eiankei

I did those steps & here's the result from Hijackthis:

eiankei

It seems that problem is fixed...! I think the tools that you recommended in Hijackthis thread made it work like charm!
Thanks guys!

eiankei

I thought wrong! The problem still exists :| It seems that somebody is monitoring my computer or something like that... A couple of minutes after posting the message above, my computer started crashing again & again... i just don't get it...
Please help me guys!
Thank you!

eiankei

Bump!

Eclipse2003

Please post a fresh HJT log

eiankei

eiankei

Bump!

Ried

Hello eiankei,

Our apologies for the delay, we are short handed at the moment.

You are currently running more than 1 Anti Virus program. While it may seem to be added protection for you, more than 1 Anti Virus can cause conflicts and confusion between the AV programs as well as system instability. Please choose and run only 1 and uninstall the other via the Add/Remove Programs in the Control Panel.


Unfortunately, there is nothing readily apparent in this log that would cause the issues you're describing. We'll run a few tools and see if any malware is revealed.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

******************************************************

Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
   • Select "Automatically generate report after every scan"
   • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.



Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

------------------------------------------------

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:

• Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions" **Please ensure it is set to Quarantine
• Next select the "Reports" icon at the top.
• Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
• Click on see report. Then click Save report

Please include the following in your next reply:

Ewido results
Panda results
New HijackThis log

eiankei

Ewido report:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:08:13 PM 8/21/2006

+ Scan result:



C:\Program Files\K-Lite\is-A8RV4.tmp -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\K-Lite\is-IDK84.tmp -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\K-Lite\traffic.core -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\DVD2SVCD\Tylo\D2SRoBa.exe -> Trojan.Starter.41 : Cleaned with backup (quarantined).


::Report end


Panda Antivirus:

Incident Status Location

Adware:adware/gimmy Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@ad.yieldmanager[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@adserver.filefront[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@media.fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@qksrv[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ei_An_Kei\Cookies\ei_an_kei@tribalfusion[1].txt

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:42:34 PM, on 8/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Vidalia\vidalia.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ei_An_Kei\Desktop\Programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PhishingNet BHO - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155725692359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155766989906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E369F0FB-5C65-44C5-AF88-38AACA5323EC}: NameServer = 81.91.129.67 81.91.129.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks for the help!

Ried

I'm not seeing any lurking malware in these reports. Can you provide more detail?
-When you say 'crashing'...is your system restarting, or freezing up?
-Do you get any error messages?
-Are you experiencing any other symptoms?
Did any of those scans find anything on your system, and if so, please tell me what they found.

--------------------------

1. Download combofix from one of these locations:
   • http://www.techsupportforum.com/sectools/combofix.exe
   • http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

eiankei

It just freezes up, without any notice, warning, error or even symptom! It happens when I'm connected to the internet & my connection is active (it's sending or receiving data)
I reinstalled Windows twice, but it didn't solve the problem! I have Used Kaspersky Antivirus, Bitdefender, Panda Antivirus, ZoneAlarm, NOD32 but the problem still exists... At the moment, I use Bitdefender az Antivirus & ZoneAlarm as Firewall.
Even not using any AntiVirus didn't help...!
I have used this modem on another PC but it didn't have any problem! I just don't get it! It's really odd & strange...

eiankei

I'll use combo fix & post the log ASAP...!
Thanks for the help!

eiankei

Here's the ComboFix Log file:

Ei_An_Kei - 06-08-22 1:42:09.25
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Ei_An_Kei\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-22 to 2006-08-22 ))))))))))))))))))))))))))))))))))


