:31 0 d-------- C:\Program Files\LimeWire 2007-02-01 06:26:18 0 d-------- C:\Program Files\??sks 2007-01-31 14:03:34 0 d-------- C:\Program Files\Yahoo! 2007-01-30 11:51:16 0 d-------- C:\Program Files\Jasc Software Inc<JASCSO~1> 2007-01-30 11:48:25 0 d-------- C:\Program Files\Hewlett-Packard<HEWLET~1> 2007-01-30 11:45:48 0 d-------- C:\Program Files\Amor SWF to Video Converter<AMORSW~1> 2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-29 17:35:31 0 d-------- C:\Program Files\Common Files\?dobe 2007-01-29 13:18:20 0 d-------- C:\Program Files\Common Files\Ulead Systems<ULEADS~1> 2007-01-17 11:02:19 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1> 2007-01-12 10:44:01 0 d-------- C:\Program Files\Luxor Mahjong<LUXORM~1> 2007-01-03 15:19:56 171008 --ahs---- C:\Program Files\Common Files\Yazzle1122OinAdmin.exe<YAZZLE~1.EXE> 2006-11-25 13:54:02 449024 --a------ C:\WINDOWS\system32\InfoClock Screensaver.scr<INFOCL~1.SCR> -- Registry Dump ---------------------------------------------------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NWEReboot"="" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 --------------------------------------------------------------------------- I was unable to attach supplementary text. Kept timing out. Here is the text ComboScan v20070221.16 run by ourroom on 2007-02-23 at 07:04:04 Supplementary logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ----------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Celeron(R) CPU 2.40GHz Percentage of Memory in Use: 29% Physical Memory (total/avail): 1022 MiB / 716.86 MiB Pagefile Memory (total/avail): 2460.81 MiB / 2290.72 MiB Virtual Memory (total/avail): 2047.88 MiB / 1999.38 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.46 GiB total, 39.68 GiB free. D: is Fixed (FAT32) - 93.34 GiB total, 31.01 GiB free. E: is CDROM (No Media) -- Security Center -------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. -- Environment Variables -------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS APPDATA=C:\Documents and Settings\ourroom\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=STEVEANDCAREN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\ourroom LOGONSERVER=\\STEVEANDCAREN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp TMP=C:\DOCUME~1\ourroom\LOCALS~1\Temp USERDOMAIN=STEVEANDCAREN USERNAME=ourroom USERPROFILE=C:\Documents and Settings\ourroom windir=C:\WINDOWS -- User Profiles ---------------------------------------------------------------- ourroom (admin) Administrator (new local, admin) -- Add/Remove Programs ---------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} HijackThis 1.99.1 --> C:\Documents and Settings\ourroom\Desktop\hijackthis\HijackThis.exe /uninstall InfoClock Screensaver 1.6.7 --> "C:\Program Files\InfoClock Screensaver\unins000.exe" J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090} LimeWire PRO 4.13.0 --> "C:\Program Files\LimeWire\uninstall.exe" Linksys Wireless-G USB Network Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9 Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9} Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6} Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe SmartFTP Client 2.0 (remove only) --> "C:\Program Files\SmartFTP Client 2.0\uninst-sftp.exe" Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- End of ComboScan: finished at 2007-02-23 at 07:04:45 ------------------------- HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 newlycreated - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_GTNDIS5 -- End of ComboScan: finished at 2007-02-23 at 07:04:45 -------------------------

02-23-2007, 08:34 AM	#7 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Quick Questions: Did you do a repair install, or format and install? Did you run these scans before or after the install? Meaning, is nbdos.exe still on your system? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-21-2007, 11:45 AM	#3 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	One more update. I get no desktop when running in Safe Mode. I can access Task Manager though

02-23-2007, 04:48 AM	#5 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	Thank you. I ran Spyware doctor after writing my initial posts, and to my horror got rebooted and received a fatal system error. Blue screen of death. I have just finished reinstalling Windows XP, and while everything seems fine, and I have no popups or delays, I will still run the checks you suggest. Thanks.

