HJT log.

Trev · May 2007

Hi everyone. my computer just started being really slow all of the sudden.
scanned with avast and avg antispyware. nothing found.
any help is appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:56:21 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Trevr\Application Data\U3\0480BC6132F2A8C3\LaunchPad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Rahina-Rescue · May 2007

Hello there.

Not seeing anything Suspicious in your Logfile.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, DSS will open two Notepads: main.txt and extra.txt
Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Trev · May 2007

Hi rahina thanks so much for your help
here are the two logs.

Deckard's System Scanner v20070426.43
Run by Trevr on 2007-05-20 at 23:12:21
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
24: 2007-05-21 06:12:33 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2007-05-20 08:44:19 UTC - RP23 - System Checkpoint
22: 2007-05-19 07:56:36 UTC - RP22 - computer running fast.
21: 2007-05-19 01:46:29 UTC - RP21 - System Checkpoint
20: 2007-05-17 01:57:56 UTC - RP20 - System Checkpoint

-- First Restore Point --
1: 2007-05-03 14:09:44 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Trevr.exe)

Logfile of HijackThis v1.99.1
Scan saved at 11:13:22 PM, on 5/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Trevr\Application Data\U3\0480BC6132F2A8C3\LaunchPad.exe
C:\Documents and Settings\Trevr\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Trevr.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

-- File Associations

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

All services whitelisted.

-- Files created between 2007-04-20 and 2007-05-20

2007-05-20 14:32:00 0 dr-h

C:\Documents and Settings\Trevr\Recent
2007-05-19 12:11:13 0 d

C:\Program Files\Google
2007-05-16 13:50:32 0 d---s---- C:\Documents and Settings\Trevr\UserData
2007-05-14 23:52:41 0 d

C:\Program Files\PC Registry Cleaner
2007-05-14 23:48:33 0 d

C:\Program Files\Common Files\Wise Installation Wizard
2007-05-11 23:19:27 0 d

C:\WINDOWS\Sun
2007-05-11 23:19:27 0 d

C:\Documents and Settings\Trevr\Application Data\Sun
2007-05-11 23:18:19 0 d

C:\Program Files\Java
2007-05-11 23:18:08 0 d

C:\Program Files\Common Files\Java
2007-05-07 16:00:39 0 d

C:\Documents and Settings\Trevr\Application Data\ESTsoft
2007-05-07 15:59:44 0 d

C:\Documents and Settings\All Users\Application Data\ESTsoft
2007-05-07 15:59:24 0 d

C:\Program Files\ESTsoft
2007-05-07 15:02:51 0 d

C:\Documents and Settings\Trevr\Application Data\Opera
2007-05-06 23:07:57 0 d

C:\Documents and Settings\Trevr\Contacts
2007-05-06 23:06:55 0 d

c- C:\WINDOWS\system32\DRVSTORE
2007-05-06 23:06:30 0 d

C:\Program Files\MSN Messenger
2007-05-06 23:00:14 2 --a

C:\vdir
2007-05-06 16:31:17 0 d

C:\Documents and Settings\All Users\Application Data\Macromedia
2007-05-06 16:31:15 0 d

C:\WINDOWS\system32\QuickTime
2007-05-06 16:31:00 0 d

C:\Program Files\Macromedia
2007-05-06 16:31:00 0 d

C:\Program Files\Common Files\Macromedia
2007-05-06 16:30:03 0 d

C:\Program Files\Common Files\InstallShield
2007-05-06 16:29:36 0 d

C:\WINDOWS\Downloaded Installations
2007-05-06 16:25:40 0 d

C:\Program Files\MagicISO
2007-05-06 16:04:23 0 d

C:\Program Files\Alwil Software
2007-05-06 16:00:00 0 d

C:\WINDOWS\pss
2007-05-05 09:47:13 0 d

C:\Documents and Settings\Trevr\Application Data\Macromedia
2007-05-05 09:47:04 1277 --a

C:\WINDOWS\mozver.dat
2007-05-05 01:02:34 0 d

C:\Documents and Settings\Trevr\Application Data\U3
2007-05-05 00:01:45 0 d

C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-05-05 00:00:49 0 d

C:\Documents and Settings\Trevr\Application Data\Adobe
2007-05-04 23:55:46 0 d

C:\Program Files\Common Files\Adobe Systems Shared
2007-05-04 23:53:27 0 d

C:\Program Files\Common Files\Adobe
2007-05-04 23:53:27 0 d

C:\Documents and Settings\All Users\Application Data\Adobe
2007-05-03 23:08:22 262144 --a

C:\Documents and Settings\All Users\ntuser.dat
2007-05-03 22:45:19 0 d

C:\Program Files\Microsoft ActiveSync
2007-05-03 22:44:35 0 d

C:\WINDOWS\SHELLNEW
2007-05-03 22:27:53 0 dr-h

C:\MSOCache
2007-05-03 21:50:10 223128 --a

C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-05-03 21:50:09 0 d

C:\Program Files\Alcohol Soft
2007-05-03 21:39:43 96256 --a

C:\WINDOWS\system32\drivers\sptd3277.sys
2007-05-03 21:39:43 643072 --a

C:\WINDOWS\system32\drivers\sptd.sys
2007-05-03 20:40:45 0 d

C:\Documents and Settings\All Users\Application Data\Azureus
2007-05-03 20:40:38 0 d

C:\Documents and Settings\Trevr\Application Data\Azureus
2007-05-03 20:12:03 0 d

C:\Program Files\Azureus
2007-05-03 20:08:47 0 d

C:\Documents and Settings\Trevr\Application Data\Talkback
2007-05-03 20:08:39 0 --a

C:\WINDOWS\nsreg.dat
2007-05-03 20:08:34 0 d

C:\Documents and Settings\Trevr\Application Data\Mozilla
2007-05-03 07:18:29 0 d

C:\WINDOWS\system32\PreInstall
2007-05-03 07:18:27 0 d--h

C:\WINDOWS\$hf_mig$
2007-05-03 07:09:21 0 d

C:\Documents and Settings\Trevr\Application Data\Identities
2007-05-03 07:09:08 0 d--h