2006-08-18 15:28 63,488 C:\WINDOWS\system32\unam4ie.exe
2006-08-18 15:28 38,160 C:\WINDOWS\system32\LMRTREND.dll
2006-08-18 15:28 194,320 C:\WINDOWS\system32\qcut.dll
2006-08-18 15:28 182,032 C:\WINDOWS\system32\dxtmsft3.dll
2006-08-18 15:28 10,240 C:\WINDOWS\system32\vidx16.dll
2006-08-18 15:27 4,608 C:\WINDOWS\system32\w95inf32.dll
2006-08-18 15:27 2,272 C:\WINDOWS\system32\w95inf16.dll
2006-08-17 19:28 77,824 C:\WINDOWS\system32\driverif.dll
2006-08-17 19:28 75,776 C:\WINDOWS\zllsputility.exe
2006-08-17 19:28 733,236 C:\WINDOWS\system32\vete.dll
2006-08-17 19:28 12,288 C:\WINDOWS\system32\vetntmsg.dll
2006-08-17 16:21 109,568 C:\WINDOWS\system32\pxinsi64.exe
2006-08-17 16:21 108,544 C:\WINDOWS\system32\pxcpyi64.exe
2006-08-17 10:20 221,184 C:\WINDOWS\system32\wmpns.dll
2006-08-17 02:39 127,208 C:\WINDOWS\system32\mucltui.dll
2006-08-17 02:18 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-17 01:51 18,200 C:\WINDOWS\system32\wups2.dll
2006-08-16 15:22 11,264 C:\WINDOWS\system32\SpOrder.dll
2006-08-16 14:05 107,132 C:\WINDOWS\UninstallFirefox.exe
2006-08-16 13:20 7,040 C:\WINDOWS\system32\ntsim.sys
2006-08-16 01:03 41,472 C:\WINDOWS\system32\iolobtdfg.exe
2006-08-16 01:03 25,264 C:\WINDOWS\system32\smrgdf.exe
2006-08-16 01:03 1,212,416 C:\WINDOWS\system32\Incinerator.dll
2006-08-15 21:17 98,304 C:\WINDOWS\system32\msir3jp.dll
2006-08-15 21:17 9,216 C:\WINDOWS\system32\kbdnecAT.dll
2006-08-15 21:17 838,144 C:\WINDOWS\system32\chtbrkr.dll
2006-08-15 21:17 811,064 C:\WINDOWS\system32\imjp81k.dll
2006-08-15 21:17 76,288 C:\WINDOWS\system32\uniime.dll
2006-08-15 21:17 70,656 C:\WINDOWS\system32\korwbrkr.dll
2006-08-15 21:17 7,680 C:\WINDOWS\system32\kbdnecNT.dll
2006-08-15 21:17 7,168 C:\WINDOWS\system32\kbdnec95.dll
2006-08-15 21:17 7,168 C:\WINDOWS\system32\kbdibm02.dll
2006-08-15 21:17 7,168 C:\WINDOWS\system32\f3ahvoas.dll
2006-08-15 21:17 6,656 C:\WINDOWS\system32\kbdlk41a.dll
2006-08-15 21:17 6,144 C:\WINDOWS\system32\kbdlk41j.dll
2006-08-15 21:17 6,144 C:\WINDOWS\system32\kbdax2.dll
2006-08-15 21:17 6,144 C:\WINDOWS\system32\kbd106n.dll
2006-08-15 21:17 6,144 C:\WINDOWS\system32\kbd101a.dll
2006-08-15 21:17 6,144 C:\WINDOWS\system32\kbd101.dll
2006-08-15 21:17 218,112 C:\WINDOWS\system32\c_g18030.dll
2006-08-15 21:17 1,677,824 C:\WINDOWS\system32\chsbrkr.dll
2006-08-15 21:16 8,704 C:\WINDOWS\system32\kbdjpn.dll
2006-08-15 21:16 8,192 C:\WINDOWS\system32\kbdkor.dll
2006-08-15 21:16 6,656 C:\WINDOWS\system32\c_is2022.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbdth3.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbdth2.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbdinpun.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbd106.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbd101c.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\kbd101b.dll
2006-08-15 21:16 6,144 C:\WINDOWS\system32\ftlx041e.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdvntc.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdusa.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdurdu.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdth1.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdth0.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdsyr2.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdsyr1.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdintel.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdintam.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdinmar.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdinkan.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdinhin.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdinguj.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdindev.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdheb.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbdfa.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbddiv2.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbddiv1.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbda3.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbda2.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbda1.dll
2006-08-15 21:16 5,632 C:\WINDOWS\system32\kbd103.dll
2006-08-15 21:16 5,120 C:\WINDOWS\system32\kbdgeo.dll
2006-08-15 21:16 5,120 C:\WINDOWS\system32\kbdarmw.dll
2006-08-15 21:16 5,120 C:\WINDOWS\system32\kbdarme.dll
2006-08-15 21:16 185,344 C:\WINDOWS\system32\Thawbrkr.dll
2006-08-15 21:16 10,752 C:\WINDOWS\system32\c_iscii.dll
2006-08-15 20:52 74,240 C:\WINDOWS\system32\usbui.dll
