problem spyware Hijackthis log inside

mrcapdown · Aug 22, 2007

hello im getting loads of pops up when ever i open internet explorer 6 and sometimes on firefox here is a hijackthis log if some one could go over it for me and give me a little help plz

Scan saved at 23:15:48, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Dave King\My Documents\Internet Downloads\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

thanx
mr_capdown

Baabiouz · Aug 25, 2007

Hi mr_capdown!

What firewall do you use?
___________________________

1.
Rename HijackThis.exe to Scanner.exe.
(hijackthis.exe --> scanner.exe)

2.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

3.
Please post a fresh Hijackthis log (renamed scanner.exe) and Combofix report

mrcapdown · Aug 25, 2007

im relly sorry Baabiouz that u have toke the time to write this but i have reinstalled windows as i started to get the blue screen of death but still having a lot of problems with my new graphics card

Baabiouz · Aug 25, 2007

Hi!

Ok. Hope you get help somewhere to graphics card -problem.
(i don't know just anything about those...)

mrcapdown · Aug 25, 2007

again im sorry to have wasted your time thanx enyways this grarphic card problem is a funny one ive been reading up on it and so the internet tells me my g-card(ati x1950 pro) dont like abit mobos and what do i have a abit mobo so im just in the process of swapping it with a old gigabyte one see if u get eny luck

Baabiouz · Aug 26, 2007

Okay.

mrcapdown · Aug 26, 2007

Ok damm my pop ups problem is back no a new freshly install windows help plz
here is a fresh hijack this log

MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David King\My Documents\Internet Downloads\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187977371562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187977361953
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Baabiouz · Aug 26, 2007

Almost the same instruction than last time
(i only added 'download firewall')

1. You should get better firewall than windows own firewall.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

___________________________

2.
Rename HijackThis.exe to Scanner.exe.
(hijackthis.exe --> scanner.exe)

3.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

4.
Please post a fresh Hijackthis log (renamed scanner.exe) and Combofix report [/quote]

mrcapdown · Aug 27, 2007

David King - 07-08-29 12:58:24.46 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\David King\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2007-07-29 to 2007-08-29 ))))))))))))))))))))))))))))))))))