C:\Documents and Settings\Trevr\Templates
2007-05-03 07:09:08 0 dr

C:\Documents and Settings\Trevr\Start Menu
2007-05-03 07:09:08 0 dr-h

C:\Documents and Settings\Trevr\SendTo
2007-05-03 07:09:08 0 d--h

C:\Documents and Settings\Trevr\PrintHood
2007-05-03 07:09:08 1310720 --ah

C:\Documents and Settings\Trevr\NTUSER.DAT
2007-05-03 07:09:08 0 d--h

C:\Documents and Settings\Trevr\NetHood
2007-05-03 07:09:08 0 dr

C:\Documents and Settings\Trevr\My Documents
2007-05-03 07:09:08 0 d--h

C:\Documents and Settings\Trevr\Local Settings
2007-05-03 07:09:08 0 dr

C:\Documents and Settings\Trevr\Favorites
2007-05-03 07:09:08 0 d

C:\Documents and Settings\Trevr\Desktop
2007-05-03 07:09:08 0 d---s---- C:\Documents and Settings\Trevr\Cookies
2007-05-03 07:09:08 0 dr-h

C:\Documents and Settings\Trevr\Application Data
2007-05-03 07:08:53 0 d

C:\WINDOWS\system32\SoftwareDistribution
2007-05-03 06:57:13 0 d

C:\WINDOWS\SoftwareDistribution
2007-05-03 06:57:03 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-05-03 06:57:03 0 d

C:\WINDOWS\Prefetch
2007-05-03 06:57:02 229376 --ah

C:\Documents and Settings\LocalService\NTUSER.DAT
2007-05-03 06:57:02 0 d--h

C:\Documents and Settings\LocalService\Local Settings
2007-05-03 06:57:02 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-05-03 06:57:02 0 d

C:\Documents and Settings\LocalService\Application Data
2007-05-03 06:57:02 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-05-03 06:56:50 229376 --ah

C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-05-03 06:56:50 0 d--h

C:\Documents and Settings\NetworkService\Local Settings
2007-05-03 06:56:50 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-05-03 06:56:50 0 d

C:\Documents and Settings\NetworkService\Application Data
2007-05-03 06:56:50 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-05-03 06:50:29 0 d

C:\WINDOWS\system32\xircom
2007-05-03 06:50:29 0 d

C:\Program Files\microsoft frontpage
2007-05-03 06:49:45 229376 ---h

C:\Documents and Settings\Default User\NTUSER.DAT
2007-05-03 06:49:34 0 -rahs---- C:\MSDOS.SYS
2007-05-03 06:49:34 0 -rahs---- C:\IO.SYS
2007-05-03 06:49:34 0 --a

C:\CONFIG.SYS
2007-05-03 06:49:34 0 --a

C:\AUTOEXEC.BAT
2007-05-03 06:47:30 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-05-03 06:47:10 0 dr

C:\WINDOWS\Offline Web Pages
2007-05-03 06:47:09 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-03 06:46:47 0 d--h

C:\Program Files\WindowsUpdate
2007-05-03 06:46:15 0 d

C:\WINDOWS\system32\DirectX
2007-05-03 06:45:40 0 d---s---- C:\WINDOWS\Tasks
2007-05-03 06:45:39 0 d

C:\Program Files\Common Files\MSSoap
2007-05-03 06:45:36 0 d

C:\WINDOWS\srchasst
2007-05-03 06:45:35 0 d

C:\WINDOWS\system32\Macromed
2007-05-03 06:45:27 0 d

C:\Program Files\Movie Maker
2007-05-03 06:45:20 0 d

C:\WINDOWS\system32\Restore
2007-05-03 06:44:08 21640 --a

C:\WINDOWS\system32\emptyregdb.dat
2007-05-03 06:43:46 0 d

C:\WINDOWS\Registration
2007-05-03 06:43:36 0 d

C:\Program Files\Online Services
2007-05-03 06:43:27 0 d

C:\Program Files\Messenger
2007-05-03 06:43:23 0 d

C:\Program Files\MSN Gaming Zone
2007-05-03 06:42:43 0 d

C:\Program Files\Windows NT
2007-05-03 06:42:40 0 d

C:\WINDOWS\system32\MsDtc
2007-05-03 06:42:39 0 d

C:\WINDOWS\system32\Com
2007-05-02 16:25:39 0 d--hs---- C:\WINDOWS\Installer
2007-05-02 16:25:38 0 d

C:\Program Files\Common Files\ODBC
2007-05-02 16:25:34 0 dr

C:\Program Files
2007-05-02 16:25:34 0 d

C:\Program Files\Common Files\SpeechEngines
2007-05-02 16:25:02 0 d--h

C:\Documents and Settings\Default User\Templates
2007-05-02 16:25:02 0 dr

C:\Documents and Settings\Default User\Start Menu
2007-05-02 16:25:02 0 dr-h

C:\Documents and Settings\Default User\SendTo
2007-05-02 16:25:02 0 d--h

C:\Documents and Settings\Default User\Recent
2007-05-02 16:25:02 0 d--h

C:\Documents and Settings\Default User\PrintHood
2007-05-02 16:25:02 0 d--h

C:\Documents and Settings\Default User\NetHood
2007-05-02 16:25:02 0 d

C:\Documents and Settings\Default User\My Documents
2007-05-02 16:25:02 0 dr-h

C:\Documents and Settings\Default User\Local Settings
2007-05-02 16:25:02 0 d

C:\Documents and Settings\Default User\Favorites
2007-05-02 16:25:02 0 d

C:\Documents and Settings\Default User\Desktop
2007-05-02 16:25:02 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-05-02 16:25:02 0 d--h

C:\Documents and Settings\All Users\Templates
2007-05-02 16:25:02 0 dr

C:\Documents and Settings\All Users\Start Menu
2007-05-02 16:25:02 0 d

C:\Documents and Settings\All Users\Favorites
2007-05-02 16:25:02 0 dr

C:\Documents and Settings\All Users\Documents
2007-05-02 16:25:02 0 d

C:\Documents and Settings\All Users\Desktop
2007-05-02 16:24:44 0 d

C:\WINDOWS\system32\CatRoot2
2007-05-02 16:24:44 0 d

C:\WINDOWS\system32\CatRoot
2007-05-02 16:24:38 0 dr-h

C:\Documents and Settings\Default User\Application Data
2007-05-02 16:24:38 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-05-02 16:24:38 0 dr-h

