Jump to content


Photo

Windows restart problem


  • This topic is locked This topic is locked
20 replies to this topic

#1 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 25 May 2007 - 11:26 PM

Hi everyone.

Iíve read your Forum FAQís. Iíve recently encountered a problem with my computer when I restart. It stated that there was a software or hardware change to windows. So far itís running ok, but Iím suspicious about this issue.

Iím currently running VET antivirus. Iíve updated the AV and I only scanned the hard drive where windows is installed. No problems detected.

Iíve also ran ad-aware. It didnít detect anything. Iím having a bit of trouble running the free scanner programs youíve stated i.e. Panda Activescan from your FAQís.

Here is my current Hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 2:23:47 PM, on 5/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\Telstra\Cable Login\bpcable.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe
E:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\SpywareGuard\sgmain.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\SpywareGuard\sgbhp.exe
E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\QuickTime\QuickTimePlayer.exe
E:\WINDOWS\system32\SNDVOL32.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.zonela...eqId=1795623470
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - E:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [BigPondCable] "E:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CaAvTray] "E:\Program Files\CA\eTrust Vet Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe"
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - E:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe



Kindest regards,

vtu22_2

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 31 May 2007 - 11:07 AM

Iíve recently re-formatted my computer to attempt to eliminate any spyware and adware from the previous problem, but it doesnít seem liked its worked.

Iíve used AVG anti-spyware (using your guide to run a full scan), but couldnít update it due to a server error. It detected 40 problems, 3 of which are high rated ones. Iím also having trouble installing my AV and the computer is running sluggish.

Here is the log report from AVG:


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:55:28 AM 6/1/2007

+ Scan result:



F:\System Volume Information\_restore{E3CE8049-347F-4016-BD03-2E057E6A0077}\RP112\A0101730.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{E3CE8049-347F-4016-BD03-2E057E6A0077}\RP112\A0101729.exe/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{E3CE8049-347F-4016-BD03-2E057E6A0077}\RP112\A0101729.exe/cd_htm.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/wbhshare.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/whAgent.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/whieshm.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/Webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/wbhshare.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/whAgent.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/whInstaller.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/whiehlpr.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/whieshm.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{E3CE8049-347F-4016-BD03-2E057E6A0077}\RP112\A0101727.exe -> Hijacker.Small : Cleaned with backup (quarantined).
:mozilla.64:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.66:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.67:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.68:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.69:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.98:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.100:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.99:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.157:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.124:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.125:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.126:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.127:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.56:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.57:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.58:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.59:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.121:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.122:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.123:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.63:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.70:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.71:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.27:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.113:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.90:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.91:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.92:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.93:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.94:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.95:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.140:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.160:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.156:E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000582.exe -> Trojan.Krepper.y : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002967.exe -> Trojan.Krepper.y : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137395.exe -> Trojan.Krepper.y : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000657.exe/nrpr.exe -> Trojan.Premeter : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003042.exe/nrpr.exe -> Trojan.Premeter : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{E3CE8049-347F-4016-BD03-2E057E6A0077}\RP112\A0101728.exe -> Trojan.Premeter : Cleaned with backup (quarantined).


::Report end



Here is a new Hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 2:06:12 AM, on 6/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\TCAUDIAG.exe
E:\Program Files\Telstra\Cable Login\bpcable.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\WINDOWS\msagent\AgentSvr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [BigPondCable] "E:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - E:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thanks in advance.

Kindest regards,

Vtu22_2

#4 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 02 June 2007 - 03:34 AM

Hi vtu22,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

There’s nothing suspicious in your HijackThis log, but HJT doesn’t pick up all malware nowadays. So, let’s run a few other cleanup and diagnostic scans to make sure your system is clean.

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download Dr.Web CureIt and save it to your desktop:
  • Double-click the cureit.exe file, select "Start", and allow it to run the "Express Scan".
  • This will scan the files currently running in memory and when something is found, click the "Yes" button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives; a red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, click the icon next to the files found: Posted Image
  • Then click the next icon right below and select "Move incurable" as you'll see in next image:

    Posted Image

  • This will move infected/suspicious files to the %userprofile%\DoctorWeb\quarantine folder if they can't be cured (this is in case if we need samples).
  • After selecting, in the Dr.Web CureIt menu on top, click "File" and choose "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv.
  • Close Dr.Web CureIt.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan.
  • The log from the Dr.Web CureIt scan.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

Edited by Sempurna, 02 June 2007 - 03:37 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#5 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 June 2007 - 10:02 AM

Hi Sempurna.

Thank you for replying to my thread. I understand that you have other commitments and priorities, so you don't need to apologise. =)

The scans took a while! I think it'll be best to post each one in their own thread since its so long! Here are the results for the combofix scan:


"Vincent" - 2007-06-02 22:21:41 Service Pack 2
ComboFix 07-05.27.BV - Running from: "E:\Documents and Settings\Vincent\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-05-02 to 2007-06-02 ))))))))))))))))))))))))))))))))))


