Werid crashes maybe virus related

Skifer UK · 04-14-2007, 03:31 PM

Hey I'm having werid crashes on my computer recently i don't know at all what has really happend to make my computer crash

I know its not hardware issues, it could be a flaw on the system or it could be a crapware problem.

The problem is normally on the main desktop itself not on games or any type like that my websites have recently been taking longer to load up. It seems to be very slow at start up and after a minute or 2 it seems fine but it doesnt slow up at all and just crashes. But there has been some cases where it has crashed ingames and its sometimes in the browser. I didn't dare use firefox for sometime ago as each time i started firefox it would just crash the computer upon startup but all of a sudden with no changes what so ever it seems fine again.

So if you need anymore info i will digg some up for you i have done all the steps in the sticky and installed spywareblaster(the javacool one) and Spyware Gaurd and i have allready scanned my computer in safemode but with spybot S&D.

Heres my log

Logfile of HijackThis v1.99.1
Scan saved at 22:30:56, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175427384453
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Skifer UK · 04-15-2007, 11:02 AM

Bump.

Skifer UK · 04-16-2007, 08:34 AM

Bump.

Skifer UK · 04-17-2007, 10:10 AM

Help?.

Ried · 04-18-2007, 07:39 AM

Hello Skifer UK,

Pleae refer to this sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt

What exactly do you mean by crash--is the system randomly rebooting or just freezing?

Skifer UK · 04-22-2007, 03:50 PM

Deckard's System Scanner v20070411.38
Run by Ryan on 2007-04-22 at 22:48:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
45: 2007-04-22 21:48:31 UTC - RP45 - Deckard's System Scanner Restore Point
44: 2007-04-22 19:05:36 UTC - RP44 - Installed Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
43: 2007-04-22 19:03:07 UTC - RP43 - Removed Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
42: 2007-04-22 18:54:26 UTC - RP42 - Installed Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
41: 2007-04-20 17:56:43 UTC - RP41 - Installed THE SETTLERS - Heritage of Kings

-- First Restore Point --
1: 2007-04-01 10:33:59 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Ryan.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:49:10, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Desktop\dss.exe
C:\DOCUME~1\Ryan\Desktop\Ryan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CM-SmWizard] C:\WINDOWS\System\SmWizard.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\RunOnce: [DAP Cleanup] "C:\DOCUME~1\Ryan\LOCALS~1\Temp\DAPREMOVE.EXE" /CLEANUP /DIR="C:\PROGRA~1\DAP"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175427384453
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\drivers\giveio.sys
R0 nvidesm - c:\windows\system32\drivers\nvidesm.sys
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys

S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe

-- Scheduled Tasks -------------------------------------------------------------

2007-04-22 22:42:06 392 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (SKIFER-Ryan).job<MCAFEE~2.JOB>
2007-04-12 19:46:25 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>