C:\Documents and Settings\All Users\Application Data
2007-05-02 16:24:38 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-05-02 16:24:09 0 d

C:\Documents and Settings
2007-05-02 16:24:08 0 d--hs---- C:\System Volume Information
2007-05-02 16:13:33 0 d

C:\WINDOWS
2007-05-02 16:13:33 0 d

C:\WINDOWS\WinSxS
2007-05-02 16:13:33 0 dr

C:\WINDOWS\Web
2007-05-02 16:13:33 0 d

C:\WINDOWS\twain_32
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\wins
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\wbem
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\usmt
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\spool
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\ShellExt
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\Setup
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\ras
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\oobe
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\npp
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\mui
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\inetsrv
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\IME
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\icsxml
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\ias
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\export
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\drivers
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\drivers\etc
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\drivers\disdn
2007-05-02 16:13:33 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\dhcp
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\config
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\3com_dmi
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\3076
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\2052
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1054
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1042
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1041
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1037
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1033
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1031
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1028
2007-05-02 16:13:33 0 d

C:\WINDOWS\system32\1025
2007-05-02 16:13:33 0 d

C:\WINDOWS\system
2007-05-02 16:13:33 0 d

C:\WINDOWS\security
2007-05-02 16:13:33 0 d

C:\WINDOWS\Resources
2007-05-02 16:13:33 0 d

C:\WINDOWS\repair
2007-05-02 16:13:33 0 d

C:\WINDOWS\Provisioning
2007-05-02 16:13:33 0 d

C:\WINDOWS\PeerNet
2007-05-02 16:13:33 0 d

C:\WINDOWS\pchealth
2007-05-02 16:13:33 0 d

C:\WINDOWS\mui
2007-05-02 16:13:33 0 d

C:\WINDOWS\msapps
2007-05-02 16:13:33 0 d

C:\WINDOWS\msagent
2007-05-02 16:13:33 0 d

C:\WINDOWS\Media
2007-05-02 16:13:33 0 d

C:\WINDOWS\java
2007-05-02 16:13:33 0 d--h

C:\WINDOWS\inf
2007-05-02 16:13:33 0 d

C:\WINDOWS\ime
2007-05-02 16:13:33 0 d

C:\WINDOWS\Help
2007-05-02 16:13:33 0 dr--s---- C:\WINDOWS\Fonts
2007-05-02 16:13:33 0 d

C:\WINDOWS\ehome
2007-05-02 16:13:33 0 d

C:\WINDOWS\Driver Cache
2007-05-02 16:13:33 0 d

C:\WINDOWS\Debug
2007-05-02 16:13:33 0 d

C:\WINDOWS\Cursors
2007-05-02 16:13:33 0 d

C:\WINDOWS\Connection Wizard
2007-05-02 16:13:33 0 d

C:\WINDOWS\Config
2007-05-02 16:13:33 0 d

C:\WINDOWS\AppPatch
2007-05-02 16:13:33 0 d

C:\WINDOWS\addins

-- Find3M Report

2007-05-02 16:25:02 62 --ahs---- C:\Documents and Settings\Trevr\Application Data\desktop.ini

-- Registry Dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ http://www.gmail.com/

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
Shell\AutoRun\command G:\LaunchU3.exe -a

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8648b110-fad5-11db-8ffa-0040c77ec081}]
Shell\AutoRun\command G:\LaunchU3.exe -a

-- Hosts

127.255.255.255 serial.alcohol-soft.com
127.255.255.255 www.alcohol-soft.com
127.255.255.255 images.alcohol-soft.com

-- End of Deckard's System Scanner: finished at 2007-05-20 at 23:15:34

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 254.3 MiB / 90.64 MiB
Pagefile Memory (total/avail): 624.82 MiB / 363.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1951.62 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.1 GiB total, 11.52 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (CDFS)
G: is CDROM (CDFS)
H: is Removable (FAT)

-- Security Center

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1001 [VPS 000742-0] v4.7.1001 (ALWIL Software) Disabled

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Trevr\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TREVR123
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Trevr
LOGONSERVER=\\TREVR123
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\ESTsoft\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Trevr\LOCALS~1\Temp
TMP=C:\DOCUME~1\Trevr\LOCALS~1\Temp
USERDOMAIN=TREVR123
USERNAME=Trevr
USERPROFILE=C:\Documents and Settings\Trevr
windir=C:\WINDOWS

-- User Profiles

Trevr (admin)

-- Add/Remove Programs

-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
-->
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ALZip --> "C:\Program Files\ESTsoft\ALZip\unins000.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "H:\CCleaner\uninst.exe"
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PC Registry Cleaner --> MsiExec.exe /X{610E6187-2D1F-4B80-BC9F-B13D8585415A}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}

-- End of Deckard's System Scanner: finished at 2007-05-20 at 23:15:34

Rahina-Rescue · May 2007

Please download Combofix to your desktop.

Double click on Combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Trev · May 2007

combofix log.

"Trevr" - 2007-05-21 15:15:01 Service Pack 2
ComboFix 07-05.21.6.V - Running from: "C:\Documents and Settings\Trevr\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-21 ))))))))))))))))))))))))))))))))))

2007-05-20 23:11 <DIR> d

C:\Deckard
2007-05-19 12:11 <DIR> d

C:\Program Files\Google
2007-05-19 01:08 3,968 --a

C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-16 13:50 <DIR> d---s---- C:\DOCUME~1\Trevr\UserData
2007-05-14 23:52 <DIR> d

C:\Program Files\PC Registry Cleaner
2007-05-14 23:48 <DIR> d

C:\Program Files\Common Files\Wise Installation Wizard
2007-05-07 16:00 <DIR> d

C:\DOCUME~1\Trevr\APPLIC~1\ESTsoft
2007-05-07 15:59 <DIR> d

C:\Program Files\ESTsoft
2007-05-07 15:59 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
2007-05-07 15:02 <DIR> d