2007-06-02 22:17 <DIR> d-------- E:\Program Files\CCleaner
2007-06-01 20:51 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\vlc
2007-06-01 20:50 <DIR> d-------- E:\Program Files\VideoLAN
2007-06-01 20:49 36,624 --------- E:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-01 20:49 2,560 --------- E:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-01 20:49 2,432 --------- E:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-01 20:49 129,784 --------- E:\WINDOWS\system32\pxafs.dll
2007-06-01 20:49 118,520 --------- E:\WINDOWS\system32\pxinsi64.exe
2007-06-01 20:49 116,472 --------- E:\WINDOWS\system32\pxcpyi64.exe
2007-06-01 20:49 <DIR> d---s---- E:\Documents and Settings\Vincent\UserData
2007-06-01 20:49 <DIR> d---s---- E:\DOCUME~1\Vincent\UserData
2007-06-01 20:46 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\DivX
2007-06-01 20:45 <DIR> d-------- E:\Program Files\DivX
2007-06-01 16:56 <DIR> d-------- E:\Program Files\BitTorrent
2007-06-01 16:56 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\BitTorrent
2007-05-31 23:38 3,968 --a------ E:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-31 22:40 476,320 --------- E:\WINDOWS\system32\ImagXpr7.dll
2007-05-31 22:40 471,040 --------- E:\WINDOWS\system32\ImagXRA7.dll
2007-05-31 22:40 38,912 --------- E:\WINDOWS\system32\picn20.dll
2007-05-31 22:40 364,544 --------- E:\WINDOWS\system32\TwnLib4.dll
2007-05-31 22:40 262,144 --------- E:\WINDOWS\system32\ImagXR7.dll
2007-05-31 22:40 155,648 --a------ E:\WINDOWS\system32\NeroCheck.exe
2007-05-31 22:40 106,496 --a------ E:\WINDOWS\system32\TwnLib20.dll
2007-05-31 22:40 1,568,768 --------- E:\WINDOWS\system32\ImagX7.dll
2007-05-31 22:40 <DIR> d-------- E:\Program Files\Common Files\Ahead
2007-05-31 22:40 <DIR> d-------- E:\Program Files\Ahead
2007-05-31 22:30 46,192 --a------ E:\WINDOWS\system32\ISafeProduct.dll
2007-05-31 22:29 95,784 --a------ E:\WINDOWS\system32\ISafeIf.dll
2007-05-31 22:29 75,304 --a------ E:\WINDOWS\system32\VetRedir.dll
2007-05-31 22:29 75,304 --a------ E:\WINDOWS\system32\iSafProd.dll
2007-05-31 22:29 112,168 --a------ E:\WINDOWS\AVShlExt.dll
2007-05-31 22:29 <DIR> d-------- E:\Program Files\CA
2007-05-28 23:54 87,552 --a------ E:\WINDOWS\system32\CNMLM4b.DLL
2007-05-28 23:54 73,728 -ra------ E:\WINDOWS\system32\CNMCP4b.exe
2007-05-28 23:54 5,632 --a------ E:\WINDOWS\system32\CNMVS4b.DLL
2007-05-28 23:54 25,856 --a------ E:\WINDOWS\system32\drivers\usbprint.sys
2007-05-28 23:54 <DIR> d--h----- E:\BJPrinter
2007-05-28 23:11 <DIR> d-------- E:\WINDOWS\CAVTemp
2007-05-28 14:09 <DIR> d-------- E:\WINDOWS\ShellNew
2007-05-28 14:08 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\Microsoft Web Folders
2007-05-28 09:20 <DIR> dr------- E:\DOCUME~1\ALLUSE~1\Documents
2007-05-28 07:24 3,072 --a------ E:\WINDOWS\system32\drivers\audstub.sys
2007-05-28 07:21 74,240 --a------ E:\WINDOWS\system32\usbui.dll
2007-05-28 07:21 6,400 --a------ E:\WINDOWS\system32\drivers\enum1394.sys
2007-05-28 07:21 57,472 --a------ E:\WINDOWS\system32\drivers\redbook.sys
2007-05-28 07:20 <DIR> dr------- E:\Program Files
2007-05-28 07:20 <DIR> d-------- E:\Program Files\Common Files\SpeechEngines
2007-05-28 07:20 <DIR> d-------- E:\Program Files\Common Files\ODBC
2007-05-28 07:19 9,936 --a------ E:\WINDOWS\system\LZEXPAND.DLL
2007-05-28 07:19 9,008 --a------ E:\WINDOWS\system\VER.DLL
2007-05-28 07:19 85,020 --a------ E:\WINDOWS\system32\dgsetup.dll
2007-05-28 07:19 82,944 --a------ E:\WINDOWS\system\OLECLI.DLL
2007-05-28 07:19 8,704 --a------ E:\WINDOWS\system32\batt.dll
2007-05-28 07:19 8,192 -ra------ E:\WINDOWS\system32\kbdhept.dll
2007-05-28 07:19 74,752 --a------ E:\WINDOWS\system32\storprop.dll
2007-05-28 07:19 7,168 -ra------ E:\WINDOWS\system32\kbdcz.dll
2007-05-28 07:19 69,584 --a------ E:\WINDOWS\system\AVICAP.DLL
2007-05-28 07:19 69,120 --a------ E:\WINDOWS\notepad.exe
2007-05-28 07:19 68,768 --a------ E:\WINDOWS\system\mmsystem.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdycl.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdsl1.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdsl.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdpl.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdhu.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdhela3.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdcz2.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdcz1.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\kbdcr.dll
2007-05-28 07:19 6,656 -ra------ E:\WINDOWS\system32\KBDAL.DLL
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdtuq.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdtuf.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdlv1.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdlv.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdhela2.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdgkl.dll
2007-05-28 07:19 6,144 -ra------ E:\WINDOWS\system32\kbdest.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdro.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdpl1.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdmon.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdlt1.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdlt.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdkyr.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdhu1.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdhe319.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdhe220.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdhe.dll
2007-05-28 07:19 5,632 -ra------ E:\WINDOWS\system32\kbdazel.dll
2007-05-28 07:19 5,120 --a------ E:\WINDOWS\system\SHELL.DLL
2007-05-28 07:19 32,816 --a------ E:\WINDOWS\system\COMMDLG.DLL
2007-05-28 07:19 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll
2007-05-28 07:19 24,064 --a------ E:\WINDOWS\system\OLESVR.DLL
2007-05-28 07:19 19,200 --a------ E:\WINDOWS\system\TAPI.DLL
2007-05-28 07:19 176,157 --a------ E:\WINDOWS\system32\dgrpsetu.dll
2007-05-28 07:19 15,360 --a------ E:\WINDOWS\TASKMAN.EXE
2007-05-28 07:19 13,312 --a------ E:\WINDOWS\system32\irclass.dll
2007-05-28 07:19 126,912 --a------ E:\WINDOWS\system\MSVIDEO.DLL
2007-05-28 07:19 11,264 --a------ E:\WINDOWS\system32\drivers\irenum.sys
2007-05-28 07:19 109,456 --a------ E:\WINDOWS\system\AVIFILE.DLL
2007-05-28 07:19 103,424 --a------ E:\WINDOWS\system32\EqnClass.Dll
2007-05-28 07:19 <DIR> d-------- E:\WINDOWS\system32\CatRoot2
2007-05-28 07:19 <DIR> d-------- E:\WINDOWS\system32\CatRoot
2007-05-28 07:19 <DIR> d-------- E:\Documents and Settings
2007-05-28 07:15 <DIR> dr-hsc--- E:\WINDOWS\system32\dllcache
2007-05-28 07:15 <DIR> dr--s---- E:\WINDOWS\Fonts
2007-05-28 07:15 <DIR> dr------- E:\WINDOWS\Web
2007-05-28 07:15 <DIR> d--h----- E:\WINDOWS\inf
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\WinSxS
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\twain_32
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\wins
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\wbem
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\usmt
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\spool
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\ShellExt
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\Setup
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\ras
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\oobe
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\npp
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\mui
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\inetsrv
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\IME
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\icsxml
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\ias