2006-08-15 20:48 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-08-15 20:48 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-08-15 20:48 6,144 C:\WINDOWS\system32\kbdest.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdur.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdru.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-08-15 20:48 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-08-15 20:47 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-08-15 20:47 8,704 C:\WINDOWS\system32\batt.dll
2006-08-15 20:47 74,752 C:\WINDOWS\system32\storprop.dll
2006-08-15 20:47 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-08-15 20:47 69,120 C:\WINDOWS\NOTEPAD.EXE
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-08-15 20:47 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-08-15 20:47 5,632 C:\WINDOWS\system32\kbdro.dll
2006-08-15 20:47 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-08-15 20:47 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-08-15 20:47 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-08-15 20:47 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-08-15 20:47 15,360 C:\WINDOWS\TASKMAN.EXE
2006-08-15 20:47 13,312 C:\WINDOWS\system32\irclass.dll
2006-08-15 20:47 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-08-15 20:46 86,016 C:\WINDOWS\unvise32qt.exe
2006-08-15 20:17 24,576 C:\WINDOWS\system32\ipwcomm.dll
2006-08-15 18:48 286,720 C:\WINDOWS\iun506.exe
2006-08-15 18:45 69,632 C:\WINDOWS\system32\TosOlkN.dll
2006-08-15 18:45 40,960 C:\WINDOWS\system32\ToscmddN.dll
2006-08-15 18:45 24,576 C:\WINDOWS\system32\TosusrpN.dll
2006-08-15 18:45 102,400 C:\WINDOWS\system32\Tossps.scr
2006-08-15 18:44 88,363 C:\WINDOWS\agrsmmsg.exe
2006-08-15 18:44 77,824 C:\WINDOWS\system32\tosmreg.exe
2006-08-15 18:44 64,512 C:\WINDOWS\agrsmdel.exe
2006-08-15 18:44 45,056 C:\WINDOWS\system32\csellang.dll
2006-08-15 18:44 110,592 C:\WINDOWS\system32\cselect.exe
2006-08-15 18:42 90,112 C:\WINDOWS\system32\CpuPerf.dll
2006-08-15 18:42 81,920 C:\WINDOWS\system32\TPwrReg.dll
2006-08-15 18:42 53,248 C:\WINDOWS\system32\TPwrCfg.dll
2006-08-15 18:42 53,248 C:\WINDOWS\system32\TPSTrace.dll
2006-08-15 18:42 53,248 C:\WINDOWS\system32\TPSDel.dll
2006-08-15 18:42 45,056 C:\WINDOWS\system32\TPSMainCtl.dll
2006-08-15 18:42 45,056 C:\WINDOWS\system32\TPSBattM.exe
2006-08-15 18:42 45,056 C:\WINDOWS\system32\TPSAddin.dll
2006-08-15 18:42 278,528 C:\WINDOWS\system32\TPSMain.exe
2006-08-15 18:41 45,056 C:\WINDOWS\system32\Tfaxext.exe
2006-08-15 18:41 28,672 C:\WINDOWS\system32\tfaxext.dll
2006-08-15 18:40 9,216 C:\WINDOWS\system32\TCMSVR.dll
2006-08-15 18:40 4,608 C:\WINDOWS\system32\TEDApi.dll
2006-08-15 18:40 4,096 C:\WINDOWS\system32\TSBWLS.dll
2006-08-15 18:40 28,672 C:\WINDOWS\system32\TPeculiarity.dll
2006-08-15 18:40 126,976 C:\WINDOWS\system32\MousePage.dll
2006-08-15 18:40 114,688 C:\WINDOWS\system32\TCtrlIO.dll
2006-08-15 18:40 102,400 C:\WINDOWS\system32\TCtrlCommon.dll
2006-08-15 18:36 90,112 C:\WINDOWS\InstDrvr.exe
2006-08-15 18:36 306,688 C:\WINDOWS\IsUninst.exe
2006-08-15 18:34 65,536 C:\WINDOWS\system32\Audio3D.dll
2006-08-15 18:34 65,536 C:\WINDOWS\system32\a3d.dll
2006-08-15 18:34 65,024 C:\WINDOWS\soundman.exe
2006-08-15 18:34 6,584,832 C:\WINDOWS\system32\RTLCPL.exe
2006-08-15 18:34 4,096 C:\WINDOWS\system32\ksuser.dll
2006-08-15 18:34 208,896 C:\WINDOWS\alcupd.exe
2006-08-15 18:34 155,648 C:\WINDOWS\system32\RTLCPAPI.dll
2006-08-15 18:34 139,264 C:\WINDOWS\alcrmv.exe
2006-08-15 18:32 843,776 C:\WINDOWS\system32\AegisE5.dll
2006-08-15 18:32 651,264 C:\WINDOWS\system32\libeay32.dll
2006-08-15 18:32 389,120 C:\WINDOWS\system32\athcfg11.dll
2006-08-15 18:32 36,933 C:\WINDOWS\system32\athgina.dll
2006-08-15 18:32 28,672 C:\WINDOWS\system32\DelRunOnceReg.exe
2006-08-15 18:32 28,672 C:\WINDOWS\system32\ControlACS.exe
2006-08-15 18:32 241,664 C:\WINDOWS\system32\ControlWZCS.exe
2006-08-15 18:32 20,480 C:\WINDOWS\system32\acs.exe
2006-08-15 18:32 147,456 C:\WINDOWS\system32\ssleay32.dll
2006-08-15 18:32 110,592 C:\WINDOWS\system32\AegisI5.exe
2006-08-15 18:29 32,768 C:\WINDOWS\system32\RmWLAN.exe
2006-08-15 18:29 32,768 C:\WINDOWS\system32\CloseACU.exe
2006-08-15 18:29 270,336 C:\WINDOWS\system32\PlugPlayPCIDevice.exe
2006-08-15 18:29 19,968 C:\WINDOWS\system32\RefreshDevice.exe
2006-08-15 18:29 163,840 C:\WINDOWS\system32\MFCFirstRemove.exe
2006-08-15 18:15 112,128 C:\WINDOWS\system32\mapi32.dll
2006-08-15 18:11 81,920 C:\WINDOWS\system32\isign32.dll
2006-08-15 18:11 81,920 C:\WINDOWS\system32\ils.dll
2006-08-15 18:11 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-08-15 18:11 73,728 C:\WINDOWS\system32\icwdial.dll
2006-08-15 18:11 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-08-15 18:11 69,632 C:\WINDOWS\system32\msconf.dll