C:\DOCUME~1\Trevr\APPLIC~1\Opera
2007-05-06 23:07 <DIR> d

C:\DOCUME~1\Trevr\Contacts
2007-05-06 23:06 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-06 23:06 <DIR> d

C:\Program Files\MSN Messenger
2007-05-06 16:31 <DIR> d

C:\WINDOWS\system32\QuickTime
2007-05-06 16:30 <DIR> d

C:\Program Files\Common Files\InstallShield
2007-05-06 16:29 <DIR> d

C:\WINDOWS\Downloaded Installations
2007-05-06 16:25 <DIR> d

C:\Program Files\MagicISO
2007-05-06 16:04 95,872 --a

C:\WINDOWS\system32\AvastSS.scr
2007-05-06 16:04 94,552 --a

C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-06 16:04 85,952 --a

C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-06 16:04 745,600 --a

C:\WINDOWS\system32\aswBoot.exe
2007-05-06 16:04 499,712 --a

C:\WINDOWS\system32\MSVCP71.dll
2007-05-06 16:04 348,160 --a

C:\WINDOWS\system32\MSVCR71.dll
2007-05-06 16:04 26,888 --a

C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-06 16:04 23,416 --a

C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-06 16:04 1,060,864 --a

C:\WINDOWS\system32\MFC71.dll
2007-05-06 16:04 <DIR> d

C:\Program Files\Alwil Software
2007-05-06 16:00 <DIR> d

C:\WINDOWS\pss
2007-05-05 13:43 <DIR> d--hs---- C:\RECYCLER
2007-05-05 09:47 1,277 --a

C:\WINDOWS\mozver.dat
2007-05-05 01:02 <DIR> d

C:\DOCUME~1\Trevr\APPLIC~1\U3
2007-05-05 00:01 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-04 23:55 <DIR> d

C:\Program Files\Common Files\Adobe Systems Shared
2007-05-03 23:08 262,144 --a

C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-03 22:45 <DIR> d

C:\Program Files\Microsoft ActiveSync
2007-05-03 22:44 <DIR> d

C:\WINDOWS\SHELLNEW
2007-05-03 22:27 <DIR> dr-h

C:\MSOCache
2007-05-03 21:50 223,128 --a

C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-05-03 21:50 <DIR> d

C:\Program Files\Alcohol Soft
2007-05-03 21:39 96,256 --a

C:\WINDOWS\system32\drivers\sptd3277.sys
2007-05-03 21:39 643,072 --a

C:\WINDOWS\system32\drivers\sptd.sys
2007-05-03 20:40 <DIR> d

C:\DOCUME~1\Trevr\APPLIC~1\Azureus
2007-05-03 20:40 <DIR> d

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-03 20:12 <DIR> d

C:\Program Files\Azureus
2007-05-03 20:08 0 --a

C:\WINDOWS\nsreg.dat
2007-05-03 20:08 <DIR> d

C:\DOCUME~1\Trevr\APPLIC~1\Talkback
2007-05-03 07:18 22,752 --a

C:\WINDOWS\system32\spupdsvc.exe
2007-05-03 07:18 <DIR> d--h

C:\WINDOWS\$hf_mig$
2007-05-03 07:18 <DIR> d

C:\WINDOWS\system32\PreInstall
2007-05-03 07:09 1,572,864 --ah

C:\DOCUME~1\Trevr\NTUSER.DAT
2007-05-03 07:08 <DIR> d

C:\WINDOWS\system32\SoftwareDistribution
2007-05-03 06:57 229,376 --ah

C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-03 06:57 <DIR> d

C:\WINDOWS\SoftwareDistribution
2007-05-03 06:57 <DIR> d

C:\WINDOWS\Prefetch
2007-05-03 06:56 229,376 --ah

C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-03 06:50 <DIR> d

C:\WINDOWS\system32\xircom
2007-05-03 06:50 <DIR> d

C:\Program Files\microsoft frontpage
2007-05-03 06:49 229,376 ---h

C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-03 06:49 112,128 --a

C:\WINDOWS\system32\mapi32.dll
2007-05-03 06:49 0 -rahs---- C:\MSDOS.SYS
2007-05-03 06:49 0 -rahs---- C:\IO.SYS
2007-05-03 06:49 0 --a

C:\CONFIG.SYS
2007-05-03 06:49 0 --a

C:\AUTOEXEC.BAT
2007-05-03 06:47 <DIR> dr

C:\WINDOWS\Offline Web Pages
2007-05-03 06:47 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-03 06:47 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-03 06:46 <DIR> d--h