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\export
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\drivers\etc
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\drivers\disdn
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\drivers
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\dhcp
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\config
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\3com_dmi
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\3076
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\2052
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1054
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1042
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1041
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1037
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1033
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1031
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1028
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32\1025
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system32
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\system
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\security
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Resources
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\repair
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\mui
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\msapps
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\msagent
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Media
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\ime
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Help
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Driver Cache
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Debug
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Cursors
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Connection Wizard
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\Config
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\AppPatch
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS\addins
2007-05-28 07:15 <DIR> d-------- E:\WINDOWS
2007-05-28 02:02 <DIR> d-------- E:\Program Files\Lavasoft
2007-05-28 02:02 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\Lavasoft
2007-05-28 01:19 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\AdobeUM
2007-05-28 01:16 <DIR> d-------- E:\Program Files\Winamp
2007-05-28 01:09 16,384 --a------ E:\WINDOWS\system32\FileOps.exe
2007-05-28 01:07 <DIR> d-------- E:\WINDOWS\Adobe Illustrator CS
2007-05-28 01:01 <DIR> d--hs---- E:\RECYCLER
2007-05-28 00:59 0 --a------ E:\WINDOWS\nsreg.dat
2007-05-28 00:54 <DIR> d-------- E:\Program Files\Telstra
2007-05-28 00:53 5,180,760 --a------ E:\Documents and Settings\Vincent\CONFIGW.EXE
2007-05-28 00:53 5,180,760 --a------ E:\DOCUME~1\Vincent\CONFIGW.EXE
2007-05-28 00:53 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2007-05-28 00:33 573,440 -ra------ E:\WINDOWS\system32\UN3CDiag.exe
2007-05-28 00:32 41,852 -ra------ E:\WINDOWS\system32\UpdDrv2K.exe
2007-05-28 00:32 <DIR> d-------- E:\WINDOWS\OPTIONS
2007-05-28 00:20 25,703 --a------ E:\WINDOWS\system32\drivers\VetMonNT.sys
2007-05-28 00:20 244,264 --a------ E:\WINDOWS\unicows.dll
2007-05-28 00:20 15,735 --a------ E:\WINDOWS\system32\drivers\VetFDDNT.sys
2007-05-28 00:20 116,264 --a------ E:\WINDOWS\UnVet32.exe
2007-05-28 00:16 75,512 --a------ E:\WINDOWS\zllsputility.exe
2007-05-28 00:16 4,212 ---h----- E:\WINDOWS\system32\zllictbl.dat
2007-05-28 00:16 11,264 --a------ E:\WINDOWS\system32\SpOrder.dll
2007-05-28 00:16 1,087,216 --a------ E:\WINDOWS\system32\zpeng24.dll
2007-05-28 00:16 <DIR> d-------- E:\WINDOWS\system32\ZoneLabs
2007-05-28 00:15 <DIR> d-------- E:\WINDOWS\Internet Logs
2007-05-28 00:13 <DIR> d-------- E:\DOCUME~1\Vincent\APPLIC~1\Help
2007-05-28 00:11 516,096 --------- E:\WINDOWS\system32\ati2sgag.exe
2007-05-28 00:11 290,816 -ra------ E:\WINDOWS\system32\atiiiexx.dll
2007-05-28 00:10 <DIR> d-------- E:\Program Files\ATI Technologies
2007-05-28 00:08 996,872 --a------ E:\WINDOWS\system\CP3240MT.DLL
2007-05-28 00:08 458,752 --a------ E:\WINDOWS\system\COMCTL32.DLL
2007-05-28 00:08 29,952 --a------ E:\WINDOWS\system\BORLNDMM.DLL
2007-05-28 00:07 6,272 --a------ E:\WINDOWS\system32\drivers\ASLM75.SYS
2007-05-28 00:07 299,008 --a------ E:\WINDOWS\uninst.exe
2007-05-28 00:07 <DIR> d-------- E:\Documents and Settings\Vincent\WINDOWS
2007-05-28 00:07 <DIR> d-------- E:\DOCUME~1\Vincent\WINDOWS
2007-05-28 00:05 82,944 --a------ E:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-28 00:05 52,864 --a------ E:\WINDOWS\system32\drivers\DMusic.sys
2007-05-28 00:05 235,100 --a------ E:\WINDOWS\system32\drivers\MidiSyn.sys
2007-05-28 00:04 991,232 --a------ E:\WINDOWS\system32\virtear.dll
2007-05-28 00:04 765,952 --a------ E:\WINDOWS\system\crlds3d.dll
2007-05-28 00:04 720,896 --a------ E:\WINDOWS\system32\Audio3d.dll
2007-05-28 00:04 720,896 --a------ E:\WINDOWS\system32\a3d.dll
2007-05-28 00:04 7,552 --a------ E:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-28 00:04 60,800 --a------ E:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-28 00:04 60,288 --a------ E:\WINDOWS\system32\drivers\drmk.sys
2007-05-28 00:04 578,304 --a------ E:\WINDOWS\system32\drivers\smwdm.sys
2007-05-28 00:04 54,272 --a------ E:\WINDOWS\system32\drivers\swmidi.sys
2007-05-28 00:04 5,376 --a------ E:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-28 00:04 49,152 --a------ E:\WINDOWS\system32\DSndUp.exe
2007-05-28 00:04 45,056 --a------ E:\WINDOWS\system32\CleanUp.exe
2007-05-28 00:04 4,992 --a------ E:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-28 00:04 4,096 --a------ E:\WINDOWS\system32\ksuser.dll
2007-05-28 00:04 30,208 --a------ E:\WINDOWS\system32\wdmioctl.dll
2007-05-28 00:04 2,944 --a------ E:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-28 00:04 171,776 --a------ E:\WINDOWS\system32\drivers\kmixer.sys
2007-05-28 00:04 145,792 --a------ E:\WINDOWS\system32\drivers\portcls.sys
2007-05-28 00:04 142,464 --a------ E:\WINDOWS\system32\drivers\aec.sys
2007-05-28 00:04 100,224 --a------ E:\WINDOWS\system32\drivers\aeaudio.sys
2007-05-28 00:04 1,285,632 --a------ E:\WINDOWS\system32\SMMedia.dll
2007-05-28 00:04 <DIR> d-------- E:\WINDOWS\VirtualEar
2007-05-28 00:04 <DIR> d-------- E:\Program Files\Analog Devices
2007-05-28 00:03 72,192 -ra------ E:\WINDOWS\system32\drivers\viaraid.sys
2007-05-28 00:03 <DIR> d-------- E:\Program Files\VIA
2007-05-28 00:01 <DIR> d-------- E:\Program Files\Intel
2007-05-28 00:00 5,824 --a------ E:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-05-28 00:00 <DIR> d--h----- E:\Program Files\InstallShield Installation Information
2007-05-28 00:00 <DIR> d-------- E:\Program Files\Common Files\InstallShield
2007-05-27 23:58 <DIR> d-------- E:\WINDOWS\SoftwareDistribution
2007-05-27 23:58 <DIR> d-------- E:\WINDOWS\Prefetch
2007-05-27 23:44 95,424 --------- E:\WINDOWS\system32\drivers\slnthal.sys
2007-05-27 23:44 9,728 --------- E:\WINDOWS\system32\comsdupd.exe
2007-05-27 23:44 896,512 --------- E:\WINDOWS\system32\wmspdmoe.dll
2007-05-27 23:44 88,064 --------- E:\WINDOWS\system32\p2pnetsh.dll
2007-05-27 23:44 866,016 --a------ E:\WINDOWS\system32\ati3d1ag.dll
2007-05-27 23:44 86,016 --------- E:\WINDOWS\system32\p2pgasvc.dll
2007-05-27 23:44 86,016 --------- E:\WINDOWS\system32\mdmxsdk.dll
2007-05-27 23:44 845,856 --a------ E:\WINDOWS\system32\ati3duag.dll
2007-05-27 23:44 81,920 --------- E:\WINDOWS\system32\ieencode.dll
2007-05-27 23:44 81,408 --------- E:\WINDOWS\system32\wscsvc.dll
2007-05-27 23:44 8,192 --------- E:\WINDOWS\system32\smbinst.exe
2007-05-27 23:44 8,192 --------- E:\WINDOWS\system32\bitsprx2.dll