2006-08-15 18:11 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-08-15 18:11 67,584 C:\WINDOWS\system32\srclient.dll
2006-08-15 18:11 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-08-15 18:11 64,512 C:\WINDOWS\system32\acctres.dll
2006-08-15 18:11 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-08-15 18:11 48,128 C:\WINDOWS\system32\inetres.dll
2006-08-15 18:11 465,176 C:\WINDOWS\system32\wuapi.dll
2006-08-15 18:11 45,568 C:\WINDOWS\system32\safrslv.dll
2006-08-15 18:11 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-08-15 18:11 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-08-15 18:11 41,240 C:\WINDOWS\system32\wups.dll
2006-08-15 18:11 382,464 C:\WINDOWS\system32\qmgr.dll
2006-08-15 18:11 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-08-15 18:11 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-08-15 18:11 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-08-15 18:11 29,696 C:\WINDOWS\system32\safrdm.dll
2006-08-15 18:11 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-08-15 18:11 274,944 C:\WINDOWS\system32\mstask.dll
2006-08-15 18:11 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-08-15 18:11 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-08-15 18:11 239,104 C:\WINDOWS\system32\srrstr.dll
2006-08-15 18:11 22,528 C:\WINDOWS\system32\fltMc.exe
2006-08-15 18:11 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-08-15 18:11 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-08-15 18:11 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-08-15 18:11 173,536 C:\WINDOWS\system32\wuweb.dll
2006-08-15 18:11 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-08-15 18:11 170,496 C:\WINDOWS\system32\srsvc.dll
2006-08-15 18:11 16,896 C:\WINDOWS\system32\fltlib.dll
2006-08-15 18:11 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-08-15 18:11 127,256 C:\WINDOWS\system32\wucltui.dll
2006-08-15 18:11 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-08-15 18:11 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-08-15 18:11 12,288 C:\WINDOWS\system32\mstinit.exe
2006-08-15 18:11 11,264 C:\WINDOWS\system32\atrace.dll
2006-08-15 18:11 105,984 C:\WINDOWS\system32\msoert2.dll
2006-08-15 18:11 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-08-15 17:56 85,504 C:\WINDOWS\system32\mhn.dll
2006-08-15 17:56 8,704 C:\WINDOWS\system32\igdetect.dll
2006-08-15 17:56 7,093,760 C:\WINDOWS\system32\space.scr
2006-08-15 17:56 5,068,800 C:\WINDOWS\system32\davinci.scr
2006-08-15 17:56 4,396,544 C:\WINDOWS\system32\wpgldfsh.scr
2006-08-15 17:56 3,343,360 C:\WINDOWS\system32\nature.scr
2006-08-15 17:56 1,742,336 C:\WINDOWS\system32\mypixdx.scr
2006-08-15 17:53 97,792 C:\WINDOWS\system32\comrepl.dll
2006-08-15 17:53 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-08-15 17:53 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-08-15 17:53 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-08-15 17:53 9,728 C:\WINDOWS\system32\reset.exe
2006-08-15 17:53 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-08-15 17:53 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-08-15 17:53 80,384 C:\WINDOWS\system32\charmap.exe
2006-08-15 17:53 73,216 C:\WINDOWS\system32\avwav.dll
2006-08-15 17:53 67,072 C:\WINDOWS\system32\rdshost.exe
2006-08-15 17:53 655,360 C:\WINDOWS\system32\mstscax.dll
2006-08-15 17:53 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-08-15 17:53 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-08-15 17:53 605,696 C:\WINDOWS\system32\getuname.dll
2006-08-15 17:53 60,416 C:\WINDOWS\system32\remotepg.dll
2006-08-15 17:53 60,416 C:\WINDOWS\system32\colbact.dll
2006-08-15 17:53 6,144 C:\WINDOWS\system32\msdtc.exe
2006-08-15 17:53 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-08-15 17:53 58,880 C:\WINDOWS\system32\licwmi.dll
2006-08-15 17:53 56,832 C:\WINDOWS\system32\sol.exe
2006-08-15 17:53 56,320 C:\WINDOWS\system32\servdeps.dll
2006-08-15 17:53 55,296 C:\WINDOWS\system32\freecell.exe
2006-08-15 17:53 540,160 C:\WINDOWS\system32\comuid.dll
2006-08-15 17:53 54,272 C:\WINDOWS\system32\stclient.dll
2006-08-15 17:53 538,624 C:\WINDOWS\system32\spider.exe
2006-08-15 17:53 5,632 C:\WINDOWS\system32\write.exe
2006-08-15 17:53 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-08-15 17:53 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-08-15 17:53 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-08-15 17:53 44,544 C:\WINDOWS\system32\hticons.dll
2006-08-15 17:53 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-08-15 17:53 407,552 C:\WINDOWS\system32\mstsc.exe
2006-08-15 17:53 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-08-15 17:53 4,096 C:\WINDOWS\system32\mtxex.dll