C:\Program Files\WindowsUpdate
2007-05-03 06:46 <DIR> d

C:\WINDOWS\system32\DirectX
2007-05-03 06:45 81,920 --a

C:\WINDOWS\system32\isign32.dll
2007-05-03 06:45 81,920 --a

C:\WINDOWS\system32\ils.dll
2007-05-03 06:45 8,192 --a

C:\WINDOWS\system32\bitsprx2.dll
2007-05-03 06:45 73,728 --a

C:\WINDOWS\system32\icwdial.dll
2007-05-03 06:45 73,472 --a

C:\WINDOWS\system32\drivers\sr.sys
2007-05-03 06:45 7,168 --a

C:\WINDOWS\system32\bitsprx3.dll
2007-05-03 06:45 69,632 --a

C:\WINDOWS\system32\msconf.dll
2007-05-03 06:45 679,424 --a

C:\WINDOWS\system32\inetcomm.dll
2007-05-03 06:45 67,584 --a

C:\WINDOWS\system32\srclient.dll
2007-05-03 06:45 65,536 --a

C:\WINDOWS\system32\icwphbk.dll
2007-05-03 06:45 64,512 --a

C:\WINDOWS\system32\acctres.dll
2007-05-03 06:45 6,656 --a

C:\WINDOWS\system32\wuauserv.dll
2007-05-03 06:45 48,128 --a

C:\WINDOWS\system32\inetres.dll
2007-05-03 06:45 465,176 --a

C:\WINDOWS\system32\wuapi.dll
2007-05-03 06:45 45,568 --a

C:\WINDOWS\system32\safrslv.dll
2007-05-03 06:45 43,520 --a

C:\WINDOWS\system32\safrcdlg.dll
2007-05-03 06:45 43,520 --a

C:\WINDOWS\system32\racpldlg.dll
2007-05-03 06:45 41,240 --a

C:\WINDOWS\system32\wups.dll
2007-05-03 06:45 382,464 --a

C:\WINDOWS\system32\qmgr.dll
2007-05-03 06:45 34,560 --a

C:\WINDOWS\system32\mnmdd.dll
2007-05-03 06:45 32,768 --a

C:\WINDOWS\system32\mnmsrvc.exe
2007-05-03 06:45 32,768 --a

C:\WINDOWS\system32\isrdbg32.dll
2007-05-03 06:45 29,696 --a

C:\WINDOWS\system32\safrdm.dll
2007-05-03 06:45 28,672 --a

C:\WINDOWS\system32\nmmkcert.dll
2007-05-03 06:45 274,944 --a

C:\WINDOWS\system32\mstask.dll
2007-05-03 06:45 274,432 --a

C:\WINDOWS\system32\inetcfg.dll
2007-05-03 06:45 252,928 --a

C:\WINDOWS\system32\msoeacct.dll
2007-05-03 06:45 239,104 --a

C:\WINDOWS\system32\srrstr.dll
2007-05-03 06:45 23,040 --a

C:\WINDOWS\system32\fltmc.exe
2007-05-03 06:45 194,328 --a

C:\WINDOWS\system32\wuaueng1.dll
2007-05-03 06:45 190,976 --a

C:\WINDOWS\system32\schedsvc.dll
2007-05-03 06:45 18,944 --a

C:\WINDOWS\system32\qmgrprxy.dll
2007-05-03 06:45 173,536 --a

C:\WINDOWS\system32\wuweb.dll
2007-05-03 06:45 172,312 --a

C:\WINDOWS\system32\wuauclt1.exe
2007-05-03 06:45 170,496 --a

C:\WINDOWS\system32\srsvc.dll
2007-05-03 06:45 16,896 --a

C:\WINDOWS\system32\fltlib.dll
2007-05-03 06:45 16,384 --a

C:\WINDOWS\system32\icfgnt5.dll
2007-05-03 06:45 128,896 --a

C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-03 06:45 127,256 --a

C:\WINDOWS\system32\wucltui.dll
2007-05-03 06:45 124,184 --a

C:\WINDOWS\system32\wuauclt.exe
2007-05-03 06:45 12,288 --a

C:\WINDOWS\system32\nmevtmsg.dll
2007-05-03 06:45 12,288 --a

C:\WINDOWS\system32\mstinit.exe
2007-05-03 06:45 11,264 --a

C:\WINDOWS\system32\atrace.dll
2007-05-03 06:45 105,984 --a

C:\WINDOWS\system32\msoert2.dll
2007-05-03 06:45 1,343,768 --a

C:\WINDOWS\system32\wuaueng.dll
2007-05-03 06:45 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-03 06:45 <DIR> d