2007-05-27 23:44 78,464 --------- E:\WINDOWS\system32\drivers\usbvideo.sys
2007-05-27 23:44 755,200 --------- E:\WINDOWS\system32\ir50_32.dll
2007-05-27 23:44 75,776 --------- E:\WINDOWS\system32\strmfilt.dll
2007-05-27 23:44 73,832 --------- E:\WINDOWS\system32\slcoinst.dll
2007-05-27 23:44 73,796 --------- E:\WINDOWS\system32\slserv.exe
2007-05-27 23:44 73,216 --------- E:\WINDOWS\system32\drivers\atintuxx.sys
2007-05-27 23:44 71,680 --------- E:\WINDOWS\system32\blastcln.exe
2007-05-27 23:44 7,680 --------- E:\WINDOWS\system32\kbdsmsno.dll
2007-05-27 23:44 7,680 --------- E:\WINDOWS\system32\kbdsmsfi.dll
2007-05-27 23:44 7,168 --------- E:\WINDOWS\system32\kbdukx.dll
2007-05-27 23:44 7,168 --------- E:\WINDOWS\system32\kbdno1.dll
2007-05-27 23:44 7,168 --------- E:\WINDOWS\system32\kbdfi1.dll
2007-05-27 23:44 7,168 --------- E:\WINDOWS\system32\bitsprx3.dll
2007-05-27 23:44 685,056 --------- E:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-05-27 23:44 67,584 --------- E:\WINDOWS\system32\drivers\sdbus.sys
2007-05-27 23:44 647,680 --a------ E:\WINDOWS\system32\drivers\ati2mtag.sys
2007-05-27 23:44 63,663 --------- E:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-05-27 23:44 63,488 --------- E:\WINDOWS\system32\drivers\atinxsxx.sys
2007-05-27 23:44 60,416 --------- E:\WINDOWS\system32\fwcfg.dll
2007-05-27 23:44 6,656 --------- E:\WINDOWS\system32\kbdinmal.dll
2007-05-27 23:44 6,656 --------- E:\WINDOWS\system32\kbdinben.dll
2007-05-27 23:44 6,144 --------- E:\WINDOWS\system32\kbdmlt48.dll
2007-05-27 23:44 6,144 --------- E:\WINDOWS\system32\kbdmlt47.dll
2007-05-27 23:44 6,144 --------- E:\WINDOWS\system32\kbdinbe1.dll
2007-05-27 23:44 6,016 --------- E:\WINDOWS\system32\drivers\smbali.sys
2007-05-27 23:44 59,648 --------- E:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-27 23:44 57,856 --------- E:\WINDOWS\system32\drivers\atinbtxx.sys
2007-05-27 23:44 56,623 --------- E:\WINDOWS\system32\drivers\ati1btxx.sys
2007-05-27 23:44 540,704 --a------ E:\WINDOWS\system32\ativvaxx.dll
2007-05-27 23:44 526,848 --------- E:\WINDOWS\system32\p2psvc.dll
2007-05-27 23:44 52,224 --------- E:\WINDOWS\system32\mspmsnsv.dll
2007-05-27 23:44 52,224 --------- E:\WINDOWS\system32\drivers\atinraxx.sys
2007-05-27 23:44 50,688 --------- E:\WINDOWS\system32\btpanui.dll
2007-05-27 23:44 50,176 --------- E:\WINDOWS\system32\xmlprovi.dll
2007-05-27 23:44 5,632 --------- E:\WINDOWS\system32\kbdmaori.dll
2007-05-27 23:44 49,152 --------- E:\WINDOWS\system32\powercfg.exe
2007-05-27 23:44 484,864 --------- E:\WINDOWS\system32\wmspdmod.dll
2007-05-27 23:44 48,640 --------- E:\WINDOWS\system32\pnrpnsp.dll
2007-05-27 23:44 46,464 --------- E:\WINDOWS\system32\drivers\gagp30kx.sys
2007-05-27 23:44 452,736 --------- E:\WINDOWS\system32\drivers\mtxparhm.sys
2007-05-27 23:44 44,928 --------- E:\WINDOWS\system32\drivers\agpcpq.sys
2007-05-27 23:44 44,672 --------- E:\WINDOWS\system32\drivers\uagp35.sys
2007-05-27 23:44 44,032 --------- E:\WINDOWS\system32\twext.dll
2007-05-27 23:44 438,784 --------- E:\WINDOWS\system32\xpob2res.dll
2007-05-27 23:44 430,592 --------- E:\WINDOWS\system32\wuapi.dll
2007-05-27 23:44 43,008 --------- E:\WINDOWS\system32\drivers\amdagp.sys
2007-05-27 23:44 42,752 --------- E:\WINDOWS\system32\drivers\alim1541.sys
2007-05-27 23:44 42,368 --a------ E:\WINDOWS\system32\drivers\AGP440.SYS
2007-05-27 23:44 42,240 --------- E:\WINDOWS\system32\drivers\viaagp.sys
2007-05-27 23:44 41,088 --------- E:\WINDOWS\system32\drivers\sisagp.sys
2007-05-27 23:44 404,990 --------- E:\WINDOWS\system32\drivers\slntamr.sys
2007-05-27 23:44 40,832 --------- E:\WINDOWS\system32\drivers\irbus.sys
2007-05-27 23:44 4,274,816 --------- E:\WINDOWS\system32\nv4_disp.dll
2007-05-27 23:44 4,255 --------- E:\WINDOWS\system32\drivers\adv01nt5.dll
2007-05-27 23:44 397,056 --------- E:\WINDOWS\system32\s3gnb.dll
2007-05-27 23:44 384,512 --a------ E:\WINDOWS\system32\ati2dvag.dll
2007-05-27 23:44 384,512 --------- E:\WINDOWS\system32\mp4sdmod.dll
2007-05-27 23:44 38,016 --------- E:\WINDOWS\system32\drivers\bthmodem.sys
2007-05-27 23:44 377,984 --------- E:\WINDOWS\system32\ati2dvaa.dll
2007-05-27 23:44 36,864 --------- E:\WINDOWS\system32\wups.dll
2007-05-27 23:44 36,463 --------- E:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-05-27 23:44 36,096 --------- E:\WINDOWS\system32\drivers\intelppm.sys
2007-05-27 23:44 35,456 --------- E:\WINDOWS\system32\drivers\bthprint.sys
2007-05-27 23:44 34,735 --------- E:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-05-27 23:44 338,432 --------- E:\WINDOWS\system32\ir41_qcx.dll
2007-05-27 23:44 327,040 --------- E:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-05-27 23:44 32,866 --------- E:\WINDOWS\system32\slrundll.exe
2007-05-27 23:44 32,866 --------- E:\WINDOWS\slrundll.exe
2007-05-27 23:44 32,768 --------- E:\WINDOWS\system32\ativtmxx.dll
2007-05-27 23:44 32,285 --------- E:\WINDOWS\system32\hsfcisp2.dll
2007-05-27 23:44 312,320 --------- E:\WINDOWS\system32\p2pgraph.dll
2007-05-27 23:44 310,272 --------- E:\WINDOWS\system32\mp43dmod.dll
2007-05-27 23:44 31,744 --------- E:\WINDOWS\system32\drivers\atinxbxx.sys
2007-05-27 23:44 30,671 --------- E:\WINDOWS\system32\drivers\ati1raxx.sys
2007-05-27 23:44 30,208 --------- E:\WINDOWS\system32\bthserv.dll
2007-05-27 23:44 30,080 --------- E:\WINDOWS\system32\drivers\rndismpx.sys
2007-05-27 23:44 3,967 --------- E:\WINDOWS\system32\drivers\adv02nt5.dll
2007-05-27 23:44 3,901 --------- E:\WINDOWS\system32\drivers\siint5.dll
2007-05-27 23:44 3,775 --------- E:\WINDOWS\system32\drivers\adv11nt5.dll
2007-05-27 23:44 3,711 --------- E:\WINDOWS\system32\drivers\adv09nt5.dll
2007-05-27 23:44 3,647 --------- E:\WINDOWS\system32\drivers\adv07nt5.dll
2007-05-27 23:44 3,615 --------- E:\WINDOWS\system32\drivers\adv05nt5.dll
2007-05-27 23:44 3,135 --------- E:\WINDOWS\system32\drivers\adv08nt5.dll
2007-05-27 23:44 29,455 --------- E:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-05-27 23:44 29,184 --------- E:\WINDOWS\system32\sdhcinst.dll
2007-05-27 23:44 29,056 --------- E:\WINDOWS\system32\drivers\ip6fw.sys
2007-05-27 23:44 286,792 --------- E:\WINDOWS\system32\slextspk.dll
2007-05-27 23:44 28,672 --------- E:\WINDOWS\system32\drivers\atinsnxx.sys
2007-05-27 23:44 274,304 --------- E:\WINDOWS\system32\drivers\bthport.sys
2007-05-27 23:44 263,040 --------- E:\WINDOWS\system32\drivers\http.sys
2007-05-27 23:44 26,367 --------- E:\WINDOWS\system32\drivers\ati1snxx.sys
2007-05-27 23:44 25,600 --------- E:\WINDOWS\system32\drivers\hidbth.sys
2007-05-27 23:44 25,471 --------- E:\WINDOWS\system32\drivers\watv10nt.sys
2007-05-27 23:44 25,471 --------- E:\WINDOWS\system32\drivers\atv04nt5.dll
2007-05-27 23:44 24,576 --------- E:\WINDOWS\system32\httpapi.dll
2007-05-27 23:44 233,472 --------- E:\WINDOWS\system32\wmpdxm.dll
2007-05-27 23:44 229,376 --------- E:\WINDOWS\system32\ati2cqag.dll
2007-05-27 23:44 220,032 --------- E:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-05-27 23:44 22,528 --------- E:\WINDOWS\system32\fltmc.exe
2007-05-27 23:44 22,271 --------- E:\WINDOWS\system32\drivers\watv06nt.sys
2007-05-27 23:44 21,343 --------- E:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-05-27 23:44 21,183 --------- E:\WINDOWS\system32\drivers\atv01nt5.dll
2007-05-27 23:44 200,192 --------- E:\WINDOWS\system32\ir50_qc.dll
2007-05-27 23:44 20,992 --------- E:\WINDOWS\system32\bthci.dll
2007-05-27 23:44 2,113,536 --------- E:\WINDOWS\system32\dxdiagn.dll
2007-05-27 23:44 193,024 --------- E:\WINDOWS\system32\fsquirt.exe
2007-05-27 23:44 188,508 --------- E:\WINDOWS\system32\slgen.dll
2007-05-27 23:44 183,808 --------- E:\WINDOWS\system32\ir50_qcx.dll
2007-05-27 23:44 183,296 --------- E:\WINDOWS\system32\wuaueng1.dll