-- Files created between 2007-03-22 and 2007-04-22 -----------------------------

2007-04-19 22:02:47 0 d-------- C:\Documents and Settings\Ryan\Application Data\My Games<MYGAME~1>
2007-04-19 20:34:17 0 d-------- C:\Documents and Settings\Ryan\Application Data\InstallShield Installation Information<INSTAL~1>
2007-04-19 20:32:42 0 d-------- C:\Program Files\Firaxis Games<FIRAXI~1>
2007-04-19 19:38:46 0 d-------- C:\Documents and Settings\Ryan\Application Data\Firaxis Games<FIRAXI~1>
2007-04-19 19:37:53 2297552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-19 19:34:40 92160 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2007-04-19 19:34:39 0 d-------- C:\Program Files\MagicDisc<MAGICD~1>
2007-04-19 19:30:08 0 d-------- C:\Program Files\MagicISO
2007-04-19 19:26:28 0 d-------- C:\Program Files\PowerISO
2007-04-18 18:20:49 0 d-------- C:\Program Files\DAP
2007-04-17 20:46:42 0 d-------- C:\WINDOWS\Sun
2007-04-17 20:46:42 0 d-------- C:\Documents and Settings\Ryan\Application Data\Sun
2007-04-14 22:20:51 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-04-14 22:19:10 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-14 22:19:10 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-04-14 17:28:37 0 d-------- C:\WINDOWS\Uninstall<UNINST~1>
2007-04-13 15:37:50 0 d-------- C:\Program Files\Rockstar Games<ROCKST~1>
2007-04-13 15:27:51 0 d-------- C:\WINDOWS\pss
2007-04-12 22:45:19 671 --a------ C:\WINDOWS\mozver.dat
2007-04-12 19:46:38 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-04-12 19:46:22 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-04-12 19:46:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer<APPLEC~1>
2007-04-10 01:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-04-10 01:19:07 0 d-------- C:\Documents and Settings\Ryan\Application Data\Azureus
2007-04-10 01:18:25 0 d-------- C:\Program Files\Azureus
2007-04-09 13:27:07 31548 --a------ C:\WINDOWS\system32\drivers\scdemu.sys
2007-04-08 20:25:00 0 d-------- C:\Program Files\SensorsView<SENSOR~1>
2007-04-04 14:56:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-04-04 00:56:06 0 d-------- C:\Program Files\Common Files\EasyInfo
2007-04-03 22:21:42 108144 --a------ C:\WINDOWS\system32\CmdLineExt.dll<CMDLIN~1.DLL>
2007-04-03 18:08:31 0 d-------- C:\Documents and Settings\Ryan\Application Data\Command & Conquer 3 Tiberium Wars<COMMAN~1>
2007-04-03 18:08:13 0 dr-h----- C:\Documents and Settings\Ryan\Application Data\SecuROM
2007-04-03 17:26:31 3426072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-03 17:09:43 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>
2007-04-02 17:31:40 0 d-------- C:\Program Files\Maxis
2007-04-02 16:31:05 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-04-02 16:30:56 4027840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-04-02 16:30:48 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-04-02 16:30:47 10528768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-04-02 16:30:46 577536 --a------ C:\WINDOWS\soundman.exe
2007-04-02 16:30:45 147456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-04-02 16:30:44 315392 --a------ C:\WINDOWS\alcupd.exe
2007-04-02 16:30:44 217088 --a------ C:\WINDOWS\Alcrmv.exe
2007-04-02 14:33:36 0 d-------- C:\Program Files\Lavalys
2007-04-02 14:22:13 266240 --a------ C:\WINDOWS\CMIUninstall.exe<CMIUNI~1.EXE>
2007-04-02 14:22:13 225280 --a------ C:\WINDOWS\CmiRmRedundDir.exe<CMIRMR~1.EXE>
2007-04-02 14:22:13 28672 --a------ C:\WINDOWS\CMIRmDriver.dll<CMIRMD~1.DLL>
2007-04-02 14:22:13 0 d-------- C:\Program Files\C-Media 3D Audio<C-MEDI~1>
2007-04-02 13:21:25 712704 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-04-02 13:21:25 712704 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-02 13:21:25 1458176 --a------ C:\WINDOWS\system\SmWizard.exe
2007-04-02 13:21:24 32768 --a------ C:\WINDOWS\system32\udaprop.dll
2007-04-02 13:21:24 815296 --a------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-04-02 13:21:24 147456 --a------ C:\WINDOWS\system32\cmuda.dll
2007-04-02 13:21:24 233472 --a------ C:\WINDOWS\system32\cmirmdrv.exe
2007-04-02 13:21:24 28672 --a------ C:\WINDOWS\system32\cmirmdrv.dll
2007-04-02 13:21:24 917504 --a------ C:\WINDOWS\system\cmids3d.dll
2007-04-02 10:36:31 0 d-------- C:\ddc1e6d2ef2e875defc4e20360a6<DDC1E6~1>
2007-04-01 19:22:35 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-01 17:08:18 0 d-------- C:\WINDOWS\Performance<PERFOR~1>
2007-04-01 17:07:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation<MICROS~2>
2007-04-01 17:07:54 0 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor<MICROS~3>
2007-04-01 16:25:35 115880 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-04-01 16:25:35 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-04-01 16:25:35 36528 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-01 16:25:35 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-01 16:25:35 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-01 16:25:02 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-04-01 16:18:01 0 d-------- C:\Documents and Settings\Ryan\Contacts
2007-04-01 16:13:02 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-04-01 15:59:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-01 15:53:27 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-01 15:49:53 0 d---s---- C:\Program Files\Xfire
2007-04-01 15:49:45 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-04-01 15:49:13 0 d-------- C:\Program Files\Winamp
2007-04-01 14:08:20 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-01 13:59:41 0 d-------- C:\Program Files\Thomson
2007-04-01 13:59:36 0 d-------- C:\Program Files\Teamspeak2_RC2<TEAMSP~1>
2007-04-01 13:50:05 0 d-------- C:\Program Files\Steam
2007-04-01 13:49:56 0 d-------- C:\Program Files\NVIDIA Corporation<NVIDIA~1>
2007-04-01 13:49:48 0 d-------- C:\Program Files\Nokia
2007-04-01 13:49:01 0 d-------- C:\Program Files\Nero
2007-04-01 13:48:42 0 d-------- C:\Program Files\NaturalMotion<NATURA~1>
2007-04-01 13:48:42 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-01 13:48:38 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-04-01 13:48:22 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~2>
2007-04-01 13:47:58 0 d-------- C:\Program Files\Logitech
2007-04-01 13:47:23 0 d-------- C:\Program Files\Java
2007-04-01 13:47:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-01 13:46:59 0 d-------- C:\Program Files\Google
2007-04-01 13:46:58 0 d-------- C:\Program Files\DivX
2007-04-01 13:46:56 0 d-------- C:\Program Files\BitLord
2007-04-01 13:45:38 0 d-------- C:\Program Files\Common Files\Real
2007-04-01 13:45:33 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-01 13:45:32 0 d-------- C:\Program Files\Common Files\NVIDIA Shared<NVIDIA~1>
2007-04-01 13:45:32 0 d-------- C:\Program Files\Common Files\NSV
2007-04-01 13:45:31 0 d-------- C:\Program Files\Common Files\Nokia
2007-04-01 13:45:24 0 d-------- C:\Program Files\Common Files\Logitech
2007-04-01 13:45:21 0 d-------- C:\Program Files\Common Files\Java
2007-04-01 13:44:50 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-01 13:44:50 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-04-01 13:38:04 0 d-------- C:\Documents and Settings\Ryan\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-04-01 13:37:54 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-04-01 13:25:47 0 d-------- C:\Program Files\McAfee
