Slower PC HJT Log

steviedee · 11-29-2006, 10:51 PM

Hi, i think i have spyware from a serials site..opened a exe file and now my computers runnin slower, i was dumb. Anyway heres my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:50:30 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\issearch.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\LClock\LClock.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Program Files\Styler\Styler.exe
F:\WINDOWS\system32\wuauclt.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\msiexec.exe
\?\F:\WINDOWS\system32\WBEM\WMIADAP.EXE
F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Steve\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe

thanks.

dorts · 11-30-2006, 07:06 PM

Hello and Welcome to TSF

Rename HijackThis

I need you to rename HijackThis as malware may be hiding some entries. Do the following to rename HijackThis:

Rename HijackThis.exe to fredmh.exe.

Navigate to C:\hjt\HijackThis.exe (or wherever you saved HijackThis)
Right click on HijackThis.exe
Select 'Rename'
Type in fredmh.exe
Press Enter.

Please run a scan with the newly renamed fredmh.exe and save the log.

steviedee · 11-30-2006, 10:04 PM

Thanks for your reply, and i noticed you were online so we can work on it now:

Logfile of HijackThis v1.99.1
Scan saved at 5:01:59 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\issearch.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\LClock\LClock.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Program Files\Styler\Styler.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\WINDOWS\system32\DllHost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Steve\Desktop\fredmh.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll
O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - F:\WINDOWS\system32\ixt0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

dorts · 11-30-2006, 10:06 PM

Hi and welcome back to TSF.

My name is Keneth and I would be helping you clean up your computer.

I am currently reviewing your log and will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

steviedee · 11-30-2006, 10:08 PM

Thanks Champ

steviedee · 11-30-2006, 10:19 PM

hi, before i ran HJT from the desktop, then i realized i should run it from a folder in the c drive, so heres a new log with HJT renamed in a folder called "HJT" in the c drive root

Logfile of HijackThis v1.99.1
Scan saved at 5:17:29 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\issearch.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\LClock\LClock.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\Program Files\Styler\Styler.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Windows Media Player\wmplayer.exe
F:\WINDOWS\system32\DllHost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
F:\Program Files\Azureus\Azureus.exe
F:\HJT\fredmh.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll
O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - F:\WINDOWS\system32\ixt0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

dorts · 11-30-2006, 10:23 PM

Hello and welcome to TSF

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

As long as HijackThis is in a permanent folder, it is fine.

Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable Real-Time Protection:

Go to "Tools" | "General Settings"
Scroll down to "Real-time protection options"
Uncheck "Turn on real-time protection (recommended)"
Remember to reactivate this feature when we have finished all our work.

Downloads and others

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop. DO NOT run it yet.

Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

ComboFix

1. Download this file using either of these links

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop

2. Go to Start => Run => paste in the single line command & click OK

"%userprofile%\desktop\combofix.exe" /v ggw gebcd cluuwfri dmglaqd winuns32

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

Fixes with HijackThis

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll
O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll
O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

SmitfraudFix - Option #2

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk F: (F:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Uncheck and Delete

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:

"Security Info"
"Warning Message"
"Security Desktop"
"Warning Homepage"
"Desktop Uninstall" or something similar

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

You may now reboot back to normal mode

SmitfraudFix - Option #3

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Online Scan

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

ComboFix

1. Run combofix again by just clicking on combofix.exe on your desktop.

2. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Logs

Please post the following logs of this order in your next reply...

F:\combofix2.txt
F:\rapport.txt
AVG Anti-Spyware's Log
Panda’s Online Scan Log
F:\combofix.txt
A New HijackThis Log

steviedee · 12-01-2006, 07:51 AM

hey, i sent all my logs to your email, because it was too long for the forums, did you recieve it?