2007-05-27 23:44 180,360 --------- E:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-05-27 23:44 18,944 --------- E:\WINDOWS\system32\drivers\bthusb.sys
2007-05-27 23:44 17,408 --------- E:\WINDOWS\system32\winshfhc.dll
2007-05-27 23:44 17,279 --------- E:\WINDOWS\system32\drivers\atv10nt5.dll
2007-05-27 23:44 17,024 --------- E:\WINDOWS\system32\drivers\bthenum.sys
2007-05-27 23:44 168,448 --------- E:\WINDOWS\system32\wmerror.dll
2007-05-27 23:44 166,912 --------- E:\WINDOWS\system32\drivers\s3gnbm.sys
2007-05-27 23:44 165,888 --------- E:\WINDOWS\system32\wuauclt1.exe
2007-05-27 23:44 16,896 --------- E:\WINDOWS\system32\fltlib.dll
2007-05-27 23:44 151,552 --------- E:\WINDOWS\system32\wmidx.dll
2007-05-27 23:44 15,872 --------- E:\WINDOWS\system32\w3ssl.dll
2007-05-27 23:44 15,488 --------- E:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-27 23:44 15,423 --------- E:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-05-27 23:44 15,104 --------- E:\WINDOWS\system32\drivers\hidir.sys
2007-05-27 23:44 14,336 --------- E:\WINDOWS\system32\drivers\atinpdxx.sys
2007-05-27 23:44 14,336 --------- E:\WINDOWS\system32\auditusr.exe
2007-05-27 23:44 14,143 --------- E:\WINDOWS\system32\drivers\atv06nt5.dll
2007-05-27 23:44 13,824 --------- E:\WINDOWS\system32\wscntfy.exe
2007-05-27 23:44 13,824 --------- E:\WINDOWS\system32\drivers\atinttxx.sys
2007-05-27 23:44 13,824 --------- E:\WINDOWS\system32\drivers\atinmdxx.sys
2007-05-27 23:44 13,824 --------- E:\WINDOWS\system32\cmsetacl.dll
2007-05-27 23:44 13,776 --------- E:\WINDOWS\system32\drivers\recagent.sys
2007-05-27 23:44 13,568 --------- E:\WINDOWS\system32\drivers\wacompen.sys
2007-05-27 23:44 13,240 --------- E:\WINDOWS\system32\drivers\slwdmsup.sys
2007-05-27 23:44 129,536 --------- E:\WINDOWS\system32\xmlprov.dll
2007-05-27 23:44 129,535 --------- E:\WINDOWS\system32\drivers\slnt7554.sys
2007-05-27 23:44 126,686 --------- E:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-05-27 23:44 124,800 --------- E:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-27 23:44 120,320 --------- E:\WINDOWS\system32\wuweb.dll
2007-05-27 23:44 120,320 --------- E:\WINDOWS\system32\ir41_qc.dll
2007-05-27 23:44 12,672 --------- E:\WINDOWS\system32\drivers\usb8023x.sys
2007-05-27 23:44 12,672 --------- E:\WINDOWS\system32\drivers\mutohpen.sys
2007-05-27 23:44 12,047 --------- E:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-05-27 23:44 118,784 --------- E:\WINDOWS\system32\msdadiag.dll
2007-05-27 23:44 116,224 --------- E:\WINDOWS\system32\p2p.dll
2007-05-27 23:44 114,688 --------- E:\WINDOWS\system32\wmpasf.dll
2007-05-27 23:44 112,640 --------- E:\WINDOWS\system32\wucltui.dll
2007-05-27 23:44 11,935 --------- E:\WINDOWS\system32\drivers\wadv11nt.sys
2007-05-27 23:44 11,871 --------- E:\WINDOWS\system32\drivers\wadv09nt.sys
2007-05-27 23:44 11,868 --------- E:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-05-27 23:44 11,807 --------- E:\WINDOWS\system32\drivers\wadv07nt.sys
2007-05-27 23:44 11,615 --------- E:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-05-27 23:44 11,359 --------- E:\WINDOWS\system32\drivers\atv02nt5.dll
2007-05-27 23:44 11,325 --------- E:\WINDOWS\system32\drivers\vchnt5.dll
2007-05-27 23:44 11,295 --------- E:\WINDOWS\system32\drivers\wadv08nt.sys
2007-05-27 23:44 11,136 --------- E:\WINDOWS\system32\drivers\sffdisk.sys
2007-05-27 23:44 108,032 --------- E:\WINDOWS\system32\wshbth.dll
2007-05-27 23:44 104,960 --------- E:\WINDOWS\system32\drivers\atinrvxx.sys
2007-05-27 23:44 100,992 --------- E:\WINDOWS\system32\drivers\bthpan.sys
2007-05-27 23:44 10,240 --------- E:\WINDOWS\system32\drivers\sffp_sd.sys
2007-05-27 23:44 1,897,408 --------- E:\WINDOWS\system32\drivers\nv4_mini.sys
2007-05-27 23:44 1,737,856 --------- E:\WINDOWS\system32\mtxparhd.dll
2007-05-27 23:44 1,689,088 --------- E:\WINDOWS\system32\d3d9.dll
2007-05-27 23:44 1,309,184 --------- E:\WINDOWS\system32\drivers\mtlstrm.sys
2007-05-27 23:44 1,119,744 --------- E:\WINDOWS\system32\wmsdmoe2.dll
2007-05-27 23:44 1,041,536 --------- E:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-05-27 23:44 1,001,472 --------- E:\WINDOWS\system32\wmvdmoe2.dll
2007-05-27 23:44 <DIR> d-------- E:\WINDOWS\provisioning
2007-05-27 23:44 <DIR> d-------- E:\WINDOWS\peernet
2007-05-27 23:42 <DIR> d-------- E:\WINDOWS\ServicePackFiles
2007-05-27 23:40 2,897,920 --------- E:\WINDOWS\system32\xpsp2res.dll
2007-05-27 23:38 15,872 --a------ E:\WINDOWS\system32\spupdsvc.exe
2007-05-27 23:38 <DIR> d-------- E:\WINDOWS\system32\ReinstallBackups
2007-05-27 23:36 <DIR> d-------- E:\WINDOWS\EHome
2007-05-27 23:32 <DIR> d--hs---- E:\WINDOWS\Installer
2007-05-27 23:31 229,376 --ah----- E:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-27 23:31 229,376 --ah----- E:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-27 23:31 2,097,152 --ah----- E:\Documents and Settings\Vincent\NTUSER.DAT
2007-05-27 23:31 2,097,152 --ah----- E:\DOCUME~1\Vincent\NTUSER.DAT
2007-05-27 23:31 <DIR> d--hs---- E:\System Volume Information
2007-05-27 23:27 229,376 ---h----- E:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-27 23:26 <DIR> d--hs---- E:\DOCUME~1\ALLUSE~1\DRM
2007-05-27 23:25 81,920 --a------ E:\WINDOWS\system32\isign32.dll
2007-05-27 23:25 81,920 --a------ E:\WINDOWS\system32\ils.dll
2007-05-27 23:25 73,728 --a------ E:\WINDOWS\system32\icwdial.dll
2007-05-27 23:25 73,472 --a------ E:\WINDOWS\system32\drivers\sr.sys
2007-05-27 23:25 71,680 --a------ E:\WINDOWS\system32\ssdpsrv.dll
2007-05-27 23:25 69,632 --a------ E:\WINDOWS\system32\msconf.dll
2007-05-27 23:25 678,400 --a------ E:\WINDOWS\system32\inetcomm.dll
2007-05-27 23:25 67,584 --a------ E:\WINDOWS\system32\srclient.dll
2007-05-27 23:25 65,536 --a------ E:\WINDOWS\system32\icwphbk.dll
2007-05-27 23:25 64,512 --a------ E:\WINDOWS\system32\acctres.dll
2007-05-27 23:25 48,128 --a------ E:\WINDOWS\system32\inetres.dll
2007-05-27 23:25 45,568 --a------ E:\WINDOWS\system32\safrslv.dll
2007-05-27 23:25 43,520 --a------ E:\WINDOWS\system32\safrcdlg.dll
2007-05-27 23:25 43,520 --a------ E:\WINDOWS\system32\racpldlg.dll
2007-05-27 23:25 382,464 --a------ E:\WINDOWS\system32\qmgr.dll
2007-05-27 23:25 34,816 --a------ E:\WINDOWS\system32\ssdpapi.dll
2007-05-27 23:25 34,560 --a------ E:\WINDOWS\system32\mnmdd.dll
2007-05-27 23:25 32,768 --a------ E:\WINDOWS\system32\mnmsrvc.exe
2007-05-27 23:25 32,768 --a------ E:\WINDOWS\system32\isrdbg32.dll
2007-05-27 23:25 29,696 --a------ E:\WINDOWS\system32\safrdm.dll
2007-05-27 23:25 28,672 --a------ E:\WINDOWS\system32\nmmkcert.dll
2007-05-27 23:25 274,944 --a------ E:\WINDOWS\system32\mstask.dll
2007-05-27 23:25 274,432 --a------ E:\WINDOWS\system32\inetcfg.dll
2007-05-27 23:25 252,928 --a------ E:\WINDOWS\system32\msoeacct.dll
2007-05-27 23:25 25,600 --a------ E:\WINDOWS\system32\udhisapi.dll
2007-05-27 23:25 239,104 --a------ E:\WINDOWS\system32\srrstr.dll
2007-05-27 23:25 190,976 --a------ E:\WINDOWS\system32\schedsvc.dll
2007-05-27 23:25 185,344 --a------ E:\WINDOWS\system32\upnphost.dll
2007-05-27 23:25 18,944 --a------ E:\WINDOWS\system32\qmgrprxy.dll
2007-05-27 23:25 170,496 --a------ E:\WINDOWS\system32\srsvc.dll
2007-05-27 23:25 16,896 --a------ E:\WINDOWS\system32\upnpcont.exe
2007-05-27 23:25 16,384 --a------ E:\WINDOWS\system32\icfgnt5.dll
2007-05-27 23:25 132,608 --a------ E:\WINDOWS\system32\upnp.dll
2007-05-27 23:25 12,288 --a------ E:\WINDOWS\system32\nmevtmsg.dll
2007-05-27 23:25 12,288 --a------ E:\WINDOWS\system32\mstinit.exe
2007-05-27 23:25 11,264 --a------ E:\WINDOWS\system32\atrace.dll
2007-05-27 23:25 105,984 --a------ E:\WINDOWS\system32\msoert2.dll
2007-05-27 23:24 <DIR> d-------- E:\WINDOWS\Registration
2007-05-27 21:41 <DIR> d-------- E:\WINDOWS\system32\xircom