02-23-2007, 09:41 AM	#8 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	I did not reformat, but did do a full XP reinstall(not a repair install.) No icons, default desktop, no installed programs...etc...etc. immediately updated to sp2. I have also reinstalled Kaspersky, and it no longer sees any viruses on startup(have not done a full system scan yet.) Yes, I did a search and found nbdos.exe in system32 file.

02-23-2007, 09:42 AM	#9 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	scans were after reinstall.

02-23-2007, 10:29 AM	#10 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Well, unless you formatted, what you've done is install over the top. That means infections are not wiped out. Let's move on. Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop. Run SFP.exe. Please copy the following lines into the Step 1: Paste Text window: C;\Windows\System32\nbdos.exe then click "Continue". This will create a .cab file on your desktop named requested-files[Date/Time].cab Next, please visit TheSpyKillers forum HERE Read the first topic for instructions on uploading files then start a new Topic, post a link to this thread and upload the requested files.cab archive from your desktop. Please put attention AndyManchesta in the thread title, and post the link to that thread here. Once you done that, delete the file and post a new HJT log. There are other nasties showing in the ComboScan and NoLOP logs, which we'll deal with next. Also, I would recommend a full system scan with kaspersky, after ensuring it has the latest update definitions. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-23-2007, 11:09 AM	#11 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	http://www.thespykiller.co.uk/forum/index.php?board=1.0 Logfile of HijackThis v1.99.1 Scan saved at 1259 PM, on 2/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\ourroom\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://microsoft.com/ O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: WUSB54Gv42SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv42.exe (file missing) Thank you for the quick response. You the man. will start Kasperky scan now.

02-23-2007, 11:22 AM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Thanks for helping us by uploading the file. It has been received. I'll be offline for several hours now. I'll have more work for you to do when I return later tonight (2100EST or so) __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-23-2007, 08:08 PM	#13 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below. --------------------------------------------------------------------------------------------------- I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix. Run AVG Anti-Spyware From the main screen, click on update, then click the Start update button. After the update finishes (the status bar at the bottom will display "Update successful") select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" Exit AVG Anti-Spyware. DO NOT scan yet. --------------------------------------------------------------------------------------------- Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Delete the following files/folders: C:\Program Files\funk fast wave C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\mqkz C:\Documents and Settings\All Users\Application Data\Joy Meet Extra Idol Please use caution in deleting these next folders. Before deleting, look inside them, and check their properties for creation dates. I've listed them where they were available. These folders emulate legit folder names which may also be present in these locations, and the characters may appear as English or Cyrillic. If you have any doubts about any of them, do not delete them, but instead, make note of what's inside and post that information in your next reply. C:\Program Files\Common Files\s?stem <<<created on 2007-02-22 18:55:16 C:\Program Files\Common Files\??stem <<<created on 2007-02-22 18:55:16 C:\Program Files\??sks <<<created on 2007-02-01 06:26:18 C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe <<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft <<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\??sks C:\Documents and Settings\Dennetts Hardware\Application Data\??stem C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32 C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft <<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\?asks C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Restart in normal mode. --------------------------------------------------------------------------------------------- Go here and do the BitDefender online virus scan. Click "I Agree" to agree to the EULA. Allow the ActiveX control to install when prompted. Leave the scanning options at default and press "Click here to scan" to begin the scan. Please refrain from using the computer until the scan is finished. When the scan is finished, click on "Click here to export the scan results" Save the report to your desktop then come back here and post it in your next reply. --------------------------------------------------------------------------------------------------- Run ComboScan once again, and post the log which results. Please return with logs from: AVG Anti-Spyware BitDefender ComboScan.txt Let me know if you encountered any problems deleting those folders, and how your system is behaving now, please. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 02-23-2007 at 08:10 PM.