2007-08-29 12:44 75,520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-08-29 12:44 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-08-28 18:13 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2007-08-28 16:13 973,142 ---hs---- C:\WINDOWS\system32\xybeg.bak2
2007-08-28 15:24 973,142 ---hs---- C:\WINDOWS\system32\xybeg.bak1
2007-08-28 15:24 285,273 ---hs---- C:\WINDOWS\system32\gebyx.dll
2007-08-28 15:19 26,166 --a------ C:\WINDOWS\system32\hggebby.dll
2007-08-28 11:30 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-28 11:30 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-28 11:24 32,768 --a------ C:\WINDOWS\system32\mf.dll
2007-08-25 21:11 327,168 --a------ C:\WINDOWS\IsUninst.exe
2007-08-25 21:11 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-08-25 21:11 126,720 -ra------ C:\WINDOWS\system32\drivers\b57xp32.sys
2007-08-25 21:10 102,400 -ra------ C:\WINDOWS\system32\drivers\ianswxp.sys
2007-08-25 21:09 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-08-25 21:04 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-25 20:36 117,760 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-08-25 11:04 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-08-25 10:42 36,118 --a------ C:\WINDOWS\system32\FlashMenu.sys
2007-08-25 10:42 3,548 --a------ C:\WINDOWS\system32\drivers\WinFlash.sys
2007-08-25 10:41 50,688 --a------ C:\WINDOWS\system32\AC2005DLL.dll
2007-08-25 10:41 14,592 --a------ C:\WINDOWS\system32\drivers\uGuru.sys
2007-08-25 09:56 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-08-25 09:56 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-24 22:54 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-24 18:25 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-08-24 18:25 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-08-24 18:25 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-08-24 18:25 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-08-24 18:25 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-08-24 18:25 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-08-24 18:24 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-08-24 18:24 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-08-24 18:24 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-08-24 18:24 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-08-24 18:24 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-08-24 18:24 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-08-24 18:24 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-08-24 18:24 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-08-24 18:24 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-08-24 18:24 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2007-08-24 18:24 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2007-08-24 18:24 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-08-24 18:24 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2007-08-24 18:24 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2007-08-24 18:24 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-08-24 18:24 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-08-24 18:24 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2007-08-24 18:24 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2007-08-24 18:24 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2007-08-24 18:24 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-08-24 18:24 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-08-24 18:24 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-08-24 18:19 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-08-24 18:19 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-08-24 18:19 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-08-24 18:19 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-08-24 18:19 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-08-24 18:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-08-24 18:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-08-24 18:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-08-24 18:16 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-08-24 18:16 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-08-24 18:16 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-08-24 18:06 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-08-24 18:05 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-08-24 18:05 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-08-24 18:05 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-08-24 18:04 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-08-24 18:03 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-08-24 18:03 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-08-24 18:03 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-08-24 18:03 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-08-24 18:03 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-08-24 18:03 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-08-24 18:03 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-08-24 18:03 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-08-24 18:03 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2007-08-24 18:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-08-24 18:03 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-08-24 18:03 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-08-24 18:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-08-24 18:03 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-08-24 18:03 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-08-24 17:54 169,344 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-08-24 17:51 67,200 -ra------ C:\WINDOWS\system32\drivers\SI3132.sys
2007-08-24 17:51 10,368 -ra------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2007-08-24 17:50 9,710,592 -r------- C:\WINDOWS\RTLCPL.exe
2007-08-24 17:50 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-08-24 17:50 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-08-24 17:50 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-08-24 17:50 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-08-24 17:50 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-08-24 17:50 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-08-24 17:50 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-08-24 17:50 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-08-24 17:50 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-08-24 17:50 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-08-24 17:50 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-08-24 17:50 4,123,136 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-08-24 17:50 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-08-24 17:50 356,352 -r------- C:\WINDOWS\RtlUpd.exe
2007-08-24 17:50 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-08-24 17:50 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-08-24 17:50 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-08-24 17:50 136,960 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-08-24 17:49 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-08-24 17:49 2,807,808 -r------- C:\WINDOWS\alcwzrd.exe
2007-08-24 17:49 2,142,208 -r------- C:\WINDOWS\MicCal.exe
2007-08-24 17:49 15,691,264 -r------- C:\WINDOWS\RTHDCPL.exe
2007-08-24 17:48 6,016 --------- C:\WINDOWS\system32\drivers\ALLOW-IO.SYS
2007-08-24 17:45 821,536 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-08-24 17:45 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-08-24 17:45 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-08-24 17:45 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-08-24 17:45 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-08-24 17:45 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-08-24 17:45 27,776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-08-24 17:45 19,904 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-08-24 17:38 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-08-24 17:38 0 -rahs---- C:\MSDOS.SYS