2007-05-27 21:41 <DIR> d-------- E:\Program Files\microsoft frontpage
2007-05-27 21:40 112,128 --a------ E:\WINDOWS\system32\mapi32.dll
2007-05-27 21:39 <DIR> dr------- E:\WINDOWS\Offline Web Pages
2007-05-27 21:39 <DIR> d---s---- E:\WINDOWS\Downloaded Program Files
2007-05-27 21:39 <DIR> d-------- E:\WINDOWS\system32\DirectX
2007-05-27 21:38 21,640 --a------ E:\WINDOWS\system32\emptyregdb.dat
2007-05-27 21:38 <DIR> d---s---- E:\WINDOWS\Tasks
2007-05-27 21:38 <DIR> d-------- E:\WINDOWS\system32\Restore
2007-05-27 21:38 <DIR> d-------- E:\WINDOWS\system32\Macromed
2007-05-27 21:38 <DIR> d-------- E:\WINDOWS\srchasst
2007-05-27 21:38 <DIR> d-------- E:\WINDOWS\PCHealth
2007-05-27 21:38 <DIR> d-------- E:\Program Files\Movie Maker
2007-05-27 21:38 <DIR> d-------- E:\Program Files\Common Files\MSSoap
2007-05-27 21:37 949,248 --a------ E:\WINDOWS\system32\msdtctm.dll
2007-05-27 21:37 90,112 --a------ E:\WINDOWS\system32\mtxoci.dll
2007-05-27 21:37 9,728 --a------ E:\WINDOWS\system32\reset.exe
2007-05-27 21:37 85,504 --a------ E:\WINDOWS\system32\catsrvps.dll
2007-05-27 21:37 82,432 --a------ E:\WINDOWS\system32\comrepl.dll
2007-05-27 21:37 80,384 --a------ E:\WINDOWS\system32\charmap.exe
2007-05-27 21:37 73,216 --a------ E:\WINDOWS\system32\avwav.dll
2007-05-27 21:37 67,072 --a------ E:\WINDOWS\system32\rdshost.exe
2007-05-27 21:37 62,464 --a------ E:\WINDOWS\system32\colbact.dll
2007-05-27 21:37 605,696 --a------ E:\WINDOWS\system32\getuname.dll
2007-05-27 21:37 6,144 --a------ E:\WINDOWS\system32\msdtc.exe
2007-05-27 21:37 58,880 --a------ E:\WINDOWS\system32\msdtclog.dll
2007-05-27 21:37 56,832 --a------ E:\WINDOWS\system32\sol.exe
2007-05-27 21:37 56,320 --a------ E:\WINDOWS\system32\servdeps.dll
2007-05-27 21:37 55,296 --a------ E:\WINDOWS\system32\freecell.exe
2007-05-27 21:37 540,160 --a------ E:\WINDOWS\system32\comuid.dll
2007-05-27 21:37 54,272 --a------ E:\WINDOWS\system32\stclient.dll
2007-05-27 21:37 501,248 --a------ E:\WINDOWS\system32\clbcatq.dll
2007-05-27 21:37 5,632 --a------ E:\WINDOWS\system32\write.exe
2007-05-27 21:37 5,120 --a------ E:\WINDOWS\system32\dcomcnfg.exe
2007-05-27 21:37 44,544 --a------ E:\WINDOWS\system32\hticons.dll
2007-05-27 21:37 4,096 --a------ E:\WINDOWS\system32\rdpcfgex.dll
2007-05-27 21:37 4,096 --a------ E:\WINDOWS\system32\mtxex.dll
2007-05-27 21:37 35,328 --a------ E:\WINDOWS\system32\winchat.exe
2007-05-27 21:37 345,088 --a------ E:\WINDOWS\system32\hypertrm.dll
2007-05-27 21:37 343,040 --a------ E:\WINDOWS\system32\mspaint.exe
2007-05-27 21:37 33,792 --a------ E:\WINDOWS\system32\regini.exe
2007-05-27 21:37 25,600 --a------ E:\WINDOWS\system32\comaddin.dll
2007-05-27 21:37 25,088 --a------ E:\WINDOWS\system32\mtxlegih.dll
2007-05-27 21:37 229,888 --a------ E:\WINDOWS\system32\catsrv.dll
2007-05-27 21:37 227,840 --a------ E:\WINDOWS\system32\avtapi.dll
2007-05-27 21:37 22,016 --a------ E:\WINDOWS\system32\qwinsta.exe
2007-05-27 21:37 21,896 --a------ E:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-27 21:37 20,992 --a------ E:\WINDOWS\system32\msg.exe
2007-05-27 21:37 20,480 --a------ E:\WINDOWS\system32\qprocess.exe
2007-05-27 21:37 20,480 --a------ E:\WINDOWS\system32\mtxdm.dll
2007-05-27 21:37 185,344 --a------ E:\WINDOWS\system32\cmprops.dll
2007-05-27 21:37 183,808 --a------ E:\WINDOWS\system32\accwiz.exe
2007-05-27 21:37 17,408 --a------ E:\WINDOWS\system32\mmfutil.dll
2007-05-27 21:37 161,280 --a------ E:\WINDOWS\system32\msdtcuiu.dll
2007-05-27 21:37 16,896 --a------ E:\WINDOWS\system32\tsshutdn.exe
2007-05-27 21:37 16,896 --a------ E:\WINDOWS\system32\qappsrv.exe
2007-05-27 21:37 16,384 --a------ E:\WINDOWS\system32\tskill.exe
2007-05-27 21:37 16,384 --a------ E:\WINDOWS\system32\avmeter.dll
2007-05-27 21:37 15,872 --a------ E:\WINDOWS\system32\rwinsta.exe
2007-05-27 21:37 15,872 --a------ E:\WINDOWS\system32\cdmodem.dll
2007-05-27 21:37 15,360 --a------ E:\WINDOWS\system32\logoff.exe
2007-05-27 21:37 147,456 --a------ E:\WINDOWS\system32\comsnap.dll
2007-05-27 21:37 14,848 --a------ E:\WINDOWS\system32\tsdiscon.exe
2007-05-27 21:37 14,848 --a------ E:\WINDOWS\system32\tscon.exe
2007-05-27 21:37 14,848 --a------ E:\WINDOWS\system32\shadow.exe
2007-05-27 21:37 138,752 --a------ E:\WINDOWS\system32\sndvol32.exe
2007-05-27 21:37 131,584 --a------ E:\WINDOWS\system32\sndrec32.exe
2007-05-27 21:37 126,976 --a------ E:\WINDOWS\system32\mshearts.exe
2007-05-27 21:37 123,392 --a------ E:\WINDOWS\system32\mplay32.exe
2007-05-27 21:37 12,040 --a------ E:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-27 21:37 119,808 --a------ E:\WINDOWS\system32\winmine.exe
2007-05-27 21:37 114,688 --a------ E:\WINDOWS\system32\calc.exe
2007-05-27 21:37 110,080 --a------ E:\WINDOWS\system32\clbcatex.dll
2007-05-27 21:37 11,776 --a------ E:\WINDOWS\system32\xolehlp.dll
2007-05-27 21:37 1,161 --a------ E:\WINDOWS\system32\usrlogon.cmd
2007-05-27 21:37 <DIR> d--h----- E:\Program Files\WindowsUpdate
2007-05-27 21:37 <DIR> d-------- E:\Program Files\Windows NT
2007-05-27 21:37 <DIR> d-------- E:\Program Files\Online Services
2007-05-27 21:37 <DIR> d-------- E:\Program Files\MSN Gaming Zone
2007-05-27 21:37 <DIR> d-------- E:\Program Files\Messenger
2007-05-27 21:36 93,696 --a------ E:\WINDOWS\system32\tscfgwmi.dll
2007-05-27 21:36 87,176 --a------ E:\WINDOWS\system32\rdpwsx.dll
2007-05-27 21:36 655,360 --a------ E:\WINDOWS\system32\mstscax.dll
2007-05-27 21:36 628,224 --a------ E:\WINDOWS\system32\catsrvut.dll
2007-05-27 21:36 62,464 --a------ E:\WINDOWS\system32\rdpclip.exe
2007-05-27 21:36 60,416 --a------ E:\WINDOWS\system32\remotepg.dll
2007-05-27 21:36 6,656 --a------ E:\WINDOWS\system32\wuauserv.dll
2007-05-27 21:36 58,880 --a------ E:\WINDOWS\system32\licwmi.dll
2007-05-27 21:36 538,624 --a------ E:\WINDOWS\system32\spider.exe
2007-05-27 21:36 44,544 --a------ E:\WINDOWS\system32\tscupgrd.exe
2007-05-27 21:36 425,472 --a------ E:\WINDOWS\system32\msdtcprx.dll
2007-05-27 21:36 407,552 --a------ E:\WINDOWS\system32\mstsc.exe
2007-05-27 21:36 38,912 --a------ E:\WINDOWS\system32\cfgbkend.dll
2007-05-27 21:36 295,424 --a------ E:\WINDOWS\system32\termsrv.dll
2007-05-27 21:36 19,968 --a------ E:\WINDOWS\system32\rdpsnd.dll
2007-05-27 21:36 147,968 --a------ E:\WINDOWS\system32\rdchost.dll
2007-05-27 21:36 140,800 --a------ E:\WINDOWS\system32\sessmgr.exe
2007-05-27 21:36 139,400 --a------ E:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-27 21:36 13,824 --a------ E:\WINDOWS\system32\rdsaddin.exe
2007-05-27 21:36 111,104 --a------ E:\WINDOWS\system32\wuauclt.exe
2007-05-27 21:36 11,264 --a------ E:\WINDOWS\system32\icaapi.dll
2007-05-27 21:36 102,912 --a------ E:\WINDOWS\system32\clipbrd.exe
2007-05-27 21:36 1,251,840 --a------ E:\WINDOWS\system32\comsvcs.dll
2007-05-27 21:36 1,134,592 --a------ E:\WINDOWS\system32\wuaueng.dll
2007-05-27 21:36 <DIR> d-------- E:\WINDOWS\system32\MsDtc
2007-05-27 21:36 <DIR> d-------- E:\WINDOWS\system32\Com
2007-05-27 21:26 40,840 --a------ E:\WINDOWS\system32\drivers\termdd.sys
2007-05-27 21:26 196,864 --a------ E:\WINDOWS\system32\drivers\rdpdr.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 16:28]
"SoundMAX"="E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 09:42]
"ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-12-12 11:31]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"TCASUTIEXE"="TCAUDIAG.exe" [2003-07-16 17:34 E:\WINDOWS\system32\TCAUDIAG.EXE]
"BigPondCable"="E:\Program Files\Telstra\Cable Login\bpcable.exe" [2003-09-29 13:07]
"!AVG Anti-Spyware"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 22:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-29 00:13]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-02 22:22:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-06-02 22:23:13