C:\WINDOWS\system32\Restore
2007-05-03 06:45 <DIR> d

C:\WINDOWS\system32\Macromed
2007-05-03 06:45 <DIR> d

C:\WINDOWS\srchasst
2007-05-03 06:45 <DIR> d

C:\Program Files\Movie Maker
2007-05-03 06:45 <DIR> d

C:\Program Files\Common Files\MSSoap
2007-05-03 06:44 21,640 --a

C:\WINDOWS\system32\emptyregdb.dat
2007-05-03 06:43 97,792 --a

C:\WINDOWS\system32\comrepl.dll
2007-05-03 06:43 9,728 --a

C:\WINDOWS\system32\reset.exe
2007-05-03 06:43 80,384 --a

C:\WINDOWS\system32\charmap.exe
2007-05-03 06:43 73,216 --a

C:\WINDOWS\system32\avwav.dll
2007-05-03 06:43 605,696 --a

C:\WINDOWS\system32\getuname.dll
2007-05-03 06:43 56,832 --a

C:\WINDOWS\system32\sol.exe
2007-05-03 06:43 55,296 --a

C:\WINDOWS\system32\freecell.exe
2007-05-03 06:43 5,632 --a

C:\WINDOWS\system32\write.exe
2007-05-03 06:43 5,120 --a

C:\WINDOWS\system32\dcomcnfg.exe
2007-05-03 06:43 44,544 --a

C:\WINDOWS\system32\hticons.dll
2007-05-03 06:43 4,096 --a

C:\WINDOWS\system32\rdpcfgex.dll
2007-05-03 06:43 4,096 --a

C:\WINDOWS\system32\mtxex.dll
2007-05-03 06:43 35,328 --a

C:\WINDOWS\system32\winchat.exe
2007-05-03 06:43 33,792 --a

C:\WINDOWS\system32\regini.exe
2007-05-03 06:43 25,600 --a

C:\WINDOWS\system32\comaddin.dll
2007-05-03 06:43 25,088 --a

C:\WINDOWS\system32\mtxlegih.dll
2007-05-03 06:43 227,840 --a

C:\WINDOWS\system32\avtapi.dll
2007-05-03 06:43 22,016 --a

C:\WINDOWS\system32\qwinsta.exe
2007-05-03 06:43 20,992 --a

C:\WINDOWS\system32\msg.exe
2007-05-03 06:43 20,480 --a

C:\WINDOWS\system32\mtxdm.dll
2007-05-03 06:43 16,896 --a

C:\WINDOWS\system32\tsshutdn.exe
2007-05-03 06:43 16,896 --a

C:\WINDOWS\system32\qappsrv.exe
2007-05-03 06:43 16,384 --a

C:\WINDOWS\system32\tskill.exe
2007-05-03 06:43 16,384 --a

C:\WINDOWS\system32\avmeter.dll
2007-05-03 06:43 15,872 --a

C:\WINDOWS\system32\rwinsta.exe
2007-05-03 06:43 15,872 --a

C:\WINDOWS\system32\cdmodem.dll
2007-05-03 06:43 15,360 --a

C:\WINDOWS\system32\logoff.exe
2007-05-03 06:43 14,848 --a

C:\WINDOWS\system32\tsdiscon.exe
2007-05-03 06:43 14,848 --a

C:\WINDOWS\system32\tscon.exe
2007-05-03 06:43 14,848 --a

C:\WINDOWS\system32\shadow.exe
2007-05-03 06:43 138,752 --a

C:\WINDOWS\system32\sndvol32.exe
2007-05-03 06:43 126,976 --a

C:\WINDOWS\system32\mshearts.exe
2007-05-03 06:43 119,808 --a

C:\WINDOWS\system32\winmine.exe
2007-05-03 06:43 114,688 --a

C:\WINDOWS\system32\calc.exe
2007-05-03 06:43 1,161 --a

C:\WINDOWS\system32\usrlogon.cmd
2007-05-03 06:43 <DIR> d

C:\WINDOWS\Registration
2007-05-03 06:43 <DIR> d

C:\Program Files\Online Services
2007-05-03 06:43 <DIR> d

C:\Program Files\MSN Gaming Zone
2007-05-03 06:43 <DIR> d

C:\Program Files\Messenger
2007-05-03 06:42 956,416 --a

C:\WINDOWS\system32\msdtctm.dll
2007-05-03 06:42 93,696 --a

C:\WINDOWS\system32\tscfgwmi.dll
2007-05-03 06:42 91,136 --a

C:\WINDOWS\system32\mtxoci.dll
2007-05-03 06:42 87,176 --a

C:\WINDOWS\system32\rdpwsx.dll
2007-05-03 06:42 85,504 --a

C:\WINDOWS\system32\catsrvps.dll
2007-05-03 06:42 67,072 --a

C:\WINDOWS\system32\rdshost.exe
2007-05-03 06:42 655,360 --a

C:\WINDOWS\system32\mstscax.dll
2007-05-03 06:42 625,152 --a

C:\WINDOWS\system32\catsrvut.dll
2007-05-03 06:42 62,464 --a

C:\WINDOWS\system32\rdpclip.exe
2007-05-03 06:42 60,416 --a

C:\WINDOWS\system32\remotepg.dll
2007-05-03 06:42 60,416 --a

C:\WINDOWS\system32\colbact.dll
2007-05-03 06:42 6,144 --a

C:\WINDOWS\system32\msdtc.exe
2007-05-03 06:42 58,880 --a

C:\WINDOWS\system32\msdtclog.dll
2007-05-03 06:42 58,880 --a

C:\WINDOWS\system32\licwmi.dll
2007-05-03 06:42 56,320 --a

C:\WINDOWS\system32\servdeps.dll
2007-05-03 06:42 540,160 --a

C:\WINDOWS\system32\comuid.dll
2007-05-03 06:42 54,272 --a

C:\WINDOWS\system32\stclient.dll
2007-05-03 06:42 538,624 --a

C:\WINDOWS\system32\spider.exe
2007-05-03 06:42 498,688 --a

C:\WINDOWS\system32\clbcatq.dll
2007-05-03 06:42 44,544 --a

C:\WINDOWS\system32\tscupgrd.exe
2007-05-03 06:42 426,496 --a

C:\WINDOWS\system32\msdtcprx.dll
2007-05-03 06:42 407,552 --a

C:\WINDOWS\system32\mstsc.exe
2007-05-03 06:42 40,840 --a

C:\WINDOWS\system32\drivers\termdd.sys
2007-05-03 06:42 38,912 --a

C:\WINDOWS\system32\cfgbkend.dll
2007-05-03 06:42 347,136 --a

C:\WINDOWS\system32\hypertrm.dll
2007-05-03 06:42 343,040 --a

C:\WINDOWS\system32\mspaint.exe
2007-05-03 06:42 295,424 --a

C:\WINDOWS\system32\termsrv.dll
2007-05-03 06:42 225,792 --a

C:\WINDOWS\system32\catsrv.dll
2007-05-03 06:42 21,896 --a

C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-03 06:42 20,480 --a

C:\WINDOWS\system32\qprocess.exe
2007-05-03 06:42 196,864 --a

C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-03 06:42 19,968 --a

C:\WINDOWS\system32\rdpsnd.dll
2007-05-03 06:42 185,344 --a

C:\WINDOWS\system32\cmprops.dll
2007-05-03 06:42 183,808 --a

C:\WINDOWS\system32\accwiz.exe
2007-05-03 06:42 17,408 --a

C:\WINDOWS\system32\mmfutil.dll
2007-05-03 06:42 161,280 --a

C:\WINDOWS\system32\msdtcuiu.dll
2007-05-03 06:42 147,968 --a

C:\WINDOWS\system32\rdchost.dll
2007-05-03 06:42 147,456 --a

C:\WINDOWS\system32\comsnap.dll
2007-05-03 06:42 140,800 --a

C:\WINDOWS\system32\sessmgr.exe
2007-05-03 06:42 139,528 --a

C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-03 06:42 131,584 --a

C:\WINDOWS\system32\sndrec32.exe
2007-05-03 06:42 13,824 --a

C:\WINDOWS\system32\rdsaddin.exe
2007-05-03 06:42 123,392 --a

C:\WINDOWS\system32\mplay32.exe
2007-05-03 06:42 12,040 --a

C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-03 06:42 110,080 --a

C:\WINDOWS\system32\clbcatex.dll
2007-05-03 06:42 11,776 --a

C:\WINDOWS\system32\xolehlp.dll
2007-05-03 06:42 11,264 --a

C:\WINDOWS\system32\icaapi.dll
2007-05-03 06:42 102,912 --a

C:\WINDOWS\system32\clipbrd.exe
2007-05-03 06:42 1,267,200 --a

C:\WINDOWS\system32\comsvcs.dll
2007-05-03 06:42 <DIR> d