Ried · 12-01-2006, 10:41 AM

Hello steviedee,

Please post your logs in this thread--use multiple replies if need be.

steviedee · 12-01-2006, 08:02 PM

Combo Fix

Steve - 06-12-02 2:35:03.06 Service Pack 2
ComboFix 06.11.27W - Running from: "F:\Documents and Settings\Steve\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

F:\QooBox\Purity\Program Files\APPATC~1
F:\QooBox\Purity\Program Files\TSKS~1
F:\QooBox\Purity\Program Files\APPATC~1\A?pPatch

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

2006-12-02 02:27 <DIR> d-------- F:\WINDOWS\system32\ActiveScan
2006-12-02 02:27 <DIR> d-------- F:\WINDOWS\LastGood
2006-12-02 00:12 2,426 --a------ F:\WINDOWS\system32\tmp.reg
2006-12-01 21:29 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2006-12-01 21:28 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Adobe
2006-12-01 17:56 3,968 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-01 17:16 <DIR> d-------- F:\HJT
2006-12-01 17:14 <DIR> d-------- F:\Program Files\Lavasoft
2006-12-01 17:14 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Lavasoft
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\WBEM
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\system32\en-US
2006-12-01 15:34 <DIR> d--h-c--- F:\WINDOWS\ie7
2006-12-01 15:33 121,856 --------- F:\WINDOWS\system32\xmllite.dll
2006-12-01 15:33 <DIR> d-------- F:\WINDOWS\network diagnostic
2006-11-30 23:43 <DIR> d-------- F:\Program Files\Alcohol Soft
2006-11-30 21:44 88,340 --a------ F:\WINDOWS\system32\vbywdlfw.exe
2006-11-30 20:19 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Nero
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Common Files\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Nero
2006-11-30 17:41 <DIR> d-------- F:\Program Files\MSXML 4.0
2006-11-30 17:41 <DIR> d-------- F:\02709546a83f2d51e43489
2006-11-29 23:42 <DIR> d-------- F:\Program Files\Grisoft
2006-11-29 21:45 88,340 --a------ F:\WINDOWS\system32\wqqxxqvq.exe
2006-11-29 21:45 <DIR> d-------- F:\Program Files\VSAdd-in
2006-11-29 21:45 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\dvdcss
2006-11-29 21:44 126,996 --a------ F:\WINDOWS\system32\gqomqnwa.dll
2006-11-29 21:44 <DIR> d-------- F:\Program Files\VideoLAN
2006-11-29 21:44 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\vlc
2006-11-29 21:42 93,696 --a------ F:\WINDOWS\system32\utbcgyb.dll
2006-11-29 21:41 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\DivX
2006-11-29 21:37 40,973 ---hs---- F:\WINDOWS\system32\ljjkiii.dll
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Microsoft Office
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Common Files\Designer
2006-11-29 16:39 <DIR> d-------- F:\Program Files\AnswerWorks 4.0
2006-11-29 16:37 <DIR> d-------- F:\Program Files\AutoCAD 2007
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Autodesk
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Autodesk
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Common Files\Autodesk Shared
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Autodesk
2006-11-29 16:31 720,896 --a------ F:\WINDOWS\system32\RhinoShExt.dll
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Rhinoceros 3.0
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Common Files\McNeel Shared
2006-11-29 16:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\McNeel
2006-11-29 16:16 266,360 --a------ F:\WINDOWS\system32\TweakUI.exe
2006-11-29 13:45 57,472 --a------ F:\WINDOWS\system32\drivers\redbook.sys
2006-11-29 13:45 3,072 --a------ F:\WINDOWS\system32\drivers\audstub.sys
2006-11-29 13:45 21,504 --a------ F:\WINDOWS\system32\hidserv.dll
2006-11-29 13:44 74,240 --a------ F:\WINDOWS\system32\usbui.dll
2006-11-29 13:44 32,768 --a------ F:\WINDOWS\system32\drivers\sisnic.sys
2006-11-29 13:43 9,936 --a------ F:\WINDOWS\system\LZEXPAND.DLL
2006-11-29 13:43 9,008 --a------ F:\WINDOWS\system\VER.DLL