2007-08-24 17:38 0 -rahs---- C:\IO.SYS
2007-08-24 17:38 0 --a------ C:\CONFIG.SYS
2007-08-24 17:38 0 --a------ C:\AUTOEXEC.BAT
2007-08-24 17:36 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-08-24 17:36 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-08-24 17:36 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-08-24 17:36 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-08-24 17:36 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-08-24 17:36 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-08-24 17:36 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-08-24 17:36 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-08-24 17:36 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-08-24 17:36 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-08-24 17:36 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-08-24 17:36 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-08-24 17:36 408,064 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-24 17:36 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-08-24 17:36 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-08-24 17:36 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-08-24 17:36 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-08-24 17:36 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-08-24 17:36 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-08-24 17:36 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-08-24 17:36 25,944 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-08-24 17:36 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-08-24 17:36 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2007-08-24 17:36 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-08-24 17:36 194,520 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-08-24 17:36 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-08-24 17:36 172,504 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-08-24 17:36 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-08-24 17:36 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-08-24 17:36 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-08-24 17:36 129,920 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-08-24 17:36 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-08-24 17:36 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-08-24 17:36 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-08-24 17:35 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-08-24 17:35 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-08-24 17:35 683,520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-08-24 17:35 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-08-24 17:35 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-08-24 17:35 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-08-24 17:35 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-08-24 17:35 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-08-24 17:35 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-08-24 17:35 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-08-24 17:35 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-08-24 17:34 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-08-24 17:34 956,928 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-08-24 17:34 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-08-24 17:34 91,648 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-08-24 17:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-08-24 17:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-08-24 17:34 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-08-24 17:34 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-08-24 17:34 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-08-24 17:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-08-24 17:34 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-08-24 17:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-08-24 17:34 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-08-24 17:34 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-08-24 17:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-08-24 17:34 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-08-24 17:34 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-08-24 17:34 59,392 --a------ C:\WINDOWS\system32\stclient.dll
2007-08-24 17:34 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-08-24 17:34 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-08-24 17:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-08-24 17:34 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-08-24 17:34 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-08-24 17:34 539,648 --a------ C:\WINDOWS\system32\comuid.dll
2007-08-24 17:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-08-24 17:34 52,224 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2007-08-24 17:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-08-24 17:34 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-08-24 17:34 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-08-24 17:34 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-08-24 17:34 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-08-24 17:34 427,520 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-08-24 17:34 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-08-24 17:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-08-24 17:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-08-24 17:34 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-08-24 17:34 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-08-24 17:34 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-08-24 17:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-08-24 17:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-08-24 17:34 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-08-24 17:34 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-08-24 17:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-08-24 17:34 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-08-24 17:34 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-08-24 17:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-08-24 17:34 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-08-24 17:34 206,336 --a------ C:\WINDOWS\system32\winfxdocobj.exe
2007-08-24 17:34 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-08-24 17:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-08-24 17:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-08-24 17:34 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-08-24 17:34 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-08-24 17:34 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-08-24 17:34 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-08-24 17:34 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-08-24 17:34 161,792 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-08-24 17:34 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-08-24 17:34 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-08-24 17:34 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-08-24 17:34 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-08-24 17:34 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-08-24 17:34 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-08-24 17:34 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-08-24 17:34 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-08-24 17:34 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-08-24 17:34 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-08-24 17:34 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-08-24 17:34 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-08-24 