02-24-2007, 07:37 AM	#14 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	I am still with you. The Kapersky scan and the avg scan are just taking awhile. I am on another computer. Kaspersky did find several instances of the Win32 virus and deleted them. It found nothing else. avg running now. May take several more hours. I could not find any of these files C:\Program Files\Common Files\s?stem<<<created on 2007-02-22 18:55:16 C:\Program Files\Common Files\??stem<<<created on 2007-02-22 18:55:16 C:\Program Files\??sks<<<created on 2007-02-01 06:26:18 C:\Documents and Settings\Dennetts Hardware\Application Data\W?nsxs C:\Documents and Settings\Dennetts Hardware\Application Data\?dobe<<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\?pppatch C:\Documents and Settings\Dennetts Hardware\Application Data\??ppatch C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft<<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\??sks C:\Documents and Settings\Dennetts Hardware\Application Data\??stem C:\Documents and Settings\Dennetts Hardware\Application Data\??stem32 C:\Documents and Settings\Dennetts Hardware\Application Data\?icrosoft<<<Extra care here!!! C:\Documents and Settings\Dennetts Hardware\Application Data\?asks C:\Documents and Settings\Dennetts Hardware\Application Data\S?mantec C:\Documents and Settings\Dennetts Hardware\Application Data\S?mbols C:\Documents and Settings\Dennetts Hardware\Application Data\F?nts

02-25-2007, 09:42 AM	#17 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Good job! Please look for and delete these folders: C:\Program Files\Common Files\{4CFAAFF2-0958-1033-1202-030119060001} C:\Program Files\Common Files\{3CFAAFF2-0958-1033-1202-030119060001} C:\Program Files\Common Files\?dobe <<<May appear as Adobe, created on 2007-01-29 17:35:31 This next folder appears to be empty, if it is, delete it, if it is not, let me know what's in it: C:\WINDOWS\RGVubmV0dHMgSGFyZHdhcmU ---------------------------------------- CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK --------------------------------------------------------------------------------------------- Let me know if you have any trouble finding or deleting those folders, please. Due to BitDefender finding other random bots, I'd like you to run this additional scanner (sorry, I know that with 2 drives it will take a long time, but there's been backdoors on this system, so we need to be thorough): * Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe Doubleclick the drweb-cureit.exe file and Allow to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-25-2007, 09:45 AM	#18 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	I see you're already here viewing, so rather than edit my post, I'll add this so you're sure to see it. Please also delete this folder if it still exists: C:\Program Files\Common Files\??stem <<<may appear as System, created on 2007-02-24 10:21:10 Again, check the properties and contents of this folder before deletion. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-26-2007, 06:01 AM	#19 (permalink)
neonknightmare Registered User Join Date: Feb 2007 Posts: 16 OS: xp	OK, I didn't really have a chance to do this yesterday. I will today. I have deleted all of the files you mentioned except the Adobe file. I have several Adobe programs and there are what seem to be needed Adobe files in there, licences, plugins and other things. If after reading this, you still think I should delete them I will. I have run the quick scan and it found nothing in the memory processes. Will start the quick scan here shortly, and get the results to you this evening. Thanks again.

02-26-2007, 09:12 AM	#20 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,208 OS: 2000 Pro; XP Pro; XP Home	Right....there may be a legit Adobe folder there. Leave that, as you did. Mine has several folders within....Acrobat, Color, Help, TypeSpt and Updater 5, yours may be different, but a malware folder would not contain such items. There might be an exe or dll file within a malware folder of this type. Look at the end of the Program Files\Common Files folder, for another one which may appear as Adobe, and check it's properties for time/date of creation. C:\Program Files\Common Files\?dobe <<<May appear as Adobe, created on 2007-01-29 17:35:31 If the legit Adobe folder is the only one in that location, then we'll consider it a glitch in reporting. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009