[djbrown]

hello everyone,

this is my first post here i hope to get some help!

my pc has been infected by some trojan or something else today

everything is kinda locked on my pc... the task manager, the run option, accessing the c: drive, system restore etc...

here are my hijackthis logs:

Logfile of HijackThis v1.99.1
Scan saved at 4:19:19 PM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\lsass.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thecoolpics.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system\lsass.exe
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: MSconfig.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

[loophole]

Hello

download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
  
• Click "Next"
  
• In the box to choose where to extract the files to,
  
• Click "Browse"
  
• Click on the + sign next to "My Computer"
  
• Click on "Local Disk (C:) or whatever your primary drive is
  
• Click "Make New Folder"
  
• Type in BFU
  
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Coolpics Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
  
• Behind the scriptline to execute field click the folder icon and select coolpics.bfu
  
• Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  
• Wait for the complete script execution box to pop up and press OK.
  
• Press exit to terminate the BFU program.

Reboot your computer

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[djbrown]

here we go sir..

"Sunny Brown" - 2007-05-15 2:32:13 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Program Files\Mozilla Firefox\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-15 02:30 <DIR> d-------- C:\bfu
2007-05-14 19:05 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-14 17:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-14 15:33 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-05-14 15:33 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-05-14 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-05-14 13:27 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\Applied Acoustics Systems
2007-05-14 13:20 <DIR> d-------- C:\Program Files\AAS
2007-05-13 14:59 <DIR> d-------- C:\Program Files\Zero-G
2007-05-06 03:10 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-05-06 03:03 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
2007-05-06 03:03 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-05-06 03:03 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
2007-05-06 03:03 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
2007-05-06 03:03 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-05-06 03:03 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-05-06 03:03 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-05-06 03:03 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-05-06 03:03 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-05-06 03:03 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-05-06 03:03 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
2007-05-06 03:03 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
2007-05-06 03:03 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-05-06 03:03 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
2007-05-06 03:03 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-05-06 03:03 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
2007-05-06 03:03 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
2007-05-06 03:03 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
2007-05-06 03:03 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
2007-05-06 03:03 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
2007-05-06 03:03 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
2007-05-06 03:03 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
2007-05-06 03:03 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
2007-05-06 03:03 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-05-06 03:02 <DIR> d-------- C:\Program Files\Logitech
2007-05-06 02:47 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-05-04 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-04 21:05 737,280 --a------ C:\WINDOWS\system32\msvcp70d.dll
2007-05-04 21:05 536,576 --a------ C:\WINDOWS\system32\msvcr70d.dll
2007-05-04 21:05 163,840 --a------ C:\WINDOWS\system32\ArtFfct.dll
2007-05-04 21:05 <DIR> d-------- C:\Program Files\Arturia
2007-05-01 19:24 <DIR> d-------- C:\Program Files\Sugar Bytes
2007-04-30 19:38 <DIR> d-------- C:\Program Files\DC++
2007-04-28 16:00 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-28 16:00 <DIR> d-------- C:\Program Files\InterLok
2007-04-28 15:28 520,267 --a------ C:\WINDOWS\system32\libmmd.dll
2007-04-28 14:53 <DIR> d-------- C:\Sound Forge 9
2007-04-27 16:21 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-27 16:21 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-27 16:21 <DIR> d-------- C:\Program Files\Xvid
2007-04-26 16:53 <DIR> d-------- C:\Program Files\Spectrasonics
2007-04-25 12:38 <DIR> d-------- C:\Program Files\Recycle
2007-04-25 03:14 <DIR> d-------- C:\Program Files\East West
2007-04-25 02:42 61,440 --a------ C:\WINDOWS\system32\NI_DFD_1_4.dll
2007-04-25 02:42 393,216 --a------ C:\WINDOWS\system32\NI_IRC_1_1.dll
2007-04-25 02:42 <DIR> d-------- C:\Program Files\Sample Logic
2007-04-24 22:12 <DIR> d-------- C:\Program Files\Electric Rain
2007-04-24 14:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-24 14:06 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-24 14:05 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-24 01:23 4,685,824 --a------ C:\WINDOWS\system32\qt-mt335.dll
2007-04-24 01:23 1,056,768 --a------ C:\WINDOWS\system32\FreeImage.dll
2007-04-24 00:48 <DIR> d-------- C:\Program Files\Western Digital Technologies
2007-04-24 00:47 <DIR> d-------- C:\Program Files\Western Digital
2007-04-24 00:33 <DIR> d-------- C:\Program Files\QuickTime