17:34 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-08-24 17:34 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-08-24 17:34 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-08-24 17:34 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-08-24 17:34 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-08-24 17:34 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-08-24 17:34 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-08-24 17:34 12,288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2007-08-24 17:34 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-08-24 17:34 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-08-24 17:34 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-08-24 17:34 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-08-24 17:34 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-08-24 17:34 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-08-24 17:34 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-08-24 17:34 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-08-24 17:34 1,269,248 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-08-24 17:34 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-29 12:58 -------- d-------- C:\Documents and Settings\David King\Application Data\Azureus
2007-08-29 12:48 -------- d-------- C:\Documents and Settings\David King\Application Data\Comodo
2007-08-29 12:44 -------- d-------- C:\Program Files\Comodo
2007-08-29 08:00 -------- d-------- C:\Documents and Settings\David King\Application Data\AVG7
2007-08-28 19:31 -------- d-------- C:\Program Files\MagicISO
2007-08-28 18:42 -------- d-------- C:\Documents and Settings\David King\Application Data\Ahead
2007-08-28 18:26 -------- d-------- C:\Program Files\Common Files\Ahead
2007-08-28 18:25 -------- d-------- C:\Program Files\Nero
2007-08-28 18:25 -------- d-------- C:\Program Files\Common Files
2007-08-28 10:26 -------- d-------- C:\Program Files\Microsoft Games
2007-08-25 21:11 -------- d-------- C:\Program Files\BroadCom GB LAN
2007-08-25 21:09 -------- d-------- C:\Program Files\Intel
2007-08-25 21:08 -------- d-------- C:\Program Files\Realtek
2007-08-25 21:05 -------- d-------- C:\Program Files\ATI Technologies
2007-08-25 19:18 -------- d-------- C:\Documents and Settings\David King\Application Data\LimeWire
2007-08-25 18:32 -------- d-------- C:\Program Files\LimeWire
2007-08-25 15:40 -------- d-------- C:\Program Files\Azureus
2007-08-25 15:39 -------- d-------- C:\Program Files\Java
2007-08-25 15:39 -------- d-------- C:\Documents and Settings\David King\Application Data\Sun
2007-08-25 10:41 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 10:41 -------- d-------- C:\Program Files\U-ABIT
2007-08-25 10:41 -------- d-------- C:\Program Files\DIFX
2007-08-25 10:41 -------- d-------- C:\Documents and Settings\David King\Application Data\InstallShield
2007-08-25 10:11 -------- d-------- C:\Program Files\DAEMON Tools
2007-08-25 09:57 -------- d-------- C:\Program Files\FlatOut.2
2007-08-25 09:56 -------- d-------- C:\Program Files\XP Codec Pack
2007-08-25 09:56 -------- d-------- C:\Program Files\Codec Pack - All In 1
2007-08-25 09:55 -------- d-------- C:\Program Files\WinRAR
2007-08-25 00:37 -------- d-------- C:\Program Files\Internet Explorer
2007-08-24 22:57 -------- d-------- C:\Program Files\MSXML 6.0
2007-08-24 22:54 -------- d-------- C:\Program Files\MSXML 4.0
2007-08-24 22:48 -------- d-------- C:\Documents and Settings\David King\Application Data\ATI
2007-08-24 19:53 -------- d-------- C:\Documents and Settings\David King\Application Data\atitray
2007-08-24 18:46 -------- d-------- C:\Program Files\Common Files\Java
2007-08-24 18:21 -------- d-------- C:\Program Files\Messenger Plus! Live
2007-08-24 18:20 -------- d-------- C:\Program Files\Windows Live
2007-08-24 18:17 -------- d-------- C:\Documents and Settings\David King\Application Data\Macromedia
2007-08-24 18:03 62 --ahs---- C:\Documents and Settings\David King\Application Data\desktop.ini
2007-08-24 18:03 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2007-08-24 18:03 -------- d-------- C:\Program Files\Common Files\ODBC
2007-08-24 17:58 -------- d---s---- C:\Documents and Settings\David King\Application Data\Microsoft
2007-08-24 17:58 -------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 17:46 -------- d-------- C:\Program Files\XBCD
2007-08-24 17:45 -------- d-------- C:\Program Files\Grisoft
2007-08-24 17:42 -------- d--h----- C:\Program Files\Uninstall Information
2007-08-24 17:42 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2007-08-24 17:42 -------- d-------- C:\Documents and Settings\David King\Application Data\Identities
2007-08-24 17:38 -------- d-------- C:\Program Files\xerox
2007-08-24 17:38 -------- d-------- C:\Program Files\Windows Media Player
2007-08-24 17:38 -------- d-------- C:\Program Files\microsoft frontpage
2007-08-24 17:36 -------- d--h----- C:\Program Files\WindowsUpdate
2007-08-24 17:36 -------- d-------- C:\Program Files\Outlook Express
2007-08-24 17:36 -------- d-------- C:\Program Files\NetMeeting
2007-08-24 17:36 -------- d-------- C:\Program Files\Movie Maker
2007-08-24 17:36 -------- d-------- C:\Program Files\Common Files\Services
2007-08-24 17:36 -------- d-------- C:\Program Files\Common Files\MSSoap
2007-08-24 17:35 -------- d-------- C:\Program Files\Online Services
2007-08-24 17:35 -------- d-------- C:\Program Files\ComPlus Applications
2007-08-24 17:35 -------- d-------- C:\Program Files\Common Files\System
2007-08-24 17:34 -------- d-------- C:\Program Files\Windows NT
2007-08-24 17:34 -------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-24 17:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2007-08-24 17:34 -------- d-------- C:\Program Files\MSN
2007-08-24 17:34 -------- d-------- C:\Program Files\Messenger
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-28 04:37 8237056 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-07-28 04:31 344064 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-07-28 04:30 269312 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-28 04:30 2371584 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-28 04:23 143360 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-07-28 04:23 122880 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-07-28 04:22 43520 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-07-28 04:22 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-07-28 04:22 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-07-28 04:21 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-07-28 04:20 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-07-28 04:12 3067712 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-28 04:06 176128 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-07-28 04:01 1550208 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-28 03:50 5435392 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-07-28 03:47 266240 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-07-28 03:46 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-07-28 03:40 450560 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-07-22 13:14 86073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-07-22 13:14 8192 --a------ C:\WINDOWS\system32\streamci.dll
2007-07-22 13:14 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-07-22 13:14 77891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-07-22 13:14 77890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-07-22 13:14 77883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-07-22 13:14 72192 --a------ C:\WINDOWS\system32\sprio800.dll
2007-07-22 13:14 70656 --a------ C:\WINDOWS\system32\sprio600.dll
2007-07-22 13:14 69700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-07-22 13:14 69699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-07-22 13:14 69632 --a------ C:\WINDOWS\system32\spnike.dll