2006-11-29 13:43 85,020 --a------ F:\WINDOWS\system32\dgsetup.dll
2006-11-29 13:43 82,944 --a------ F:\WINDOWS\system\OLECLI.DLL
2006-11-29 13:43 8,704 --a------ F:\WINDOWS\system32\batt.dll
2006-11-29 13:43 8,192 -ra------ F:\WINDOWS\system32\kbdhept.dll
2006-11-29 13:43 74,752 --a------ F:\WINDOWS\system32\storprop.dll
2006-11-29 13:43 7,168 -ra------ F:\WINDOWS\system32\kbdcz.dll
2006-11-29 13:43 69,584 --a------ F:\WINDOWS\system\AVICAP.DLL
2006-11-29 13:43 69,120 --a------ F:\WINDOWS\notepad.exe
2006-11-29 13:43 68,768 --a------ F:\WINDOWS\system\mmsystem.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdycl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdpl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhu.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhela3.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz2.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcr.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\KBDAL.DLL
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuq.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuf.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv1.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdhela2.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdgkl.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdest.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdycc.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbduzb.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdur.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdtat.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdro.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdpl1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdmon.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkyr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkaz.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhu1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe319.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe220.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdbu.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdblr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdazel.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdaze.dll
2006-11-29 13:43 5,120 --a------ F:\WINDOWS\system\SHELL.DLL
2006-11-29 13:43 32,816 --a------ F:\WINDOWS\system\COMMDLG.DLL
2006-11-29 13:43 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
2006-11-29 13:43 24,064 --a------ F:\WINDOWS\system\OLESVR.DLL
2006-11-29 13:43 19,200 --a------ F:\WINDOWS\system\TAPI.DLL
2006-11-29 13:43 176,157 --a------ F:\WINDOWS\system32\dgrpsetu.dll
2006-11-29 13:43 15,360 --a------ F:\WINDOWS\TASKMAN.EXE
2006-11-29 13:43 13,312 --a------ F:\WINDOWS\system32\irclass.dll
2006-11-29 13:43 126,912 --a------ F:\WINDOWS\system\MSVIDEO.DLL
2006-11-29 13:43 11,264 --a------ F:\WINDOWS\system32\drivers\irenum.sys
2006-11-29 13:43 109,456 --a------ F:\WINDOWS\system\AVIFILE.DLL
2006-11-29 13:43 103,424 --a------ F:\WINDOWS\system32\EqnClass.Dll
2006-11-29 13:43 <DIR> dr------- F:\Program Files\Common Files\..
2006-11-29 13:43 <DIR> dr------- F:\Program Files\.
2006-11-29 13:43 <DIR> dr------- F:\Program Files
2006-11-29 13:43 <DIR> d-ahs---- F:\Program Files\..
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\SpeechEngines
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\ODBC
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\Microsoft Shared
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\.
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data\.
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Start Menu
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Documents
2006-11-29 13:42 <DIR> d--h----- F:\Documents and Settings\All Users\Templates
2006-11-29 13:42 <DIR> d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot2
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Favorites
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Desktop