2006-08-15 17:53 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-08-15 17:53 35,328 C:\WINDOWS\system32\winchat.exe
2006-08-15 17:53 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-08-15 17:53 343,040 C:\WINDOWS\system32\mspaint.exe
2006-08-15 17:53 33,792 C:\WINDOWS\system32\regini.exe
2006-08-15 17:53 295,424 C:\WINDOWS\system32\termsrv.dll
2006-08-15 17:53 25,600 C:\WINDOWS\system32\comaddin.dll
2006-08-15 17:53 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-08-15 17:53 227,840 C:\WINDOWS\system32\avtapi.dll
2006-08-15 17:53 225,792 C:\WINDOWS\system32\catsrv.dll
2006-08-15 17:53 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-08-15 17:53 20,992 C:\WINDOWS\system32\msg.exe
2006-08-15 17:53 20,480 C:\WINDOWS\system32\qprocess.exe
2006-08-15 17:53 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-08-15 17:53 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-08-15 17:53 185,344 C:\WINDOWS\system32\cmprops.dll
2006-08-15 17:53 183,808 C:\WINDOWS\system32\accwiz.exe
2006-08-15 17:53 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-08-15 17:53 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-08-15 17:53 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-08-15 17:53 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-08-15 17:53 16,384 C:\WINDOWS\system32\tskill.exe
2006-08-15 17:53 16,384 C:\WINDOWS\system32\avmeter.dll
2006-08-15 17:53 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-08-15 17:53 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-08-15 17:53 15,360 C:\WINDOWS\system32\logoff.exe
2006-08-15 17:53 147,968 C:\WINDOWS\system32\rdchost.dll
2006-08-15 17:53 147,456 C:\WINDOWS\system32\comsnap.dll
2006-08-15 17:53 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-08-15 17:53 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-08-15 17:53 14,848 C:\WINDOWS\system32\tscon.exe
2006-08-15 17:53 14,848 C:\WINDOWS\system32\shadow.exe
2006-08-15 17:53 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-08-15 17:53 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-08-15 17:53 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-08-15 17:53 126,976 C:\WINDOWS\system32\mshearts.exe
2006-08-15 17:53 123,392 C:\WINDOWS\system32\mplay32.exe
2006-08-15 17:53 119,808 C:\WINDOWS\system32\winmine.exe
2006-08-15 17:53 114,688 C:\WINDOWS\system32\calc.exe
2006-08-15 17:53 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-08-15 17:53 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-08-15 17:53 11,264 C:\WINDOWS\system32\icaapi.dll
2006-08-15 17:53 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-08-15 17:53 1,267,200 C:\WINDOWS\system32\comsvcs.dll
2006-08-15 17:53 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-27 05:35 73,728 C:\WINDOWS\system32\dpl100.dll
2006-07-27 05:35 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 05:35 192,512 C:\WINDOWS\system32\dtu100.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-22 01:26 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Vidalia
2006-08-22 01:26 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Tor
2006-08-22 00:29 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-22 00:11 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Azureus
2006-08-21 17:08 -------- d-------- C:\Program Files\WinRAR
2006-08-21 17:08 -------- d-------- C:\Program Files\Vidalia
2006-08-21 17:08 -------- d-------- C:\Program Files\Tor
2006-08-21 17:08 -------- d-------- C:\Program Files\MSN Messenger
2006-08-21 17:08 -------- d-------- C:\Program Files\Messenger
2006-08-21 17:08 -------- d-------- C:\Program Files\ICQToolbar
2006-08-21 17:08 -------- d-------- C:\Program Files\ICQLite
2006-08-21 17:08 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-21 17:08 -------- d-------- C:\Program Files\Avant Browser
2006-08-21 11:39 -------- d-------- C:\Program Files\CleanUp!
2006-08-20 21:22 -------- d-------- C:\Program Files\Hide IP Platinum
2006-08-19 13:57 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Ahead
2006-08-19 13:46 -------- d-------- C:\Program Files\Nero
2006-08-19 13:46 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-18 20:51 -------- d-------- C:\Program Files\FlashGet
2006-08-18 20:17 -------- d-------- C:\Program Files\Jap
2006-08-18 17:18 -------- d-------- C:\Program Files\Windows Media Player
2006-08-18 17:14 -------- d-------- C:\Program Files\Sierra On-Line
2006-08-18 15:28 -------- d-------- C:\Program Files\directx
2006-08-18 15:27 4608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-08-18 15:27 2272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-08-18 01:05 597 --a------ C:\Program Files\INSTALL.LOG