2007-07-22 13:14 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-07-22 13:14 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-07-22 13:14 61508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-07-22 13:14 61500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-07-22 13:14 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-07-22 13:14 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-07-22 13:14 55296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-07-22 13:14 53305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-07-22 13:14 52736 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-07-22 13:14 52224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-07-22 13:14 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2007-07-22 13:14 49211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-07-22 13:14 49211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-07-22 13:14 49209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-07-22 13:14 476160 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-07-22 13:14 47104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-07-22 13:14 45116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-07-22 13:14 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-07-22 13:14 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-07-22 13:14 41019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-07-22 13:14 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-07-22 13:14 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-07-22 13:14 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-07-22 13:14 35456 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-07-22 13:14 35328 --a------ C:\WINDOWS\system32\pid.dll
2007-07-22 13:14 323641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-07-22 13:14 3200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-07-22 13:14 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-07-22 13:14 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2007-07-22 13:14 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-07-22 13:14 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-07-22 13:14 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-07-22 13:14 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-07-22 13:14 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-07-22 13:14 20992 --a------ C:\WINDOWS\system32\hid.dll
2007-07-22 13:14 2017280 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2007-07-22 13:14 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2007-07-22 13:14 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-07-22 13:14 157696 --a------ C:\WINDOWS\system32\paqsp.dll
2007-07-22 13:14 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-07-22 13:14 15360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-07-22 13:14 147968 --a------ C:\WINDOWS\system32\mdwmdmsp.dll
2007-07-22 13:14 14592 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-07-22 13:14 13824 --a------ C:\WINDOWS\system32\wowfaxui.dll
2007-07-22 13:14 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-07-22 13:14 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-22 13:14 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2007-07-22 13:14 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2007-07-22 13:14 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2007-07-22 13:14 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2007-07-22 13:14 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2007-07-22 13:14 102457 --a------ C:\WINDOWS\system32\usrv42a.dll
2007-07-22 13:08 81664 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-07-22 13:08 80896 --a------ C:\WINDOWS\system32\fontsub.dll
2007-07-22 13:08 79872 --a------ C:\WINDOWS\system32\msxml6r.dll
2007-07-22 13:08 78720 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2007-07-22 13:08 726528 --a------ C:\WINDOWS\system32\lsasrv.dll
2007-07-22 13:08 7168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2007-07-22 13:08 62592 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2007-07-22 13:08 55808 --a------ C:\WINDOWS\system32\twext.dll
2007-07-22 13:08 464384 --a------ C:\WINDOWS\system32\imapi2fs.dll
2007-07-22 13:08 44032 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-07-22 13:08 399360 --a------ C:\WINDOWS\system32\rpcss.dll
2007-07-22 13:08 317952 --a------ C:\WINDOWS\system32\imapi2.dll
2007-07-22 13:08 297984 --a------ C:\WINDOWS\system32\MSCTF.dll
2007-07-22 13:08 2854912 --a------ C:\WINDOWS\system32\msi.dll
2007-07-22 13:08 1843968 --a------ C:\WINDOWS\system32\win32k.sys
2007-07-22 13:08 1287168 --a------ C:\WINDOWS\system32\ole32.dll
2007-07-22 13:08 12032 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2007-07-22 13:08 11008 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-07-22 13:08 10240 --a------ C:\WINDOWS\system32\drivers\sffp_mmc.sys
2007-07-22 13:00 95344 --a------ C:\WINDOWS\system32\wudfcoinstaller.dll
2007-07-22 13:00 82944 --a------ C:\WINDOWS\system32\drivers\wudfrd.sys
2007-07-22 13:00 77568 --a------ C:\WINDOWS\system32\drivers\wudfpf.sys
2007-07-22 13:00 656896 --a------ C:\WINDOWS\system32\wmvxencd.dll
2007-07-22 13:00 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2007-07-22 13:00 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2007-07-22 13:00 55808 --a------ C:\WINDOWS\system32\wudfsvc.dll
2007-07-22 13:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2007-07-22 13:00 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll
2007-07-22 13:00 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2007-07-22 13:00 356352 --a------ C:\WINDOWS\system32\WPDSp.dll
2007-07-22 13:00 316416 --a------ C:\WINDOWS\system32\wudfx.dll
2007-07-22 13:00 2603008 --a------ C:\WINDOWS\system32\wpdshext.dll
2007-07-22 13:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2007-07-22 13:00 165376 --a------ C:\WINDOWS\system32\wudfplatform.dll
2007-07-22 13:00 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2007-07-22 13:00 146432 --a------ C:\WINDOWS\system32\wudfhost.exe
2007-07-22 13:00 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2007-07-22 12:59 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-07-22 12:59 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-07-22 12:59 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-07-22 12:59 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2007-07-22 12:59 8704 --a------ C:\WINDOWS\system32\uWDF.exe
2007-07-22 12:59 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2007-07-22 12:59 767488 --a------ C:\WINDOWS\system32\wmvsencd.dll
2007-07-22 12:59 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-07-22 12:59 7168 --a------ C:\WINDOWS\system32\asferror.dll
2007-07-22 12:59 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2007-07-22 12:59 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-07-22 12:59 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-07-22 12:59 534528 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2007-07-22 12:59 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2007-07-22 12:59 45568 --a------ C:\WINDOWS\system32\mshta.exe
2007-07-22 12:59 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2007-07-22 12:59 414720 --a------ C:\WINDOWS\system32\msscp.dll
2007-07-22 12:59 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-07-22 12:59 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-07-22 12:59 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2007-07-22 12:59 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2007-07-22 12:59 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2007-07-22 12:59 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2007-07-22 12:59 317440 --a------ C:\WINDOWS\system32\mp4sdecd.dll
2007-07-22 12:59 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-07-22 12:59 312128 --a------ C:\WINDOWS\system32\msdelta.dll