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\.
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings
2006-11-29 13:38 <DIR> dr-hsc--- F:\WINDOWS\system32\dllcache
2006-11-29 13:38 <DIR> dr--s---- F:\WINDOWS\Fonts
2006-11-29 13:38 <DIR> dr------- F:\WINDOWS\Web
2006-11-29 13:38 <DIR> d-ahs---- F:\WINDOWS\..
2006-11-29 13:38 <DIR> d--h----- F:\WINDOWS\inf
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\WinSxS
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\twain_32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Temp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wbem
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\usmt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\spool
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ShellExt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\Setup
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ras
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\oobe
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\npp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\inetsrv
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\IME
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\icsxml
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ias
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\export
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\etc
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\disdn
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\dhcp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3com_dmi
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3076
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\2052
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1054
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1042
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1041
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1037
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1033
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1031
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1028
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1025
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\security
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Resources
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\repair
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msapps
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msagent
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Media
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\java
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\ime
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Help
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Driver Cache
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Debug
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Cursors
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Connection Wizard
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\AppPatch
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\addins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iTunes
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iPod
2006-11-29 12:17 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Apple Computer
2006-11-29 12:16 <DIR> d-------- F:\Program Files\QuickTime
2006-11-29 12:15 <DIR> d-------- F:\Program Files\Apple Software Update
2006-11-29 12:15 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-29 12:12 <DIR> d-------- F:\Program Files\TrackMania Nations ESWC
2006-11-29 12:06 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2006-11-29 12:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-29 11:55 413,518 --a------ F:\WINDOWS\system32\vimc.exe
2006-11-29 11:52 <DIR> d-------- F:\WINDOWS\system32\VITrans
2006-11-29 11:48 <DIR> d-------- F:\Program Files\Common Files\Adobe Systems Shared