C:\WINDOWS\system32\MsDtc
2007-05-03 06:42 <DIR> d

C:\WINDOWS\system32\Com
2007-05-03 06:42 <DIR> d

C:\Program Files\Windows NT
2007-05-02 16:31 6,400 --a

C:\WINDOWS\system32\drivers\splitter.sys
2007-05-02 16:31 142,464 --a

C:\WINDOWS\system32\drivers\aec.sys
2007-05-02 16:30 82,944 --a

C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-02 16:30 7,552 --a

C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-02 16:30 60,800 --a

C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-02 16:30 54,272 --a

C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-02 16:30 52,864 --a

C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-02 16:30 5,376 --a

C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-02 16:30 4,992 --a

C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-02 16:30 3,072 --a

C:\WINDOWS\system32\drivers\audstub.sys
2007-05-02 16:30 2,944 --a

C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-02 16:30 172,416 --a

C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-02 16:29 57,472 --a

C:\WINDOWS\system32\drivers\redbook.sys
2007-05-02 16:29 21,504 --a

C:\WINDOWS\system32\hidserv.dll
2007-05-02 16:28 907,456 --a

C:\WINDOWS\system32\drivers\HCF_MSFT.sys
2007-05-02 16:28 60,288 --a

C:\WINDOWS\system32\drivers\drmk.sys
2007-05-02 16:28 6,912 --a

C:\WINDOWS\system32\drivers\ctlfacem.sys
2007-05-02 16:28 52,736 --a

C:\WINDOWS\system32\drivers\i8042prt.sys
2007-05-02 16:28 51,200 --a

C:\WINDOWS\system32\sfman32.dll
2007-05-02 16:28 495,616 --a

C:\WINDOWS\system32\sblfx.dll
2007-05-02 16:28 4,096 --a

C:\WINDOWS\system32\ksuser.dll
2007-05-02 16:28 4,096 --a

C:\WINDOWS\system32\ctwdm32.dll
2007-05-02 16:28 36,480 --a

C:\WINDOWS\system32\drivers\sfmanm.sys
2007-05-02 16:28 3,712 --a

C:\WINDOWS\system32\drivers\ctljystk.sys
2007-05-02 16:28 283,904 --a

C:\WINDOWS\system32\drivers\emu10k1m.sys
2007-05-02 16:28 256,512 --a

C:\WINDOWS\system32\devcon32.dll
2007-05-02 16:28 24,064 --a

C:\WINDOWS\system32\devldr32.exe
2007-05-02 16:28 20,992 --a

C:\WINDOWS\system32\drivers\RTL8139.sys
2007-05-02 16:28 145,792 --a

C:\WINDOWS\system32\drivers\portcls.sys
2007-05-02 16:28 10,624 --a

C:\WINDOWS\system32\drivers\gameenum.sys
2007-05-02 16:27 74,240 --a

C:\WINDOWS\system32\usbui.dll
2007-05-02 16:27 702,845 --a

C:\WINDOWS\system32\i81xdnt5.dll
2007-05-02 16:27 4,255 --a

C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-05-02 16:27 33,599 --a

C:\WINDOWS\system32\drivers\wATV04nt.sys
2007-05-02 16:27 3,967 --a

C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-05-02 16:27 3,901 --a

C:\WINDOWS\system32\drivers\SiInt5.dll
2007-05-02 16:27 3,775 --a

C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-05-02 16:27 3,711 --a

C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-05-02 16:27 3,647 --a

C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-05-02 16:27 3,615 --a

C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-05-02 16:27 3,135 --a

C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-05-02 16:27 29,311 --a

C:\WINDOWS\system32\drivers\wATV01nt.sys
2007-05-02 16:27 25,471 --a

C:\WINDOWS\system32\drivers\wATV10nt.sys
2007-05-02 16:27 25,471 --a

C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-05-02 16:27 23,615 --a

C:\WINDOWS\system32\drivers\wCh7xxNT.sys
2007-05-02 16:27 22,271 --a

C:\WINDOWS\system32\drivers\wATV06nt.sys
2007-05-02 16:27 21,183 --a

C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-05-02 16:27 19,551 --a

C:\WINDOWS\system32\drivers\wATV02NT.sys
2007-05-02 16:27 19,455 --a

C:\WINDOWS\system32\drivers\wVchNTxx.sys
2007-05-02 16:27 17,279 --a

C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-05-02 16:27 161,020 --a

C:\WINDOWS\system32\drivers\i81xnt5.sys
2007-05-02 16:27 15,423 --a

C:\WINDOWS\system32\drivers\Ch7xxNT5.dll
2007-05-02 16:27 14,143 --a

C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-05-02 16:27 12,415 --a

C:\WINDOWS\system32\drivers\wADV01nt.sys
2007-05-02 16:27 12,127 --a

C:\WINDOWS\system32\drivers\wADV02NT.sys
2007-05-02 16:27 12,063 --a

C:\WINDOWS\system32\drivers\wSiINTxx.sys
2007-05-02 16:27 11,935 --a

C:\WINDOWS\system32\drivers\wADV11nt.sys
2007-05-02 16:27 11,871 --a

C:\WINDOWS\system32\drivers\wADV09NT.sys
2007-05-02 16:27 11,807 --a

C:\WINDOWS\system32\drivers\wADV07nt.sys
2007-05-02 16:27 11,775 --a

C:\WINDOWS\system32\drivers\wADV05NT.sys
2007-05-02 16:27 11,359 --a

C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-05-02 16:27 11,325 --a

C:\WINDOWS\system32\drivers\Vchnt5.dll
2007-05-02 16:27 11,295 --a

C:\WINDOWS\system32\drivers\wADV08NT.sys
2007-05-02 16:25 9,936 --a

C:\WINDOWS\system\LZEXPAND.DLL
2007-05-02 16:25 9,008 --a

C:\WINDOWS\system\VER.DLL
2007-05-02 16:25 85,020 --a

C:\WINDOWS\system32\dgsetup.dll
2007-05-02 16:25 82,944 --a

C:\WINDOWS\system\OLECLI.DLL
2007-05-02 16:25 8,704 --a

C:\WINDOWS\system32\batt.dll
2007-05-02 16:25 8,192 -ra

C:\WINDOWS\system32\kbdhept.dll
2007-05-02 16:25 74,752 --a

C:\WINDOWS\system32\storprop.dll
2007-05-02 16:25 7,168 -ra

C:\WINDOWS\system32\kbdcz.dll
2007-05-02 16:25 69,584 --a

C:\WINDOWS\system\AVICAP.DLL
2007-05-02 16:25 69,120 --a

C:\WINDOWS\NOTEPAD.EXE
2007-05-02 16:25 68,768 --a

C:\WINDOWS\system\MMSYSTEM.DLL
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdycl.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdsl1.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdsl.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdpl.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdhu.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdhela3.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdcz2.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdcz1.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\kbdcr.dll
2007-05-02 16:25 6,656 -ra