2007-07-22 12:59 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2007-07-22 12:59 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2007-07-22 12:59 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2007-07-22 12:59 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-07-22 12:59 259072 --a------ C:\WINDOWS\system32\mpg4decd.dll
2007-07-22 12:59 259072 --a------ C:\WINDOWS\system32\mp43decd.dll
2007-07-22 12:59 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2007-07-22 12:59 24576 --a------ C:\WINDOWS\system32\nlsdl.dll
2007-07-22 12:59 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2007-07-22 12:59 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-07-22 12:59 23552 --a------ C:\WINDOWS\system32\normaliz.dll
2007-07-22 12:59 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2007-07-22 12:59 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2007-07-22 12:59 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2007-07-22 12:59 212992 --a------ C:\WINDOWS\system32\mfplat.dll
2007-07-22 12:59 211456 --a------ C:\WINDOWS\system32\qasf.dll
2007-07-22 12:59 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2007-07-22 12:59 199168 --a------ C:\WINDOWS\system32\portabledevicewmdrm.dll
2007-07-22 12:59 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-07-22 12:59 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2007-07-22 12:59 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2007-07-22 12:59 1661440 --a------ C:\WINDOWS\system32\WMPEncEn.dll
2007-07-22 12:59 1574912 --a------ C:\WINDOWS\system32\wmvencod.dll
2007-07-22 12:59 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-07-22 12:59 156160 --a------ C:\WINDOWS\system32\msls31.dll
2007-07-22 12:59 1543680 --a------ C:\WINDOWS\system32\wmvdecod.dll
2007-07-22 12:59 1382912 --a------ C:\WINDOWS\system32\wmvsdecd.dll
2007-07-22 12:59 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-07-22 12:59 132096 --a------ C:\WINDOWS\system32\portabledevicewiacompat.dll
2007-07-22 12:59 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2007-07-22 12:59 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2007-07-22 12:59 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-07-22 12:59 101888 --a------ C:\WINDOWS\system32\portabledeviceclassextension.dll
2007-07-22 12:59 100864 --a------ C:\WINDOWS\system32\logagent.exe
2007-07-22 12:58 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-07-22 12:58 71680 --a------ C:\WINDOWS\system32\admparse.dll
2007-07-22 12:58 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-07-22 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2007-07-22 12:58 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2007-07-22 12:58 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2007-07-22 12:58 3497832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-07-22 12:58 3495784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-07-22 12:58 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-22 12:58 266088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-07-22 12:58 26112 --a------ C:\WINDOWS\system32\idndl.dll
2007-07-22 12:58 255848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-22 12:58 251672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-07-22 12:58 2414360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-07-22 12:58 237848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-07-22 12:58 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-07-22 12:58 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-07-22 12:58 18280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-07-22 12:58 180736 --a------ C:\WINDOWS\system32\ieui.dll
2007-07-22 12:58 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-07-22 12:58 15128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-07-22 12:57 96768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-07-22 12:57 80896 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-07-22 12:57 713216 --a------ C:\WINDOWS\system32\sxs.dll
2007-07-22 12:57 69120 --a------ C:\WINDOWS\system32\wlanapi.dll
2007-07-22 12:57 68096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-07-22 12:57 65536 --a------ C:\WINDOWS\system32\wshext.dll
2007-07-22 12:57 57856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-07-22 12:57 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-07-22 12:57 50176 --a------ C:\WINDOWS\system32\utilman.exe
2007-07-22 12:57 49152 --a------ C:\WINDOWS\system32\wdigest.dll
2007-07-22 12:57 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2007-07-22 12:57 383488 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-07-22 12:57 364160 --a------ C:\WINDOWS\system32\drivers\update.sys
2007-07-22 12:57 36352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-07-22 12:57 360704 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-07-22 12:57 35840 --a------ C:\WINDOWS\system32\umandlg.dll
2007-07-22 12:57 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2007-07-22 12:57 332928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2007-07-22 12:57 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-07-22 12:57 28672 --a------ C:\WINDOWS\system32\wshcon.dll
2007-07-22 12:57 28672 --a------ C:\WINDOWS\system32\verclsid.exe
2007-07-22 12:57 26624 --a------ C:\WINDOWS\system32\verifier.dll
2007-07-22 12:57 249344 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-07-22 12:57 246814 --a------ C:\WINDOWS\system32\strmdll.dll
2007-07-22 12:57 225664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-07-22 12:57 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-07-22 12:57 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-07-22 12:57 135168 --a------ C:\WINDOWS\system32\shsvcs.dll
2007-07-22 12:57 132096 --a------ C:\WINDOWS\system32\wkssvc.dll
2007-07-22 12:57 123392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-07-22 12:57 121856 --a------ C:\WINDOWS\system32\xmllite.dll
2007-07-22 12:57 117760 --a------ C:\WINDOWS\system32\t2embed.dll
2007-07-22 12:57 114688 --a------ C:\WINDOWS\system32\wscript.exe
2007-07-22 12:57 101376 --a------ C:\WINDOWS\system32\txflog.dll
2007-07-22 12:56 985088 --a------ C:\WINDOWS\system32\setupapi.dll
2007-07-22 12:56 884736 --a------ C:\WINDOWS\system32\msimsg.dll
2007-07-22 12:56 84480 --a------ C:\WINDOWS\system32\pintool.exe
2007-07-22 12:56 838360 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-07-22 12:56 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-07-22 12:56 78848 --a------ C:\WINDOWS\system32\msiexec.exe
2007-07-22 12:56 74752 --a------ C:\WINDOWS\system32\olecli32.dll
2007-07-22 12:56 701440 --a------ C:\WINDOWS\system32\msxml2.dll
2007-07-22 12:56 66560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-07-22 12:56 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2007-07-22 12:56 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2007-07-22 12:56 62336 --a------ C:\WINDOWS\system32\drivers\rspndr.sys
2007-07-22 12:56 621272 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-07-22 12:56 61312 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-07-22 12:56 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-07-22 12:56 582656 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-07-22 12:56 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-07-22 12:56 53760 --a------ C:\WINDOWS\system32\narrator.exe
2007-07-22 12:56 531568 --a------ C:\WINDOWS\system32\RmActivate_isv.exe
2007-07-22 12:56 523376 --a------ C:\WINDOWS\system32\RmActivate.exe
2007-07-22 12:56 519280 --a------ C:\WINDOWS\system32\SecProc_isv.dll
2007-07-22 12:56 518768 --a------ C:\WINDOWS\system32\SecProc.dll
2007-07-22 12:56 433664 --a------ C:\WINDOWS\system32\riched20.dll
2007-07-22 12:56 386048 --a------ C:\WINDOWS\system32\qdvd.dll
2007-07-22 12:56 37376 --a------ C:\WINDOWS\system32\olecnv32.dll
2007-07-22 12:56 35840 --a------ C:\WINDOWS\system32\qfecheck.exe