2007-04-24 00:27 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2007-04-24 00:27 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2007-04-23 23:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-04-23 23:44 <DIR> d-------- C:\Program Files\Bonjour
2007-04-23 23:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-23 23:35 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-23 23:35 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 23:31 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-23 23:30 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-23 23:30 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-04-23 23:30 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-04-23 23:30 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-04-23 23:30 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-23 23:30 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-04-23 23:30 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-23 23:30 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2007-04-23 23:30 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-23 23:30 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-23 23:30 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-23 23:30 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-23 23:30 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-23 23:30 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-23 23:30 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-23 23:30 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-23 23:30 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-23 23:30 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-23 23:30 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-23 23:30 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-23 23:30 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-23 23:30 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-23 23:30 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2007-04-23 23:30 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-23 23:30 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-23 23:30 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-23 23:30 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-23 23:30 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-23 23:30 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-23 23:30 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-23 23:30 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-23 23:30 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-23 23:30 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-23 23:30 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-23 23:30 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-23 23:30 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-23 23:30 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-23 23:30 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-23 23:30 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-04-23 23:30 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-23 23:30 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-23 23:30 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-23 23:30 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-23 23:30 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-23 23:30 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-04-23 23:30 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-23 23:30 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-23 23:30 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-23 23:30 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-23 23:30 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-23 23:30 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-23 23:30 430,592 --------- C:\WINDOWS\system32\wuapi.dll
2007-04-23 23:30 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-23 23:30 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-23 23:30 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-23 23:30 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-23 23:30 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-23 23:30 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-23 23:30 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-04-23 23:30 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2007-04-23 23:30 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-23 23:30 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2007-04-23 23:30 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-23 23:30 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll
2007-04-23 23:30 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-23 23:30 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-23 23:30 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-23 23:30 36,864 --------- C:\WINDOWS\system32\wups.dll
2007-04-23 23:30 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-23 23:30 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-23 23:30 351,232 --------- C:\WINDOWS\system32\winhttp.dll
2007-04-23 23:30 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-23 23:30 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-23 23:30 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-23 23:30 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-23 23:30 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-23 23:30 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-23 23:30 32,768 --------- C:\WINDOWS\system32\asr_pfu.exe
2007-04-23 23:30 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-23 23:30 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-04-23 23:30 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll
2007-04-23 23:30 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-23 23:30 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-23 23:30 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-23 23:30 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-23 23:30 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-23 23:30 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-23 23:30 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-23 23:30 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-23 23:30 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-23 23:30 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-23 23:30 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-23 23:30 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-23 23:30 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-23 23:30 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-23 23:30 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-23 23:30 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-23 23:30 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-23 23:30 270,848 --------- C:\WINDOWS\system32\sbe.dll
2007-04-23 23:30 263,040 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-23 23:30 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-23 23:30 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-23 23:30 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-23 23:30 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-23 23:30 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-23 23:30 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-23 23:30 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-04-23 23:30 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-23 23:30 22,528 --------- C:\WINDOWS\system32\fltmc.exe
2007-04-23 23:30 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-23 23:30 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-23 23:30 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-23 23:30 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-23 23:30 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-23 23:30 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-23 23:30 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-04-23 23:30 186,368 --------- C:\WINDOWS\system32\encdec.dll
2007-04-23 23:30 183,296 --------- C:\WINDOWS\system32\wuaueng1.dll
2007-04-23 23:30 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-23 23:30 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-23 23:30 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-23 23:30 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-23 23:30 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-23 23:30 168,448 --------- C:\WINDOWS\system32\wmerror.dll
2007-04-23 23:30 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-23 23:30 165,888 --------- C:\WINDOWS\system32\wuauclt1.exe
2007-04-23 23:30 16,896 --------- C:\WINDOWS\system32\fltlib.dll
2007-04-23 23:30 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2007-04-23 23:30 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-23 23:30 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-23 23:30 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-23 23:30 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-23 23:30 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-23 23:30 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-23 23:30 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-23 23:30 134,656 --------- C:\WINDOWS\system32\mssap.dll
2007-04-23 23:30 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-23 23:30 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-23 23:30 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-23 23:30 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-23 23:30 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-23 23:30 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-23 23:30 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-23 23:30 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-23 23:30 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-23 23:30 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-23 23:30 124,800 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-23 23:30 120,320 --------- C:\WINDOWS\system32\wuweb.dll
2007-04-23 23:30 12,800 --------- C:\WINDOWS\system32\spiisupd.exe
2007-04-23 23:30 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-23 23:30 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-23 23:30 12,416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-23 23:30 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-23 23:30 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-23 23:30 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-04-23 23:30 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-04-23 23:30 112,640 --------- C:\WINDOWS\system32\wucltui.dll
2007-04-23 23:30 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-23 23:30 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-23 23:30 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-23 23:30 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-23 23:30 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-23 23:30 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-23 23:30 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-23 23:30 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-23 23:30 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-23 23:30 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-23 23:30 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-23 23:30 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-23 23:30 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-23 23:30 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-23 23:30 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-23 23:30 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-23 23:30 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-23 23:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-23 23:30 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-23 23:30 <DIR> d-------- C:\WINDOWS\peernet
2007-04-23 23:29 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-04-23 23:29 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-23 23:28 <DIR> d-------- C:\WINDOWS\EHome