--- E O F ---

#6 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 June 2007 - 10:07 AM

Here is the log for Dr Web CureIt scan:


3 Nickelback Someday.wma;C:\10giger\My Shared Folder\window media;Trojan.DownLoader.1729;Deleted.;
A0003057.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003058.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003059.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003060.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003061.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003062.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003063.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003064.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003065.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003066.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003067.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003068.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003069.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003070.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003071.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003072.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003073.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003074.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003075.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003076.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003077.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003078.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003079.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003080.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003081.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003082.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003083.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003084.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003085.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003086.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003087.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003088.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003089.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003090.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003091.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003092.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003093.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003094.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003095.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003096.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003097.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003098.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003099.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003100.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003101.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003102.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003103.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003104.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003105.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003106.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003107.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003108.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003109.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003110.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003111.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003112.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003113.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003114.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003115.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003116.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003117.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003118.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003119.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003120.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003121.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003122.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003123.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003124.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003125.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003126.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003127.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003128.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003129.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003130.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003131.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003132.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003133.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003134.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003135.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003136.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003137.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003138.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003139.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003140.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003141.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003142.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003143.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003144.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003145.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003146.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003147.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003148.EXE;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003149.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003150.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003151.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003152.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003153.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003154.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003155.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003156.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003157.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003158.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003159.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003160.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003161.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003162.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003163.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003164.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003165.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003166.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003167.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003168.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003169.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003170.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003171.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003172.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003173.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003174.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003175.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003176.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003177.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003178.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003179.EXE;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003180.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003181.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003182.EXE;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003183.EXE;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003184.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003185.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003186.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Adware.Gigaser;Incurable.Moved.;
A0003187.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003188.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003189.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003190.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003191.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003192.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003193.EXE;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003194.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003195.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003196.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003197.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003198.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003199.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003200.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003201.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003202.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003203.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003204.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003205.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003206.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003207.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003208.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003209.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003210.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003211.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003212.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003213.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003214.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003215.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003216.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003217.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003218.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003219.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003220.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003221.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003222.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003223.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003224.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003225.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003226.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003227.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003228.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003229.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003230.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003231.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003232.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003233.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003234.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003236.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003237.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003238.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003239.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003240.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003241.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0003242.exe;C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Win32.Parite.2;Cured.;
A0136810.exe;C:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226;Adware.Gigaser;Incurable.Moved.;
kof2k1fix.exe;D:\Neogeo;Trojan.MulDrop.420;Deleted.;
kof98.exe;D:\Neogeo;Tool.Hatkeys;Incurable.Moved.;
KOF98_Trainer.exe;D:\Neogeo\Kawaks 1.38\cheats;Tool.Hatkeys;Incurable.Moved.;
KOF2K1_Trainer.exe;D:\Neogeo\Kawaks 1.38\cheats;Trojan.MulDrop.420;Deleted.;
A0000585.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Trojan.MulDrop.420;Deleted.;
A0000588.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Tool.Hatkeys;Incurable.Moved.;
A0000593.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Tool.Hatkeys;Incurable.Moved.;
A0000594.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Trojan.MulDrop.420;Deleted.;
A0002970.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Trojan.MulDrop.420;Deleted.;
A0002973.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Tool.Hatkeys;Incurable.Moved.;
A0002978.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Tool.Hatkeys;Incurable.Moved.;
A0002979.exe;D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Trojan.MulDrop.420;Deleted.;
A0008773.exe;D:\System Volume Information\_restore{A67749D4-6B73-49F6-B620-13ADC7BAC791}\RP11;Trojan.MulDrop.420;Deleted.;
A0008774.exe;D:\System Volume Information\_restore{A67749D4-6B73-49F6-B620-13ADC7BAC791}\RP11;Trojan.MulDrop.420;Deleted.;
a3[1].jpg;F:\Documents and Settings\Tu\Local Settings\Temporary Internet Files\Content.IE5\0PAZ81UR;Trojan.AppActXComp;Incurable.Moved.;
A0000649.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Adware.NewDotNet;Incurable.Moved.;
A0000654.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Adware.NewDotNet;Incurable.Moved.;
A0000656.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7;Adware.Hotbar;Incurable.Moved.;
A0003034.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Adware.NewDotNet;Incurable.Moved.;
A0003039.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Adware.NewDotNet;Incurable.Moved.;
A0003041.exe;F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8;Adware.Hotbar;Incurable.Moved.;



I also did a second scan for my USB. It detected something. Here it is:


setup.exe;I:\;Win32.HLLW.Autoruner;Deleted.;

#7 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 June 2007 - 10:08 AM

Here is the Kaspersky scan:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, June 03, 2007 12:54:20 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/06/2007
Kaspersky Anti-Virus database records: 336449
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 91784
Number of viruses found: 10
Number of infected objects: 54 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:57:57

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003235.exe Infected: Virus.Win32.Parite.b skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000550.exe/data0007 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000550.exe/data0008 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000550.exe/data0009 Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000550.exe NSIS: infected - 3 skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0010 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000551.exe NSIS: infected - 7 skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002935.exe/data0007 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002935.exe/data0008 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002935.exe/data0009 Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002935.exe NSIS: infected - 3 skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0010 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0002936.exe NSIS: infected - 7 skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0010 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.e skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011/data0001.cab/Weather/Weather.exe Infected: not-a-virus:AdWare.Win32.SaveNow skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011/data0001.cab/Weather/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.bl skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137429.exe NSIS: infected - 7 skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137431.exe/data0007 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137431.exe/data0008 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137431.exe/data0009 Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
D:\System Volume Information\_restore{82324CB1-FFDC-40E2-81E5-FC600024ED9A}\RP226\A0137431.exe NSIS: infected - 3 skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\cert8.db Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\history.dat Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\key3.db Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\parent.lock Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\search.sqlite Object is locked skipped
E:\Documents and Settings\Vincent\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\urlclassifier2.sqlite Object is locked skipped
E:\Documents and Settings\Vincent\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0000649.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0000654.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0000656.exe Infected: not-a-virus:AdWare.Win32.HotBar.ab skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0003034.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0003039.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0003041.exe Infected: not-a-virus:AdWare.Win32.HotBar.ab skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0003186.exe Infected: Virus.Win32.Parite.b skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0136810.exe/data0002 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0136810.exe/data0004 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0136810.exe/data0005 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0136810.exe/data0006 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\A0136810.exe NSIS: infected - 4 skipped
E:\Documents and Settings\Vincent\DoctorWeb\Quarantine\a3[1].jpg Infected: Exploit.JS.ActiveXComponent skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\Cache\_CACHE_001_ Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\Cache\_CACHE_002_ Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\Cache\_CACHE_003_ Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Application Data\Mozilla\Firefox\Profiles\430zmmj6.default\Cache\_CACHE_MAP_ Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\History\History.IE5\MSHist012007060220070603\index.dat Object is locked skipped
E:\Documents and Settings\Vincent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Vincent\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\Vincent\ntuser.dat.LOG Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{A67749D4-6B73-49F6-B620-13ADC7BAC791}\RP11\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\Internet Logs\F1VII4R6R4J64F3.ldb Object is locked skipped
E:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
E:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
E:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
E:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\Temp\ZLT068cc.TMP Object is locked skipped
E:\WINDOWS\Temp\ZLT068cf.TMP Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents and Settings\Tu\Local Settings\Temp\ccu\brbho.dll Infected: not-a-virus:AdWare.Win32.Comet.t skipped
F:\Documents and Settings\Tu\Local Settings\Temp\ccu\comet_install.exe Infected: not-a-virus:AdWare.Win32.Comet.t skipped
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP7\A0000631.exe Infected: not-a-virus:AdWare.Win32.Comet.t skipped
F:\System Volume Information\_restore{12E83917-7195-4769-AE9F-694F595FF98E}\RP8\A0003016.exe Infected: not-a-virus:AdWare.Win32.Comet.t skipped

Scan process completed.