2006-11-29 11:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Macrovision
2006-11-29 09:47 <DIR> d-------- F:\Program Files\Styler
2006-11-29 09:41 20,480 --a------ F:\WINDOWS\system32\wbload.dll
2006-11-29 09:27 2,560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2006-11-29 09:15 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Styler
2006-11-29 08:59 <DIR> d-------- F:\WINDOWS\system32\VIRepair
2006-11-29 08:12 36,864 --------- F:\WINDOWS\system32\wbsys.dll
2006-11-29 08:12 <DIR> d-------- F:\Program Files\Stardock
2006-11-29 08:02 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Azureus
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Java
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Common Files\Java
2006-11-29 05:57 <DIR> d-------- F:\Program Files\DAEMON Tools
2006-11-29 05:55 82,944 --a------ F:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-29 05:55 639,224 --a------ F:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 05:55 6,400 --a------ F:\WINDOWS\system32\drivers\splitter.sys
2006-11-29 05:55 54,272 --a------ F:\WINDOWS\system32\drivers\swmidi.sys
2006-11-29 05:55 52,864 --a------ F:\WINDOWS\system32\drivers\DMusic.sys
2006-11-29 05:55 2,944 --a------ F:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-29 05:55 172,416 --a------ F:\WINDOWS\system32\drivers\kmixer.sys
2006-11-29 05:55 142,464 --a------ F:\WINDOWS\system32\drivers\aec.sys
2006-11-29 05:54 9,319,936 --a------ F:\WINDOWS\system32\RTLCPL.EXE
2006-11-29 05:54 77,824 --a------ F:\WINDOWS\SOUNDMAN.EXE
2006-11-29 05:54 7,552 --a------ F:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-29 05:54 60,800 --a------ F:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-29 05:54 60,288 --a------ F:\WINDOWS\system32\drivers\drmk.sys
2006-11-29 05:54 5,376 --a------ F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-29 05:54 40,960 --------- F:\WINDOWS\system32\ChCfg.exe
2006-11-29 05:54 4,992 --a------ F:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-29 05:54 4,096 --a------ F:\WINDOWS\system32\ksuser.dll
2006-11-29 05:54 208,896 --------- F:\WINDOWS\alcupd.exe
2006-11-29 05:54 2,297,664 --a------ F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-11-29 05:54 156,672 --a------ F:\WINDOWS\system32\RTLCPAPI.dll
2006-11-29 05:54 145,792 --a------ F:\WINDOWS\system32\drivers\portcls.sys
2006-11-29 05:54 139,264 --------- F:\WINDOWS\alcrmv.exe
2006-11-29 05:54 <DIR> d-------- F:\Program Files\Realtek Sound Manager
2006-11-29 05:54 <DIR> d-------- F:\Program Files\AvRack
2006-11-29 05:49 <DIR> d-------- F:\WINDOWS\Downloaded Installations
2006-11-29 05:49 <DIR> d-------- F:\Start Menu
2006-11-29 05:49 <DIR> d-------- F:\Program Files\MTV Networks
2006-11-29 05:46 <DIR> d-------- F:\Program Files\Windows Media Connect 2
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF
2006-11-29 05:45 <DIR> d-------- F:\534d006de7e3ce0ea069b4ff
2006-11-29 05:37 <DIR> d-------- F:\Program Files\Azureus
2006-11-29 05:36 20,640 --------- F:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 05:36 109,568 --------- F:\WINDOWS\system32\pxinsi64.exe
2006-11-29 05:36 108,544 --------- F:\WINDOWS\system32\pxcpyi64.exe
2006-11-29 05:36 <DIR> d-------- F:\Program Files\DivX
2006-11-29 05:23 <DIR> d--hs---- F:\RECYCLER
2006-11-29 05:22 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Mozilla
2006-11-29 05:19 720,412 --a------ F:\WINDOWS\system32\MGB_ScreenSaver.scr
2006-11-29 05:19 5,214,208 --a------ F:\WINDOWS\system32\vistaui.exe
2006-11-29 05:19 382,976 --a------ F:\WINDOWS\system32\Vista.scr
2006-11-29 05:19 <DIR> d-------- F:\Program Files\LClock
2006-11-29 05:15 81,920 --a------ F:\WINDOWS\system32\closeapp.exe
2006-11-29 05:15 8,636 --a------ F:\WINDOWS\system32\modifype.exe
2006-11-29 05:15 69,632 --a------ F:\WINDOWS\system32\moveex.exe
2006-11-29 05:15 19,968 --a------ F:\WINDOWS\system32\reico.exe
2006-11-29 05:15 111,104 --a------ F:\WINDOWS\system32\Uharc.exe