2007-04-21 23:43 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-20 22:31 <DIR> d-------- C:\Program Files\ExtractNow
2007-04-20 21:23 <DIR> d-------- C:\Program Files\MusicLab
2007-04-20 18:09 <DIR> d-------- C:\Program Files\VideoLAN
2007-04-20 18:09 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\vlc
2007-04-20 15:38 <DIR> d-------- C:\Program Files\PSPaudioware
2007-04-18 12:05 270,848 --a------ C:\WINDOWS\Uzerox_bq.exe
2007-04-18 05:21 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD7.sys
2007-04-18 05:21 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD6.sys
2007-04-18 05:21 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD5.sys
2007-04-18 05:02 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD3.sys
2007-04-18 04:58 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD2.sys
2007-04-18 04:53 <DIR> d-------- C:\Program Files\Elastik_Resources
2007-04-18 04:46 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92571BECEE.sys
2007-04-18 04:43 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92571BECED.sys
2007-04-18 04:37 <DIR> d-------- C:\Program Files\Elastik_Oriental RNB
2007-04-18 04:36 <DIR> d-------- C:\Program Files\Elastik_hiphopUG
2007-04-18 04:34 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92D8910D51.sys
2007-04-18 04:34 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92D8910D50.sys
2007-04-18 04:26 0 --ah----- C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9206385595.sys
2007-04-18 04:22 <DIR> d-------- C:\Program Files\Elastik_Soundbank
2007-04-18 03:32 <DIR> d-------- C:\Program Files\Best Service
2007-04-18 02:12 <DIR> d-------- C:\Program Files\CDXtract4
2007-04-18 02:08 <DIR> d-------- C:\Program Files\uTorrent
2007-04-18 02:08 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\uTorrent
2007-04-17 08:12 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\Contacts
2007-04-17 08:11 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-17 08:11 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-17 07:33 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\.jpi_cache
2007-04-17 04:26 <DIR> d-------- C:\WINDOWS\pss
2007-04-17 04:20 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-17 04:20 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\Lavasoft
2007-04-17 04:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-17 04:12 <DIR> d---s---- C:\DOCUME~1\SUNNYB~1\UserData
2007-04-17 02:12 48 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-04-17 02:12 48 --a------ C:\WINDOWS\msocreg32.dat
2007-04-17 02:11 <DIR> d-------- C:\Program Files\IK Multimedia
2007-04-17 02:11 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\InstallShield
2007-04-17 02:10 <DIR> d-------- C:\Program Files\Common Files\Celemony
2007-04-17 02:07 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\Publish Providers
2007-04-17 02:07 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\NetMedia Providers
2007-04-17 02:05 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-04-17 02:05 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-04-17 02:03 94,208 --a------ C:\WINDOWS\system32\odbcint.dll
2007-04-17 02:03 77,824 --a------ C:\WINDOWS\system32\cliconfg.dll
2007-04-17 02:03 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-04-17 02:03 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-04-17 02:03 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2007-04-17 02:03 44,032 --a------ C:\WINDOWS\system32\msxml3r.dll
2007-04-17 02:03 4,656 --a------ C:\WINDOWS\system32\ds16gt.dll
2007-04-17 02:03 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll
2007-04-17 02:03 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-04-17 02:03 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2007-04-17 02:03 28,672 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2007-04-17 02:03 26,224 --a------ C:\WINDOWS\system32\odbc16gt.dll
2007-04-17 02:03 249,856 --a------ C:\WINDOWS\system32\odbc32.dll
2007-04-17 02:03 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2007-04-17 02:03 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2007-04-17 02:03 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2007-04-17 02:03 24,576 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2007-04-17 02:03 20,480 --a------ C:\WINDOWS\system32\msorc32r.dll
2007-04-17 02:03 20,480 --a------ C:\WINDOWS\system32\cliconfg.exe
2007-04-17 02:03 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2007-04-17 02:03 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2007-04-17 02:03 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2007-04-17 02:03 151,552 --a------ C:\WINDOWS\system32\msdart.dll
2007-04-17 02:03 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2007-04-17 02:03 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2007-04-17 02:03 110,592 --------- C:\WINDOWS\system32\dbnetlib.dll
2007-04-17 02:03 106,496 --a------ C:\WINDOWS\system32\odbccp32.dll
2007-04-17 02:03 1,236,480 --a------ C:\WINDOWS\system32\msxml3.dll
2007-04-17 02:03 <DIR> d-------- C:\Program Files\Sony
2007-04-17 02:03 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\APPLIC~1\Sony
2007-04-17 02:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-04-15 04:33 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-15 04:33 <DIR> d-------- C:\Program Files\Swar Systems
2007-04-15 04:33 <DIR> d-------- C:\Program Files\Java Web Start
2007-04-15 04:33 <DIR> d-------- C:\DOCUME~1\SUNNYB~1\.javaws
2007-04-15 03:05 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-15 02:22 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-15 02:20 <DIR> d-------- C:\Program Files\Wave Arts
2007-04-15 02:14 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-04-15 02:14 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-04-15 02:14 <DIR> d-------- C:\Program Files\Nomad Factory
2007-04-15 02:13 <DIR> d-------- C:\Program Files\Roger Nichols Digital, Inc