2006-08-17 23:47 -------- d-------- C:\Program Files\Common Files\Softwin
2006-08-17 19:28 -------- d-------- C:\Program Files\Zone Labs
2006-08-17 16:22 -------- d-------- C:\Program Files\DivX
2006-08-17 13:32 -------- d-------- C:\Program Files\Your Uninstaller 2006
2006-08-17 13:28 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\URSoft
2006-08-17 13:06 -------- d-------- C:\Program Files\K-Lite
2006-08-17 10:21 -------- d-------- C:\Program Files\Internet Explorer
2006-08-17 10:15 -------- d-------- C:\Program Files\Outlook Express
2006-08-17 10:15 -------- d-------- C:\Program Files\Common Files\System
2006-08-16 14:14 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\.BitTornado
2006-08-16 14:05 107132 --a------ C:\WINDOWS\UninstallFirefox.exe
2006-08-16 13:53 -------- d-------- C:\Program Files\Softwin
2006-08-16 13:21 -------- d-------- C:\Program Files\Common Files
2006-08-16 12:07 -------- d---s---- C:\Documents and Settings\Ei_An_Kei\Application Data\Microsoft
2006-08-16 01:58 -------- d-------- C:\Program Files\ESET
2006-08-16 01:03 -------- d-------- C:\Program Files\iolo
2006-08-16 00:25 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Yahoo!
2006-08-16 00:24 -------- d-------- C:\Program Files\Geek Superhero
2006-08-15 23:43 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\LimeWire
2006-08-15 22:11 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Avant Profiles
2006-08-15 21:56 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Mozilla
2006-08-15 21:36 -------- d-------- C:\Program Files\Symantec
2006-08-15 21:10 -------- d-------- C:\Program Files\Java
2006-08-15 21:05 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Real
2006-08-15 20:52 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\ICQLite
2006-08-15 20:51 -------- d-------- C:\Program Files\Buddy Spy
2006-08-15 20:49 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-15 20:47 62 --ahs---- C:\Documents and Settings\Ei_An_Kei\Application Data\desktop.ini
2006-08-15 20:46 68960 --a------ C:\WINDOWS\system32\drivers\Pcatip.sys
2006-08-15 20:46 35744 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-08-15 20:46 -------- d-------- C:\Program Files\VSO
2006-08-15 20:46 -------- d-------- C:\Program Files\QuickTime
2006-08-15 20:28 -------- d-------- C:\Program Files\Webteh
2006-08-15 20:21 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Macromedia
2006-08-15 20:17 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-15 19:03 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2006-08-15 18:51 -------- d-------- C:\Program Files\srslabs
2006-08-15 18:48 286720 --a------ C:\WINDOWS\iun506.exe
2006-08-15 18:48 -------- d-------- C:\Program Files\Notebook Maximizer
2006-08-15 18:44 -------- d-------- C:\Program Files\ltmoh
2006-08-15 18:42 -------- d-------- C:\Program Files\Toshiba
2006-08-15 18:41 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\toshiba
2006-08-15 18:34 -------- d-------- C:\Program Files\AvRack
2006-08-15 18:32 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-08-15 18:32 -------- d-------- C:\Program Files\Atheros
2006-08-15 18:24 -------- d-------- C:\Documents and Settings\Ei_An_Kei\Application Data\Identities
2006-08-15 18:12 -------- d-------- C:\Program Files\Online Services
2006-08-15 17:58 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-15 17:57 -------- d-------- C:\Program Files\Windows Plus
2006-08-15 01:29 -------- d-------- C:\Program Files\GiPo@Utilities
2006-08-15 01:29 -------- d-------- C:\Program Files\Common Files\GibinSoft Shared
2006-08-15 00:13 -------- d-------- C:\Program Files\Nokia
2006-08-13 20:06 -------- d-------- C:\Program Files\BuddyCheck
2006-08-12 08:25 -------- d-------- C:\Program Files\Orca Browser
2006-08-11 16:42 -------- d-------- C:\Program Files\Skype
2006-08-11 12:20 -------- d-------- C:\Program Files\Privoxy
2006-08-08 16:15 -------- d-------- C:\Program Files\Java Web Start
2006-08-08 02:39 -------- d-------- C:\Program Files\D-Tools
2006-08-08 02:35 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-08-05 12:31 -------- d-------- C:\Program Files\Movie Maker
2006-08-05 10:40 -------- d-------- C:\Program Files\EA GAMES
2006-08-04 14:43 -------- d-------- C:\Program Files\DAEMON Tools
2006-08-03 18:39 -------- d-------- C:\Program Files\GetRight
2006-08-03 16:21 -------- d-------- C:\Program Files\SpeedFan
2006-07-27 16:54 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 05:35 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-07-27 05:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2006-07-27 05:35 20640 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-07-27 05:35 192512 --a------ C:\WINDOWS\system32\dtu100.dll