2007-07-22 12:56 358000 --a------ C:\WINDOWS\system32\RmActivate_ssp.exe
2007-07-22 12:56 354416 --a------ C:\WINDOWS\system32\RmActivate_ssp_isv.exe
2007-07-22 12:56 343040 --a------ C:\WINDOWS\system32\msvcrt.dll
2007-07-22 12:56 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-07-22 12:56 288768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-07-22 12:56 279040 --a------ C:\WINDOWS\system32\qdv.dll
2007-07-22 12:56 271360 --a------ C:\WINDOWS\system32\msihnd.dll
2007-07-22 12:56 270336 --a------ C:\WINDOWS\system32\oakley.dll
2007-07-22 12:56 247808 --a------ C:\WINDOWS\system32\newdev.dll
2007-07-22 12:56 215552 --a------ C:\WINDOWS\system32\osk.exe
2007-07-22 12:56 2137600 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2007-07-22 12:56 202496 --a------ C:\WINDOWS\system32\drivers\RMCast.sys
2007-07-22 12:56 197632 --a------ C:\WINDOWS\system32\netman.dll
2007-07-22 12:56 192624 --a------ C:\WINDOWS\system32\SecProc_ssp_isv.dll
2007-07-22 12:56 192624 --a------ C:\WINDOWS\system32\SecProc_ssp.dll
2007-07-22 12:56 192512 --a------ C:\WINDOWS\system32\qcap.dll
2007-07-22 12:56 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2007-07-22 12:56 1705472 --a------ C:\WINDOWS\system32\netshell.dll
2007-07-22 12:56 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-07-22 12:56 163456 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2007-07-22 12:56 15360 --a------ C:\WINDOWS\system32\msisip.dll
2007-07-22 12:56 153088 --a------ C:\WINDOWS\system32\p2p.dll
2007-07-22 12:56 151552 --a------ C:\WINDOWS\system32\scrrun.dll
2007-07-22 12:56 151552 --a------ C:\WINDOWS\system32\scrobj.dll
2007-07-22 12:56 144896 --a------ C:\WINDOWS\system32\schannel.dll
2007-07-22 12:56 1435648 --a------ C:\WINDOWS\system32\query.dll
2007-07-22 12:56 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2007-07-22 12:56 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2007-07-22 12:56 122880 --a------ C:\WINDOWS\system32\oledlg.dll
2007-07-22 12:56 115712 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-07-22 12:56 10752 --a------ C:\WINDOWS\system32\rspndr.exe
2007-07-22 12:56 105088 --a------ C:\WINDOWS\system32\drivers\mup.sys
2007-07-22 12:56 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-07-22 12:55 98304 --a------ C:\WINDOWS\system32\cscript.exe
2007-07-22 12:55 981760 --a------ C:\WINDOWS\system32\mfc42u.dll
2007-07-22 12:55 927504 --a------ C:\WINDOWS\system32\mfc40u.dll
2007-07-22 12:55 73728 --a------ C:\WINDOWS\system32\mscms.dll
2007-07-22 12:55 72704 --a------ C:\WINDOWS\system32\magnify.exe
2007-07-22 12:55 72704 --a------ C:\WINDOWS\system32\hlink.dll
2007-07-22 12:55 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2007-07-22 12:55 62464 --a------ C:\WINDOWS\system32\cryptsvc.dll
2007-07-22 12:55 61952 --a------ C:\WINDOWS\system32\hdashcut.exe
2007-07-22 12:55 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2007-07-22 12:55 61440 --a------ C:\WINDOWS\system32\mmcshext.dll
2007-07-22 12:55 586240 --a------ C:\WINDOWS\system32\mlang.dll
2007-07-22 12:55 539136 --a------ C:\WINDOWS\system32\msftedit.dll
2007-07-22 12:55 5120 --a------ C:\WINDOWS\system32\hdaudres.dll
2007-07-22 12:55 498742 --a------ C:\WINDOWS\system32\dxmasf.dll
2007-07-22 12:55 49536 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2007-07-22 12:55 454656 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2007-07-22 12:55 42496 --a------ C:\WINDOWS\system32\ftp.exe
2007-07-22 12:55 41984 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2007-07-22 12:55 41472 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-07-22 12:55 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-07-22 12:55 397312 --a------ C:\WINDOWS\system32\mmcex.dll
2007-07-22 12:55 36921 --a------ C:\WINDOWS\system32\imeshare.dll
2007-07-22 12:55 36864 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2007-07-22 12:55 36096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2007-07-22 12:55 33792 --a------ C:\WINDOWS\system32\mmcperf.exe
2007-07-22 12:55 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2007-07-22 12:55 299008 --a------ C:\WINDOWS\system32\kerberos.dll
2007-07-22 12:55 28672 --a------ C:\WINDOWS\system32\dispex.dll
2007-07-22 12:55 262656 --a------ C:\WINDOWS\system32\drivers\http.sys
2007-07-22 12:55 254976 --a------ C:\WINDOWS\system32\icm32.dll
2007-07-22 12:55 25088 --a------ C:\WINDOWS\system32\hdaprop.dll
2007-07-22 12:55 243200 --a------ C:\WINDOWS\system32\es.dll
2007-07-22 12:55 2068480 --a------ C:\WINDOWS\system32\cdosys.dll
2007-07-22 12:55 19968 --a------ C:\WINDOWS\system32\linkinfo.dll
2007-07-22 12:55 198616 --a------ C:\WINDOWS\system32\iuengine.dll
2007-07-22 12:55 1913344 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2007-07-22 12:55 184320 --a------ C:\WINDOWS\system32\microsoft.managementconsole.dll
2007-07-22 12:55 183808 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2007-07-22 12:55 163328 --a------ C:\WINDOWS\system32\mmcbase.dll
2007-07-22 12:55 155136 --a------ C:\WINDOWS\system32\itircl.dll
2007-07-22 12:55 151552 --a------ C:\WINDOWS\system32\ifxcardm.dll
2007-07-22 12:55 148480 --a------ C:\WINDOWS\system32\cic.dll
2007-07-22 12:55 145920 --a------ C:\WINDOWS\system32\drivers\hdaudio.sys
2007-07-22 12:55 138752 --a------ C:\WINDOWS\system32\drivers\hdaudbus.sys
2007-07-22 12:55 137216 --a------ C:\WINDOWS\system32\itss.dll
2007-07-22 12:55 136320 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2007-07-22 12:55 1354752 --a------ C:\WINDOWS\system32\mmc.exe
2007-07-22 12:55 123392 --a------ C:\WINDOWS\system32\input.dll
2007-07-22 12:55 1082368 --a------ C:\WINDOWS\system32\esent.dll
2007-07-22 12:55 10752 --a------ C:\WINDOWS\hh.exe
2007-07-22 12:55 106496 --a------ C:\WINDOWS\system32\mmcfxcommon.dll
2007-07-22 12:54 96792 --a------ C:\WINDOWS\system32\basecsp.dll
2007-07-22 12:54 77824 --a------ C:\WINDOWS\system32\browser.dll
2007-07-22 12:54 62464 --a------ C:\WINDOWS\system32\authz.dll
2007-07-22 12:54 25600 --a------ C:\WINDOWS\system32\bcsprsrc.dll
2007-07-22 12:54 133120 --a------ C:\WINDOWS\system32\axaltocm.dll
2007-07-22 12:54 116736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-07-22 12:54 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2007-06-27 15:40 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-06-27 15:40 105984 --a------ C:\WINDOWS\system32\url.dll
2007-06-27 15:40 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-06-27 15:39 6059008 --a------ C:\WINDOWS\system32\ieframe.dll
2007-06-27 15:39 459264 --a------ C:\WINDOWS\system32\msfeeds.dll
2007-06-27 15:39 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-06-27 15:39 384512 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-06-27 15:39 383488 --a------ C:\WINDOWS\system32\ieapfltr.dll
2007-06-27 15:39 267776 --a------ C:\WINDOWS\system32\iertutil.dll
2007-06-27 15:39 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-06-27 15:39 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-06-27 15:39 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-06-27 10:16 63488 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-06-27 10:16 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2007-06-27 08:07 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-06-26 07:06 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 14:37 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:26 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-07 20:10 20480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-06-01 08:20 51568 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"AtiTrayTools"="\"C:\\Program Files\\Ray Adams\\ATI Tray Tools\\atitray.exe\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"PRONoMgr.exe"="C:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{C5FCE753-7E3E-414C-815E-86AF82D8817A}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggebby