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-06 07:02:56 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-04 00:24:35 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\Propellerhead Software
2007-04-29 07:35:38 -------- d-----w C:\Program Files\Waves
2007-04-25 06:42:21 -------- d-----w C:\Program Files\Native Instruments
2007-04-24 03:30:49 -------- d-----w C:\Program Files\Messenger
2007-04-24 03:30:43 -------- d-----w C:\Program Files\Movie Maker
2007-04-24 03:30:05 -------- d-----w C:\Program Files\Windows NT
2007-04-18 09:21:56 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD7.sys
2007-04-18 09:21:51 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD6.sys
2007-04-18 09:21:46 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD5.sys
2007-04-18 09:02:26 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD3.sys
2007-04-18 08:58:21 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9221B25AD2.sys
2007-04-18 08:46:36 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92571BECEE.sys
2007-04-18 08:43:20 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92571BECED.sys
2007-04-18 08:34:49 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92D8910D51.sys
2007-04-18 08:34:11 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C92D8910D50.sys
2007-04-18 08:26:18 0 ---ha-w C:\DOCUME~1\SUNNYB~1\APPLIC~1\.D3025C9206385595.sys
2007-04-17 06:10:33 -------- d-----w C:\Program Files\Celemony
2007-04-14 13:55:08 -------- d-----w C:\Program Files\VSTPlugIns
2007-04-14 07:24:56 -------- d-----w C:\Program Files\Common Files\PACE Anti-Piracy
2007-04-14 07:24:56 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\PACE Anti-Piracy
2007-04-14 07:20:00 785 ------w C:\WINDOWS\Tpkdboot.reg
2007-04-14 07:20:00 634,880 ------w C:\WINDOWS\system32\ilinet.dll
2007-04-14 06:54:10 -------- d-----w C:\Program Files\Propellerhead
2007-04-14 06:36:06 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\Waves Audio
2007-04-14 06:35:07 659,456 ----a-w C:\WINDOWS\iun6002.exe
2007-04-14 06:35:07 4,576,256 ----a-w C:\WINDOWS\system32\PSP Neon.dll
2007-04-14 06:35:07 -------- d-----w C:\Program Files\PSPaudioware.com
2007-04-14 06:34:01 -------- d-----w C:\Program Files\Antares Audio Technologies
2007-04-13 21:44:42 -------- d-----w C:\Program Files\u-he
2007-04-13 19:21:26 -------- d-----w C:\Program Files\iZotope
2007-04-13 19:05:02 -------- d-----w C:\Program Files\Syncrosoft
2007-04-13 18:52:42 -------- d-----w C:\Program Files\Common Files\Digidesign
2007-04-13 18:50:33 -------- d-----w C:\Program Files\Common Files\iZotope
2007-04-13 18:41:33 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\WinRAR
2007-04-13 18:40:07 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\Steinberg
2007-04-13 18:39:41 -------- d-----w C:\Program Files\Steinberg
2007-04-11 16:50:29 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-04-11 16:50:29 233,472 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-04-11 16:50:08 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\Creative
2007-04-11 16:49:10 -------- d-----w C:\Program Files\Creative Professional
2007-04-11 16:49:08 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\EmuPatchMixDSP
2007-04-11 14:49:42 -------- d-----w C:\DOCUME~1\SUNNYB~1\APPLIC~1\ATI
2007-04-11 14:49:31 -------- d-----w C:\Program Files\My Company Name
2007-04-11 14:49:12 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-11 14:48:51 -------- d-----w C:\Program Files\Online Services
2007-04-11 14:47:34 -------- d-----w C:\Program Files\ATI Technologies
2007-04-11 14:47:07 -------- d-----w C:\Program Files\Common Files\ATI Technologies
2007-04-11 14:33:24 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-11 14:31:30 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-11 14:31:16 0 --sha-r C:\MSDOS.SYS
2007-04-11 14:31:16 0 --sha-r C:\IO.SYS
2007-04-11 14:31:16 0 ----a-w C:\CONFIG.SYS
2007-04-11 14:31:16 0 ----a-w C:\AUTOEXEC.BAT
2007-04-11 14:29:24 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-11 14:29:06 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-11 14:28:38 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-11 10:17:34 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-11 10:17:31 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-03-22 00:54:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-22 00:54:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-22 00:54:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-19 17:57:44 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
2007-03-19 17:57:44 655,360 ----a-w C:\WINDOWS\system32\CDDBControl.dll
2007-03-13 15:55:10 54,520 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2007-03-13 15:54:38 78,648 ----a-w C:\WINDOWS\system32\drivers\TPkd.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"CTHelper"="CTHELPER.EXE"
"H2O"="C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 09:12]
"CTHelper"="CTHELPER.EXE" [])
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 14:18]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 08:20]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [])
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideorepair
C:\Program Files\Logitech\Video\ISStart.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechvideotray
C:\Program Files\Logitech\Video\LogiTray.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATKKeyboardService"=dword:00000002

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc3567be-eb15-11db-a81f-947f5728e510}]
Shell\Auto\command F:\boot.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 02:35:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 2:36:00
C:\ComboFix-quarantined-files.txt ... 2007-05-15 02:36

///HIJACKTHIS LOGFILE///


Logfile of HijackThis v1.99.1
Scan saved at 2:37:37 AM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\killer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

[loophole]

Hi

Sorry for the slight delay.

Looks like it worked, how is the computer behaving?

[djbrown]

computer is working perfect like before

i really appreciate your help thx alot

[loophole]

Your welcome

Congratulations

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
  
  You can find instructions on how to enable and reenable system restore here:
  
  Windows XP System Restore Guide
  
  
  
• Updating your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over.Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
  
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  
  Using Winpatrol to protect your computer from malicious software

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

[loophole]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.