#8 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 June 2007 - 10:10 AM

And here is a new Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 1:08:51 AM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\TCAUDIAG.exe
E:\Program Files\Telstra\Cable Login\bpcable.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [BigPondCable] "E:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - E:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


Things are running ok at the moment. There were no problems while following your directions. Thanks once again! =)

Kindest regards,

vtu22_2

#9 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 02 June 2007 - 10:11 AM

- Sorry, I posted twice by accident!

Edited by vtu22_2, 02 June 2007 - 10:14 AM.


#10 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 02 June 2007 - 11:00 PM

Hi vtu22_2, :wave:

Youíre most welcome, vtu22_2. Iím glad to hear that things are running smoother now. :)

OK, letís pick up the leftovers.

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following FILES (if they exist):

F:\Documents and Settings\Tu\Local Settings\Temp\ccu\brbho.dll
F:\Documents and Settings\Tu\Local Settings\Temp\ccu\comet_install.exe


NEXT:

Please reboot your computer normally into Windows and then please post a new HijackThis log.

How are things running now? Please let me know about any problems that persist.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#11 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 06 June 2007 - 01:40 AM

Hi Sempurna.

Sorry for the late reply, its been busy with assignments for the past few days.

Here is a new hijack this log:


Logfile of HijackThis v1.99.1
Scan saved at 4:33:55 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
E:\Program Files\Analog Devices\SoundMAX\Smax4.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\TCAUDIAG.exe
E:\Program Files\Telstra\Cable Login\bpcable.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [BigPondCable] "E:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = E:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - E:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\ISafe.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - E:\Program Files\CA\eTrust Vet Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe



With the steps I've taken so far, was it only to remove the spyware/adware? From the previous scans from Kaspersky's online scanner, it revealed about 10 viruses. I'm still having trouble installing my AV and would like to fix this. What could you suggest?

So far, things are running ok. Nothing suspicious.

Thanks again! =)

Kindest regards,

vtu22_2

Edited by vtu22_2, 06 June 2007 - 01:42 AM.


#12 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 06 June 2007 - 04:01 AM

Hi vtu22_2, :wave:

With the steps I've taken so far, was it only to remove the spyware/adware? From the previous scans from Kaspersky's online scanner, it revealed about 10 viruses.

Nope, we are removing all manner of malware from your systemÖ viruses, trojan, adware, spyware, keyloggersÖ anything that could be bad for your system. :)

Most of what Kaspersky found were in the Dr.Web quarantine folder. The other two were listed above for you to delete manually. :)

Have you tried installing your AV in Safe Mode? That might work because there could be a security app that is blocking your install.

Hereís how to get into Safe Mode.

Please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Do let me know how things go. Otherwise, your logs appear to be clean. :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#13 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 June 2007 - 01:11 AM

Hi Sempurna.

Everything seems to be ok! I re-installed the AV in safe mode, and it works. However, I've been having trouble updating the signatures. I'm not sure why that's the case.

I think that's it. Thank you so much for your help and time! Are there any programs you could recommend for me to download to prevent any spyware/viruses in the future?

Kindest regards,

vtu22_2

#14 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 07 June 2007 - 06:59 AM

Hi vtu22_2, :wave:

You're most welcome, vtu22_2. :)

Hmm, I'm also wondering why your AV can't update. If you still have problems with the AV, you could always replace it with another. There are number of good and FREE anti-virus programs that you can install to replace the troublesome AV that you have now. You will find them listed below.

Just some loose ends to tie up, and then we can let you go home. :)

To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click "Create A Restore Point" then click "Next". Give it a name and then click "Create".
  • When the confirmation screen shows the restore point has been created click "Close".
  • Then go to Start -> Run and type in (or copy and paste):

    cleanmgr.

  • Click "OK".
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once that’s finished it will open the Disk Cleanup options screen, click the "More Options" tab.
  • Click "Clean Up" in the "System Restore" section and choose "Yes" at the confirmation window.
This will remove all previous restore points except the newly created one.


NEXT:

Your version of Sun Java is out-of-date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select "Java Runtime Environment (JRE) 6u1" and click the "Download" button to the right.
    • Check the box that says "Accept License Agreement".
    • Click on the link to download "Windows Offline Installation, Multi-language".
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
    • Java™ SE Runtime Environment 6
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.

NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Anti-Virus (a must!)
    It is also a must have. I would recommend this excellent and FREE program, Active Virus Shield Powered by Kaspersky (NOTE: please do NOT install the AOL Security Toolbar that comes with it).
    Other good and FREE alternatives are AntiVir, Avast, and AVG.
    Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool puts over 5000 sites in your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware SE
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware SE and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • I suggest that you download one or two of these FREE and good anti-trojan programs to use for ad-hoc scanning on your system:
    a-squared Free
    AVG Anti-Spyware 7.5.0.50 (please download version 7.5.0.50 and not any other version)
    AVZ Antiviral Toolkit
    SUPERAntiSpyware


  • I would also suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
    Dr.Web CureIt <-- This is not really an online scanner, as it is a standalone utility. You need to download a new copy for updated virus definitions, but it can be run in Safe Mode, unlike the online scanners above.
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D

Edited by Sempurna, 07 June 2007 - 07:01 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#15 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 07 June 2007 - 09:04 AM

Hi Sempurna.

I've created a new restore point outlined in your previous reply. That worked fine! :D

However, I'm not sure how to uninstall my old Java. I took the steps you mentioned and went into add/remove programs, however there's no program called:

* Java 2 Runtime Environment, SE v1.4.2
* J2SE Runtime Environment 5.0
* J2SE Runtime Environment 5.0 Update 2
* Javaô SE Runtime Environment 6

Am I doing it wrong? :blink:

Another question: if I use one of the recommended AV programs you've stated, would I have to uninstall my old antivirus (the one that can't update) and AVG anti-spyware?

Sorry for all these questions. Thank you once again. :lol:

Kindest regards,

vtu22_2

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 07 June 2007 - 11:49 AM

You're most welcome, vtu22_2. :)

No worries if you can't find any Java installed. Those were just examples, and were just to give you an indication of what they might look like. :)

If you don't have anything similar, then just install the new Java.

As to a new AV, the answer is, "Yes.". Whenever you install a new AV, you would have uninstall the old one first. You can only have one AV on a system, because two or more will conflict with each other and actually make your system less secure, slower, and behave strangely.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#17 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 08 June 2007 - 06:48 AM

Hi Sempurna.

I'm actually having trouble uninstalling the AV that can't update. There's only two parts that fail when it's uninstalling which is:

E:\WINDOWS\System32\Drivers\VetFDDNT.sys
E:\WINDOWS\System32\Drivers\VetMonNT.sys

Any tips to fix this?? Other than that, everything is on track! :D

Kindest regards,

vtu22_2

#18 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 09 June 2007 - 12:45 AM

Hi vtu22_2, :wave:

I'm glad to hear that most things are working OK for you, bar the troublesome AV. :)

When you say that these two parts fail, do you mean they fail to unload properly?

Try doing the uninstall in Safe Mode. Do let me know how things go.

If the uninstall in Safe Mode doesn't go smoothly, reinstall the AV in Safe Mode, and then uninstall it in Safe Mode. See if that helps things progress. :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#19 vtu22_2

vtu22_2

    Member

  • Full Member
  • Pip
  • 40 posts

Posted 11 June 2007 - 12:40 AM

Hi Sempurna.

I restarted into safe mode and successfully uninstalled the AV! Everything appears to be going smoothly. If there isn't anything else I need to do, then you may close this thread.

Thank you very much for you help and time! I realise it must be troublesome to read many logs, but your efforts have solved many of my computer issues. Thanks once again Sempurna! :cool:

Kindest regards,

vtu22_2

#20 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 11 June 2007 - 04:06 AM

Hi vtu22_2, :wave:

You're most welcome, vtu22_2. It was not trouble reading the logs. That's what we do here. :)

I'm glad to hear that things are running smoothly now, and that you managed to uninstall that troublesome AV. :)

Nope, nothing else for you to do except enjoy the smooth sailing of your system. :D

Cheers! :wave:
~ Sempurna
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#21 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 06 July 2007 - 05:07 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button