2006-07-27 05:35 109568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-07-27 05:35 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-07-21 11:54 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 12:22 -------- d-------- C:\Program Files\Common Files\Nokia
2006-07-13 23:34 -------- d-------- C:\Program Files\Common Files\DESkey
2006-07-04 01:10 778240 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-07-04 01:10 778240 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-07-04 01:10 761856 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-07-04 01:10 620180 --a------ C:\WINDOWS\system32\DivX.dll
2006-07-03 16:48 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-07-03 16:48 -------- d-------- C:\Program Files\Common Files\Corel
2006-06-21 14:19 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2006-06-21 14:13 520192 --a------ C:\WINDOWS\system32\DivXsm.exe
2006-06-21 14:12 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2006-06-21 14:12 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2006-06-21 14:04 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2006-06-21 14:04 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2006-06-21 14:04 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2006-06-21 14:04 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2006-06-21 14:04 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2006-06-21 14:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2006-06-21 14:03 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-06-18 17:54 75776 --a------ C:\WINDOWS\zllsputility.exe
2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\\Program Files\\Toshiba\\Toshiba Applet\\thotkey.exe"
"PINGER"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe /run"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"TPSMain"="TPSMain.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"BDSwitchAgent"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdswitch.exe\""
"BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdnagent.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdmcon.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="\"C:\\Program Files\\Vidalia\\vidalia.exe\""
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Ei_An_Kei^Start Menu^Programs^Startup^Nokia Instrument API Tray.lnk]
"path"="C:\\Documents and Settings\\Ei_An_Kei\\Start Menu\\Programs\\Startup\\Nokia Instrument API Tray.lnk"
"backup"="C:\\WINDOWS\\pss\\Nokia Instrument API Tray.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Nokia\\Tss\\INSTRU~1\\bin\\tray.exe "
"item"="Nokia Instrument API Tray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Ei_An_Kei^Start Menu^Programs^Startup^Privoxy.lnk]
"path"="C:\\Documents and Settings\\Ei_An_Kei\\Start Menu\\Programs\\Startup\\Privoxy.lnk"
"backup"="C:\\WINDOWS\\pss\\Privoxy.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Privoxy\\privoxy.exe "
"item"="Privoxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^Ei_An_Kei^Start Menu^Programs^Startup^RAMASST.lnk]
"path"="C:\\Documents and Settings\\Ei_An_Kei\\Start Menu\\Programs\\Startup\\RAMASST.lnk"
"backup"="C:\\WINDOWS\\pss\\RAMASST.lnkStartup"
"location"="Startup"
"command"="C:\\WINDOWS\\system32\\RAMASST.exe "
"item"="RAMASST"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ATIModeChange]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ati2mdxx"
"hkey"="HKLM"
"command"="Ati2mdxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\Geek Superhero]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GeekSuperhero"
"hkey"="HKLM"
"command"="C:\\Program Files\\Geek Superhero\\GeekSuperhero.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="C:\\Program Files\\ICQLite\\ICQLite.exe -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\LtMoh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ltmoh"
"hkey"="HKLM"
"command"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\nod32upd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fc_upd"
"hkey"="HKLM"
"command"="rundll32 \"C:\\Program Files\\Eset\\fc_upd.dll\",NOD32Ioctl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealOne Player\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SMSystemAnalyzer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SMSystemAnalyzer"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SystemGuardAlerter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SystemGuardAlerter"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SystemGuardAlerter.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"