C:\WINDOWS\system32\KBDAL.DLL
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdtuq.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdtuf.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdlv1.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdlv.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdhela2.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdgkl.dll
2007-05-02 16:25 6,144 -ra

C:\WINDOWS\system32\kbdest.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdro.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdpl1.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdmon.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdlt1.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdlt.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdkyr.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdhu1.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdhe319.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdhe220.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdhe.dll
2007-05-02 16:25 5,632 -ra

C:\WINDOWS\system32\kbdazel.dll
2007-05-02 16:25 5,120 --a

C:\WINDOWS\system\SHELL.DLL
2007-05-02 16:25 32,816 --a

C:\WINDOWS\system\COMMDLG.DLL
2007-05-02 16:25 24,661 --a

C:\WINDOWS\system32\spxcoins.dll
2007-05-02 16:25 24,064 --a

C:\WINDOWS\system\OLESVR.DLL
2007-05-02 16:25 19,200 --a

C:\WINDOWS\system\TAPI.DLL
2007-05-02 16:25 176,157 --a

C:\WINDOWS\system32\dgrpsetu.dll
2007-05-02 16:25 15,360 --a

C:\WINDOWS\TASKMAN.EXE
2007-05-02 16:25 13,312 --a

C:\WINDOWS\system32\irclass.dll
2007-05-02 16:25 126,912 --a

C:\WINDOWS\system\MSVIDEO.DLL
2007-05-02 16:25 11,264 --a

C:\WINDOWS\system32\drivers\irenum.sys
2007-05-02 16:25 109,456 --a

C:\WINDOWS\system\AVIFILE.DLL
2007-05-02 16:25 103,424 --a

C:\WINDOWS\system32\EqnClass.Dll
2007-05-02 16:25 <DIR> dr

C:\Program Files
2007-05-02 16:25 <DIR> dr

C:\DOCUME~1\ALLUSE~1\Documents
2007-05-02 16:25 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-02 16:25 <DIR> d

C:\Program Files\Common Files\SpeechEngines
2007-05-02 16:25 <DIR> d

C:\Program Files\Common Files\ODBC
2007-05-02 16:24 <DIR> d--hs---- C:\System Volume Information
2007-05-02 16:24 <DIR> d

C:\WINDOWS\system32\CatRoot2
2007-05-02 16:24 <DIR> d

C:\WINDOWS\system32\CatRoot
2007-05-02 16:24 <DIR> d

C:\Documents and Settings
2007-05-02 16:13 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-02 16:13 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-02 16:13 <DIR> dr

C:\WINDOWS\Web
2007-05-02 16:13 <DIR> d--h

C:\WINDOWS\inf
2007-05-02 16:13 <DIR> d

C:\WINDOWS\WinSxS
2007-05-02 16:13 <DIR> d

C:\WINDOWS\twain_32
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\wins
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\wbem
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\usmt
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\spool
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\ShellExt
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\Setup
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\ras
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\oobe
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\npp
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\mui
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\inetsrv
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\IME
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\icsxml
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\ias
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\export
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\drivers\etc
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\drivers\disdn
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\drivers
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\dhcp
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\config
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\3com_dmi
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\3076
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\2052
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1054
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1042
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1041
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1037
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1033
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1031
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1028
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32\1025
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system32
2007-05-02 16:13 <DIR> d

C:\WINDOWS\system
2007-05-02 16:13 <DIR> d

C:\WINDOWS\security
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Resources
2007-05-02 16:13 <DIR> d

C:\WINDOWS\repair
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Provisioning
2007-05-02 16:13 <DIR> d

C:\WINDOWS\PeerNet
2007-05-02 16:13 <DIR> d

C:\WINDOWS\pchealth
2007-05-02 16:13 <DIR> d

C:\WINDOWS\mui
2007-05-02 16:13 <DIR> d

C:\WINDOWS\msapps
2007-05-02 16:13 <DIR> d

C:\WINDOWS\msagent
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Media
2007-05-02 16:13 <DIR> d

C:\WINDOWS\ime
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Help
2007-05-02 16:13 <DIR> d

C:\WINDOWS\ehome
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Driver Cache
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Debug
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Cursors
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Connection Wizard
2007-05-02 16:13 <DIR> d

C:\WINDOWS\Config
2007-05-02 16:13 <DIR> d

C:\WINDOWS\AppPatch
2007-05-02 16:13 <DIR> d

C:\WINDOWS\addins
2007-05-02 16:13 <DIR> d

C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 08:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 05:20]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 05:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Trevr^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Trevr\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe -a

*Newly Created Service* -PROCEXP90

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-21 15:17:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [3172]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-21 15:18:29

--- E O F ---

HIjackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 4:02:05 PM, on 5/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Trevr\Application Data\U3\0480BC6132F2A8C3\LaunchPad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Rahina-Rescue · May 2007

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:

Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan tab" and UNcheck "Heuristic analysis"
Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
When done, a message will be displayed at the bottom advising if any viruses were found.
Click "Yes to all" if it asks if you want to cure/move the file.
When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Trev · May 2007

hey
my internet got shut off at my house.
ill make sure and do that as soon as we get it back on.
sorry about the wait.
thanks for all your help.

Rahina-Rescue · May 2007

Ok, No Problem :smiles:

Rahina-Rescue · June 2007

How are things

?

Trev · June 2007

Hey sorry about the wait.
ok I did all the stuff and it didnt find anything??
and when i tried to save log it wouldnt let me. I think because it didnt find anything.
Its got to be something though right? its being really slow and it even started freezing. My computer has never froze before. ever.

Rahina-Rescue · June 2007

This might be software of hardware related stuff, anyway let us do a last scan to ensure there is no Spyware etc..

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thank You.

Trev · June 2007

Ok i Tried the dr web scan again just to make sure there was no virus and again it didnt find anything.
When I tried to run the spyware scan Avast popped up with a malware warning. it says its A win32:ctx Virus/Worm and aborts the connection. Is this a real virus or should i pause avast while its scanning?

Rahina-Rescue · June 2007

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

SelectMy Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

HJT log.

Comments