2007-04-01 13:25:47 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-01 13:25:43 0 d-------- C:\WINDOWS\system32\mclsphlr
2007-04-01 13:25:38 11264 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-01 13:25:38 90112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2007-04-01 13:25:38 131072 --a------ C:\WINDOWS\system32\mclsp.dll
2007-04-01 13:25:38 32768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-04-01 13:25:27 9216 --a------ C:\WINDOWS\system32\MpfApi.dll
2007-04-01 13:25:27 80640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys<MPFIRE~1.SYS>
2007-04-01 13:25:24 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall<MCAFEE~1.COM>
2007-04-01 13:25:12 114464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-04-01 13:25:05 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-04-01 13:24:48 349760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-04-01 13:24:48 288320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-04-01 13:24:48 0 d-------- C:\Program Files\McAfee.com
2007-04-01 13:24:40 0 d-------- C:\WINDOWS\system32\Adobe
2007-04-01 13:24:40 0 d-------- C:\WINDOWS\Profiles
2007-04-01 13:24:40 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-01 13:24:40 0 d-------- C:\Documents and Settings\Ryan\Application Data\InterTrust<INTERT~1>
2007-04-01 13:24:40 0 d-------- C:\Documents and Settings\Ryan\Application Data\Adobe
2007-04-01 13:24:37 306688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-01 13:23:38 0 d--hs---- C:\RECYCLER
2007-04-01 13:21:23 0 d-------- C:\WINDOWS\nview
2007-04-01 13:21:22 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-01 13:21:02 0 d-------- C:\NVIDIA
2007-04-01 13:01:01 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-01 13:00:49 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-04-01 12:48:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-04-01 12:45:38 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-01 12:45:38 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-01 12:45:37 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-01 12:42:29 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-01 12:42:29 0 d-------- C:\WINDOWS\system32\SoftwareDistribution<SOFTWA~1>
2007-04-01 12:36:18 0 d--hs---- C:\Documents and Settings\Ryan\UserData
2007-04-01 12:23:31 28160 -ra------ C:\WINDOWS\system32\nvmdcoi.dll
2007-04-01 12:23:31 20224 -ra------ C:\WINDOWS\system32\drivers\nvidesm.sys
2007-04-01 12:20:43 126976 -----n--- C:\WINDOWS\system32\NVNFINST.DLL
2007-04-01 12:19:53 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-01 12:19:52 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-01 12:19:50 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-01 12:19:49 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-01 12:19:47 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-01 12:19:46 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-01 12:19:45 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-01 12:19:43 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-01 12:19:42 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-01 12:19:40 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-01 12:19:39 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-01 12:19:35 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-01 12:18:34 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-04-01 12:17:56 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-01 12:17:28 52736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2007-04-01 12:17:06 74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-01 12:17:03 10624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-01 12:16:53 4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-01 12:16:53 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-01 12:16:53 2944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-04-01 12:16:52 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-01 12:16:00 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-04-01 12:15:59 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-01 12:15:56 0 dr------- C:\Program Files<PROGRA~1>
2007-04-01 12:15:56 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1>
2007-04-01 12:15:54 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-01 12:15:54 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-01 12:15:54 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-01 12:15:53 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-01 12:15:53 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-01 12:15:52 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-01 12:15:52 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-01 12:15:52 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-01 12:15:52 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-01 12:15:52 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-01 12:15:52 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-01 12:15:52 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-01 12:15:51 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-01 12:15:51 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-01 12:15:51 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-01 12:15:51 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-01 12:15:51 6144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-01 12:15:49 5632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-01 12:15:49 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-01 12:15:49 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-01 12:15:49 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-01 12:15:49 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-01 12:15:47 24661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-01 12:15:47 13312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-01 12:15:47 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-01 12:15:47 85020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-01 12:15:47 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-01 12:15:47 9008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-01 12:15:47 19200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-01 12:15:47 5120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-01 12:15:46 15360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-01 12:15:46 24064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-01 12:15:46 82944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-01 12:15:46 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-01 12:15:46 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-01 12:15:46 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-01 12:15:46 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-01 12:15:46 69584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-01 12:15:45 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-01 12:15:45 8704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-01 12:15:45 68768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-01 12:15:45 69120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-01 12:15:44 74752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-01 12:15:37 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1>