Completion time: 06-08-22 1:44:49.40
ComboFix.txt


Again, Thanks for helping me!

eiankei

By the way! My original post is here, I think you can find more information there:
I need help ASAP!!! Computer freezing...
P.S. One of your friends (I mean moderators) made this new topic for me.

Ried

Hi,

I'm still not seeing any malware. We'll try another scanner and see if it picks up anything.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

eiankei

DR.Web:
PATCH.EXE;C:\Downloads\Globalscape.CuteFTP.Pro.v7.0.3.10.2005.1.Multilingual.WinALL.Cracked-DVT\d-4cfgl1\d-000gl\DVT\DVT;Tool.DVTPatch;Incurable.Moved.;
japsetup.exe;C:\Downloads\Jap-Anti filter;Adware.Fastseeker;Incurable.Moved.;

Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 10:19, on 06-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Vidalia\vidalia.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Tor\tor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\Ei_An_Kei\Desktop\Programs\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PhishingNet BHO - {DE3A0297-5EFF-4FF2-A48D-ABBC67D4D774} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: Bug Swatter Options - {99FEA1A2-7881-11D1-A9E2-00403320FCF2} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Popup Slapdown Options - {A1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: Phishing Net Options - {B1100DDB-B277-4CAA-A640-B299D79FE25E} - C:\Program Files\Geek Superhero\GeekSuperheroX.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1155725692359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155766989906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E369F0FB-5C65-44C5-AF88-38AACA5323EC}: NameServer = 81.91.129.67 81.91.129.66
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks for the help!

Ried

Any improvement after running Dr Web?

If not, I see you still have 2 AV's and 2 Firewalls active on your system which could be causing these issues.

BitDefender Virus Shield
CA ISafe (CAISafe) <--ZoneLabs Anti Virus/Firewall combination program
TrueVector Internet Monitor (vsmon) <--ZoneAlarm Free Firewall

It's up to you, but one of these has to go. If you keep CA ISafe, uninstall BitDefender and ZoneAlarm Free Firewall via the Add/Remove panel.

If you keep BitDefender, keep ZoneAlarm Free Firewall and uninstall CA ISafe via the Add/Remove panel.

eiankei

I uninstalled all of them! but no help... then I installed Kaspersky but the problem still exists...

Ried

Download and Install UnHackMe
Unzip to a folder

Double click "unhackme300b2.exe" to install

Bring up UnHackMe

Click the "Check Me Now" button

When finished, if a Rootkit is found it will show you the results.

Click the "Stop" button and reboot

Post a fresh HijackThis log here

eiankei

It didn't find anything...
By the way, my computer has multiprocessors, I have heard things about problems that are caused by SP2 when you have multiprocessors...