2006-11-29 05:15 <DIR> d-------- F:\VTPFiles
2006-11-29 05:07 <DIR> d-------- F:\Program Files\Windows Defender
2006-11-29 05:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-29 05:04 <DIR> d-------- F:\Documents and Settings\Steve\Contacts
2006-11-29 05:03 23,524 --a------ F:\WINDOWS\system32\drivers\GVTDrv.sys
2006-11-29 05:01 <DIR> d--h----- F:\WINDOWS\$hf_mig$
2006-11-29 05:01 <DIR> d-------- F:\WINDOWS\system32\PreInstall
2006-11-29 05:00 <DIR> d----c--- F:\WINDOWS\system32\DRVSTORE
2006-11-29 05:00 <DIR> d-------- F:\WINDOWS\pss
2006-11-29 05:00 <DIR> d-------- F:\Program Files\MSN Messenger
2006-11-29 05:00 <DIR> d-------- F:\Program Files\Mozilla Firefox
2006-11-29 04:59 18,200 --a------ F:\WINDOWS\system32\wups2.dll
2006-11-29 04:59 <DIR> d-------- F:\WINDOWS\system32\SoftwareDistribution
2006-11-29 04:58 <DIR> d---s---- F:\Documents and Settings\Steve\UserData
2006-11-29 04:58 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Macromedia
2006-11-29 04:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Logitech
2006-11-29 04:55 36,992 -ra------ F:\WINDOWS\system32\drivers\SISAGPX.SYS
2006-11-29 04:55 32,768 --a------ F:\WINDOWS\SIS_LIB.DLL
2006-11-29 04:55 3,583 --a------ F:\WINDOWS\SiSport.sys
2006-11-29 04:55 106,496 --a------ F:\WINDOWS\SiSUSBrg.exe
2006-11-29 04:54 <DIR> d-------- F:\Documents and Settings\Steve\WINDOWS
2006-11-29 04:53 7,296 -r------- F:\WINDOWS\system32\drivers\EIO.sys
2006-11-29 04:52 327,168 --a------ F:\WINDOWS\IsUninst.exe
2006-11-29 04:52 <DIR> d-------- F:\Program Files\GigaByte
2006-11-29 04:50 <DIR> dr--s---- F:\WINDOWS\assembly
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\system32\URTTemp
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\Microsoft.NET
2006-11-29 04:49 69,632 --a------ F:\WINDOWS\system32\KemXML.dll
2006-11-29 04:49 516,096 --------- F:\WINDOWS\system32\ati2sgag.exe
2006-11-29 04:49 3,712 --a------ F:\WINDOWS\system32\drivers\LBeepKE.sys
2006-11-29 04:49 294,912 -ra------ F:\WINDOWS\system32\atiiiexx.dll
2006-11-29 04:49 155,648 --a------ F:\WINDOWS\system32\kemutb.dll
2006-11-29 04:49 131,072 -ra------ F:\WINDOWS\system32\ATIDEMGR.dll
2006-11-29 04:49 131,072 --a------ F:\WINDOWS\system32\KemUtil.dll
2006-11-29 04:49 110,592 --a------ F:\WINDOWS\system32\KemWnd.dll
2006-11-29 04:48 94,208 --a------ F:\WINDOWS\KHALMNPR.Exe
2006-11-29 04:48 71,936 --a------ F:\WINDOWS\system32\drivers\LMouKE.Sys
2006-11-29 04:48 55,936 --a------ F:\WINDOWS\system32\drivers\L8042mou.Sys
2006-11-29 04:48 13,568 --a------ F:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Common Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\ATI Technologies
2006-11-29 04:47 23,040 -ra------ F:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\SoftwareDistribution
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\Prefetch
2006-11-29 04:39 95,424 --------- F:\WINDOWS\system32\drivers\slnthal.sys
2006-11-29 04:39 9,216 --------- F:\WINDOWS\system32\proxycfg.exe
2006-11-29 04:39 88,064 --------- F:\WINDOWS\system32\p2pnetsh.dll
2006-11-29 04:39 870,784 --------- F:\WINDOWS\system32\ati3d1ag.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\p2pgasvc.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\mdmxsdk.dll
2006-11-29 04:39 81,408 --------- F:\WINDOWS\system32\wscsvc.dll
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\smbinst.exe
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\bitsprx2.dll
2006-11-29 04:39 78,464 --------- F:\WINDOWS\system32\drivers\usbvideo.sys
2006-11-29 04:39 78,336 --a------ F:\WINDOWS\system32\ieencode.dll
2006-11-29 04:39 75,776 --------- F:\WINDOWS\system32\strmfilt.dll
2006-11-29 04:39 746,496 --a------ F:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-29 04:39 73,832 --------- F:\WINDOWS\system32\slcoinst.dll
2006-11-29 04:39 73,796 --------- F:\WINDOWS\system32\slserv.exe