2007-04-01 12:15:26 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-01 12:15:26 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-01 12:14:57 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-01 12:14:57 0 d-------- C:\Documents and Settings<DOCUME~1>
2007-04-01 12:08:06 0 d-------- C:\WINDOWS
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\WinSxS
2007-04-01 12:08:06 0 dr------- C:\WINDOWS\Web
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\twain_32
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\wins
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\wbem
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\usmt
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\spool
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\Setup
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\ras
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\oobe
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\npp
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\mui
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\IME
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\ias
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\export
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\drivers
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-01 12:08:06 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\config
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\3076
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\2052
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1054
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1042
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1041
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1037
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1033
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1031
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1028
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system32\1025
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\system
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\security
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Resources<RESOUR~1>
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\repair
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Provisioning<PROVIS~1>
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\PeerNet
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\pchealth
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\mui
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\msapps
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\msagent
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Media
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\java
2007-04-01 12:08:06 0 d--h----- C:\WINDOWS\inf
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\ime
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Help
2007-04-01 12:08:06 0 dr--s---- C:\WINDOWS\Fonts
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1>
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Debug
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Cursors
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1>
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\Config
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\AppPatch
2007-04-01 12:08:06 0 d-------- C:\WINDOWS\addins
2007-04-01 11:38:25 208896 --a------ C:\WINDOWS\system32\NVUninst.exe
2007-04-01 11:38:25 208896 --a------ C:\WINDOWS\system32\nvuide.exe
2007-04-01 11:38:09 122 -ra------ C:\WINDOWS\system32\drivers\ramsed.bin
2007-04-01 11:38:09 80896 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2007-04-01 11:38:09 1024 -ra------ C:\WINDOWS\system32\drivers\jedih2rx.bin
2007-04-01 11:38:06 208896 --a------ C:\WINDOWS\system32\nvumctl.exe
2007-04-01 11:37:57 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-04-01 11:37:57 208896 --a------ C:\WINDOWS\system32\nvugart.exe
2007-04-01 11:37:57 18688 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2007-04-01 11:37:48 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-01 11:33:44 2883584 --ah----- C:\Documents and Settings\Ryan\NTUSER.DAT
2007-04-01 11:31:50 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-01 11:31:49 0 d-------- C:\WINDOWS\Prefetch
2007-04-01 11:31:48 786432 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-01 11:31:31 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-01 11:28:14 0 d-------- C:\WINDOWS\system32\xircom
2007-04-01 11:28:14 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-01 11:28:12 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-01 11:28:02 0 -rahs---- C:\MSDOS.SYS
2007-04-01 11:28:02 0 -rahs---- C:\IO.SYS
2007-04-01 11:28:02 0 --a------ C:\CONFIG.SYS
2007-04-01 11:28:02 0 --a------ C:\AUTOEXEC.BAT
2007-04-01 11:27:46 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-01 11:27:14 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-01 11:27:06 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-01 11:27:06 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-01 11:26:57 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-01 11:26:40 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-01 11:26:25 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-01 11:26:18 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-01 11:26:17 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-01 11:26:15 0 d---s---- C:\WINDOWS\Tasks
2007-04-01 11:26:15 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-01 11:26:14 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-01 11:26:11 0 d-------- C:\WINDOWS\srchasst
2007-04-01 11:26:10 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-01 11:26:08 173536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-01 11:26:08 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-01 11:26:08 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-01 11:26:08 6656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-01 11:26:08 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-01 11:26:08 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-01 11:26:07 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-01 11:26:07 124184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-01 11:26:07 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-01 11:26:07 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-01 11:26:07 382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-01 11:26:07 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-01 11:26:07 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-01 11:26:04 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-01 11:26:01 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-01 11:26:01 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-01 11:26:01 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-01 11:26:01 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-01 11:25:58 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-01 11:25:58 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-01 11:25:58 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-01 11:25:58 0 d-------- C:\WINDOWS\system32\Restore