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-08-29 12:59:44.56
C:\ComboFix.txt ... 07-08-29 12:59

Logfile of HijackThis v1.99.1
Scan saved at 13:00:51, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David King\My Documents\Internet Downloads\hijackthis_sfx\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187977371562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187977361953
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

thanx so much for helping me again

Baabiouz · Aug 27, 2007

Hi!

Rename HijackThis.exe

1. Right click on the HijackThis icon.

2. Select Rename.

3. Now type the following scanner.exe <<< NOTE: make sure to put period before exe when typing.
Hit the enter key on keyboard.

Double click on Scanner.exe.
Click on Do a system scan and save a logfile. Post log in next reply.

mrcapdown · Aug 27, 2007

Logfile of HijackThis v1.99.1
Scan saved at 14:00:50, on 29/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David King\My Documents\Internet Downloads\hijackthis_sfx\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - C:\WINDOWS\system32\hggebby.dll
O2 - BHO: (no name) - {D5F1A044-EE29-437F-8AE3-245A3C83AA2A} - C:\WINDOWS\system32\gebyx.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AtiTrayTools] "C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Azureus Vuze.lnk = C:\Program Files\Azureus\Azureus.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187977371562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187977361953
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: hggebby - C:\WINDOWS\SYSTEM32\hggebby.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

sorry i renamed the shortcut

Baabiouz · Aug 27, 2007

Yeps

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C5FCE753-7E3E-414C-815E-86AF82D8817A} - C:\WINDOWS\system32\hggebby.dll
O2 - BHO: (no name) - {D5F1A044-EE29-437F-8AE3-245A3C83AA2A} - C:\WINDOWS\system32\gebyx.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O20 - Winlogon Notify: gebyx - C:\WINDOWS\system32\gebyx.dll
O20 - Winlogon Notify: hggebby - C:\WINDOWS\SYSTEM32\hggebby.dll

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
___________________

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
__________________

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.
__________________

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\hggebby.dll
C:\WINDOWS\system32\mf.dll

__________________

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

When you are finished, please reboot the computer normally. Also, please let me know of any problems you may have encountered.
____________________

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT

* Now click on Scan Settings
* In the scan settings make that the following are selected:

* Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
*Scan Options:
Scan Archives
Scan Mail Bases

* Click OK
* Now under select a target to scan:
Select My Computer

* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:

* Save the file to your desktop.
* Copy and paste that information in your next post.
____________________

Please, post a fresh hijackthis log and Kaspersky's report

Log in or Sign up

problem spyware Hijackthis log inside

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

Share This Page

Log in or Sign up

problem spyware Hijackthis log inside

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

mrcapdown Regular member

Baabiouz Regular member

Share This Page

Useful Searches