2006-11-29 04:39 73,216 --------- F:\WINDOWS\system32\drivers\atintuxx.sys
2006-11-29 04:39 71,680 --------- F:\WINDOWS\system32\blastcln.exe
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsno.dll
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsfi.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdukx.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdno1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdfi1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\hccoin.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\bitsprx3.dll
2006-11-29 04:39 685,056 --------- F:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-11-29 04:39 67,584 --------- F:\WINDOWS\system32\drivers\sdbus.sys
2006-11-29 04:39 63,663 --------- F:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-11-29 04:39 63,488 --------- F:\WINDOWS\system32\drivers\atinxsxx.sys
2006-11-29 04:39 603,648 --------- F:\WINDOWS\system32\WMSPDMOD.dll
2006-11-29 04:39 60,416 --------- F:\WINDOWS\system32\fwcfg.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinmal.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinben.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt48.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt47.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdinbe1.dll
2006-11-29 04:39 6,016 --------- F:\WINDOWS\system32\drivers\smbali.sys
2006-11-29 04:39 59,648 --------- F:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-29 04:39 59,392 --------- F:\WINDOWS\system32\logman.exe
2006-11-29 04:39 57,856 --------- F:\WINDOWS\system32\drivers\atinbtxx.sys
2006-11-29 04:39 56,623 --------- F:\WINDOWS\system32\drivers\ati1btxx.sys
2006-11-29 04:39 537,088 --------- F:\WINDOWS\system32\msftedit.dll
2006-11-29 04:39 526,848 --------- F:\WINDOWS\system32\p2psvc.dll
2006-11-29 04:39 52,224 --------- F:\WINDOWS\system32\drivers\atinraxx.sys
2006-11-29 04:39 518,240 --a------ F:\WINDOWS\system32\ativvaxx.dll
2006-11-29 04:39 50,688 --------- F:\WINDOWS\system32\btpanui.dll
2006-11-29 04:39 50,176 --------- F:\WINDOWS\system32\xmlprovi.dll
2006-11-29 04:39 5,632 --------- F:\WINDOWS\system32\kbdmaori.dll
2006-11-29 04:39 49,152 --------- F:\WINDOWS\system32\powercfg.exe
2006-11-29 04:39 48,640 --------- F:\WINDOWS\system32\pnrpnsp.dll
2006-11-29 04:39 465,176 --a------ F:\WINDOWS\system32\wuapi.dll
2006-11-29 04:39 46,464 --------- F:\WINDOWS\system32\drivers\gagp30kx.sys
2006-11-29 04:39 452,736 --------- F:\WINDOWS\system32\drivers\mtxparhm.sys
2006-11-29 04:39 44,928 --------- F:\WINDOWS\system32\drivers\agpcpq.sys
2006-11-29 04:39 44,672 --------- F:\WINDOWS\system32\drivers\uagp35.sys
2006-11-29 04:39 44,032 --------- F:\WINDOWS\system32\twext.dll
2006-11-29 04:39 438,784 --------- F:\WINDOWS\system32\xpob2res.dll
2006-11-29 04:39 43,008 --------- F:\WINDOWS\system32\drivers\amdagp.sys
2006-11-29 04:39 42,752 --------- F:\WINDOWS\system32\drivers\alim1541.sys
2006-11-29 04:39 42,368 --------- F:\WINDOWS\system32\drivers\agp440.sys
2006-11-29 04:39 42,240 --------- F:\WINDOWS\system32\drivers\viaagp.sys
2006-11-29 04:39 41,240 --a------ F:\WINDOWS\system32\wups.dll
2006-11-29 04:39 41,088 --------- F:\WINDOWS\system32\drivers\sisagp.sys
2006-11-29 04:39 404,990 --------- F:\WINDOWS\system32\drivers\slntamr.sys
2006-11-29 04:39 4,274,816 --------- F:\WINDOWS\system32\nv4_disp.dll
2006-11-29 04:39 4,255 --------- F:\WINDOWS\system32\drivers\adv01nt5.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmvdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmsdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP4SDMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP43DMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\dsprpres.dll
2006-11-29 04:39 397,056 --------- F:\WINDOWS\system32\s3gnb.dll
2006-11-29 04:39 38,016 --------- F:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-29 04:39 377,984 --------- F:\WINDOWS\system32\ati2dvaa.dll