2007-04-01 11:25:58 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-01 11:25:58 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-01 11:25:58 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-01 11:25:58 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-01 11:25:57 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-01 11:25:57 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-01 11:25:57 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-01 11:25:57 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-01 11:25:57 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-01 11:25:57 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-01 11:25:55 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-01 11:25:54 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-01 11:25:54 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-01 11:25:53 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-01 11:25:52 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-01 11:25:52 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-01 11:25:52 274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-01 11:25:51 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-01 11:25:51 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-01 11:25:51 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-01 11:25:51 73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-01 11:25:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-01 11:25:27 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-01 11:25:00 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-04-01 11:24:54 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-01 11:24:51 5632 --a------ C:\WINDOWS\system32\write.exe
2007-04-01 11:24:51 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-01 11:24:45 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-01 11:24:45 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-01 11:24:44 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-01 11:24:44 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-01 11:24:44 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-01 11:24:44 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-01 11:24:40 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-01 11:24:39 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-01 11:24:39 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-01 11:24:39 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-01 11:24:39 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-01 11:24:39 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-01 11:24:38 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-01 11:24:38 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-01 11:24:38 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-01 11:24:38 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-01 11:24:38 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-01 11:24:38 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-01 11:24:38 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-01 11:24:38 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-01 11:24:38 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-01 11:24:38 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-01 11:24:38 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-01 11:24:38 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-01 11:24:38 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-01 11:24:38 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-01 11:24:38 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-01 11:24:38 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-01 11:24:37 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-01 11:24:37 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-01 11:24:37 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-01 11:24:37 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-01 11:24:37 97792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-01 11:24:37 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-01 11:24:36 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-01 11:24:36 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-01 11:24:22 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-01 11:24:22 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-01 11:24:21 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-01 11:24:21 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-01 11:24:21 347136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-01 11:24:21 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-01 11:24:21 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-01 11:24:20 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-01 11:24:20 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-01 11:24:20 60416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-01 11:24:20 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-01 11:24:20 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-01 11:24:20 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-01 11:24:20 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-01 11:24:20 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-01 11:24:20 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-01 11:24:19 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-01 11:24:19 295424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-01 11:24:19 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-01 11:24:19 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-01 11:24:19 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-01 11:24:19 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-01 11:24:19 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-01 11:24:19 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-01 11:24:19 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-01 11:24:19 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-01 11:24:19 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-01 11:24:19 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-01 11:24:19 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-01 11:24:18 11776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-01 11:24:18 91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-01 11:24:18 956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-01 11:24:18 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-01 11:24:18 58880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-01 11:24:18 6144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-01 11:24:17 0 d-------- C:\WINDOWS\system32\Com
2007-04-01 11:24:17 60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-01 11:24:17 110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-01 11:24:17 625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-01 11:24:17 85504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-01 11:24:17 225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-01 11:24:16 540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-01 11:24:16 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-01 11:24:16 498688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-01 11:24:12 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-01 11:24:12 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-01 11:24:12 58880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-01 11:24:12 185344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-01 11:24:08 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-01 11:24:07 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

-- Find3M Report ---------------------------------------------------------------

2007-04-01 17:10:58 0 d---s---- C:\Documents and Settings\Ryan\Application Data\Microsoft<MICROS~1>
2007-04-01 15:54:17 0 d-------- C:\Documents and Settings\Ryan\Application Data\Macromedia<MACROM~1>
2007-04-01 15:53:23 0 d-------- C:\Documents and Settings\Ryan\Application Data\Mozilla
2007-04-01 12:15:37 62 --ahs---- C:\Documents and Settings\Ryan\Application Data\desktop.ini
2007-04-01 11:33:49 0 d-------- C:\Documents and Settings\Ryan\Application Data\Identities<IDENTI~1>
2007-03-17 14:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 16:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 16:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 16:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 14:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 21:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll

-- Registry Dump ---------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Steam"="\"c:\\program files\\steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"McafWelcome"="C:\\Program Files\\McAfee.com\\Agent\\mcwelcom.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"CM-SmWizard"="C:\\WINDOWS\\System\\SmWizard.exe"
"SoundMan"="SOUNDMAN.EXE"
@=""
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"DAP Cleanup"="\"C:\\DOCUME~1\\Ryan\\LOCALS~1\\Temp\\DAPREMOVE.EXE\" /CLEANUP /DIR=\"C:\\PROGRA~1\\DAP\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8de4cb91-e043-11db-9862-806d6172696f}]
Shell\AutoRun\command E:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95d00391-e040-11db-b368-806d6172696f}]
Shell\AutoRun\command E:\setup.exe

-- End of Deckard's System Scanner: finished at 2007-04-22 at 22:49:34 ---------

Its just randomly freezing.

Ried · 04-23-2007, 06:53 AM

Hiya,

I'm not seeing anything in these logs. Let's see if the following reveals anything for us:

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users**

If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please include the following in your next reply:

AVG A-S report
Kaspersky results
New HijackThis log

04-15-2007, 11:02 AM	#2 (permalink)
Skifer UK Registered User Join Date: Dec 2006 Posts: 247 OS: Vista 32 bit Ultimate	Re: Werid crashes maybe virus related Bump.

04-16-2007, 08:34 AM	#3 (permalink)
Skifer UK Registered User Join Date: Dec 2006 Posts: 247 OS: Vista 32 bit Ultimate	Re: Werid crashes maybe virus related Bump.

04-17-2007, 10:10 AM	#4 (permalink)
Skifer UK Registered User Join Date: Dec 2006 Posts: 247 OS: Vista 32 bit Ultimate	Re: Werid crashes maybe virus related Help?.

04-18-2007, 07:39 AM	#5 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 20,048 OS: WinXP and Vista	Re: Werid crashes maybe virus related Hello Skifer UK, Pleae refer to this sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log Download Deckard's System Scanner (DSS) to your Desktop. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. Please include the following in your next reply: main.txt an attached extra.txt What exactly do you mean by crash--is the system randomly rebooting or just freezing? __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

04-23-2007, 06:53 AM	#7 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 20,048 OS: WinXP and Vista	Re: Werid crashes maybe virus related Hiya, I'm not seeing anything in these logs. Let's see if the following reveals anything for us: Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. -------------------------------------------------------------------- Next, please reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. Make sure to close any open browsers. -------------------------------------------------------------------- IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, Please ensure it is set to Quarantine then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner. -------------------------------------------------------------------- Reboot into Normal Mode. -------------------------------------------------------------------- Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply Note for Internet Explorer 7 users If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. Please include the following in your next reply: AVG A-S report Kaspersky results New HijackThis log __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."