2006-11-29 04:39 37,376 --------- F:\WINDOWS\system32\drivers\amdk7.sys
2006-11-29 04:39 36,463 --------- F:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-11-29 04:39 36,096 --------- F:\WINDOWS\system32\drivers\intelppm.sys
2006-11-29 04:39 351,232 --------- F:\WINDOWS\system32\winhttp.dll
2006-11-29 04:39 35,456 --------- F:\WINDOWS\system32\drivers\bthprint.sys
2006-11-29 04:39 34,735 --------- F:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-11-29 04:39 327,040 --------- F:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-11-29 04:39 32,866 --------- F:\WINDOWS\system32\slrundll.exe
2006-11-29 04:39 32,866 --------- F:\WINDOWS\slrundll.exe
2006-11-29 04:39 32,768 --------- F:\WINDOWS\system32\ativtmxx.dll
2006-11-29 04:39 32,285 --------- F:\WINDOWS\system32\hsfcisp2.dll
2006-11-29 04:39 314,880 --------- F:\WINDOWS\system32\wmpdxm.dll
2006-11-29 04:39 312,320 --------- F:\WINDOWS\system32\p2pgraph.dll
2006-11-29 04:39 31,744 --------- F:\WINDOWS\system32\drivers\atinxbxx.sys
2006-11-29 04:39 30,671 --------- F:\WINDOWS\system32\drivers\ati1raxx.sys
2006-11-29 04:39 30,208 --------- F:\WINDOWS\system32\bthserv.dll
2006-11-29 04:39 30,080 --------- F:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-29 04:39 3,967 --------- F:\WINDOWS\system32\drivers\adv02nt5.dll
2006-11-29 04:39 3,901 --------- F:\WINDOWS\system32\drivers\siint5.dll
2006-11-29 04:39 3,775 --------- F:\WINDOWS\system32\drivers\adv11nt5.dll
2006-11-29 04:39 3,711 --------- F:\WINDOWS\system32\drivers\adv09nt5.dll
2006-11-29 04:39 3,647 --------- F:\WINDOWS\system32\drivers\adv07nt5.dll
2006-11-29 04:39 3,615 --------- F:\WINDOWS\system32\drivers\adv05nt5.dll
2006-11-29 04:39 3,135 --------- F:\WINDOWS\system32\drivers\adv08nt5.dll
2006-11-29 04:39 29,455 --------- F:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-11-29 04:39 29,184 --------- F:\WINDOWS\system32\sdhcinst.dll
2006-11-29 04:39 29,056 --------- F:\WINDOWS\system32\drivers\ip6fw.sys
2006-11-29 04:39 286,792 --------- F:\WINDOWS\system32\slextspk.dll
2006-11-29 04:39 28,672 --------- F:\WINDOWS\system32\drivers\atinsnxx.sys
2006-11-29 04:39 274,304 --------- F:\WINDOWS\system32\drivers\bthport.sys
2006-11-29 04:39 270,848 --------- F:\WINDOWS\system32\sbe.dll
2006-11-29 04:39 27,136 --------- F:\WINDOWS\system32\mspmsnsv.dll
2006-11-29 04:39 262,784 --------- F:\WINDOWS\system32\drivers\http.sys
2006-11-29 04:39 26,624 --------- F:\WINDOWS\system32\drivers\usbehci.sys
2006-11-29 04:39 26,367 --------- F:\WINDOWS\system32\drivers\ati1snxx.sys
2006-11-29 04:39 25,600 --------- F:\WINDOWS\system32\drivers\hidbth.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\watv10nt.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\atv04nt5.dll
2006-11-29 04:39 242,688 --------- F:\WINDOWS\system32\wmpasf.dll
2006-11-29 04:39 24,576 --------- F:\WINDOWS\system32\httpapi.dll
2006-11-29 04:39 23,040 --a------ F:\WINDOWS\system32\fltmc.exe
2006-11-29 04:39 229,376 --a------ F:\WINDOWS\system32\ati2cqag.dll
2006-11-29 04:39 227,328 --------- F:\WINDOWS\system32\wmerror.dll
2006-11-29 04:39 220,032 --------- F:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-11-29 04:39 22,271 --------- F:\WINDOWS\system32\drivers\watv06nt.sys
2006-11-29 04:39 21,343 --------- F:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-11-29 04:39 21,183 --------- F:\WINDOWS\system32\drivers\atv01nt5.dll
2006-11-29 04:39 207,360 --a------ F:\WINDOWS\system32\ati2dvag.dll
2006-11-29 04:39 20,992 --------- F:\WINDOWS\system32\bthci.dll
2006-11-29 04:39 20,480 --------- F:\WINDOWS\system32\encapi.dll
2006-11-29 04:39 2,155,680 --a------ F:\WINDOWS\system32\ati3duag.dll
2006-11-29 04:39 2,113,536 --------- F:\WINDOWS\system32\dxdiagn.dll
2006-11-29 04:39 194,328 --a------ F:\WINDOWS\system32\wuaueng1.dll
2006-11-29 04:39 193,024 --------- F:\WINDOWS\system32\fsquirt.exe
2006-11-29 04:39 188,508 --------- F:\WINDOWS\system32\slgen.dll
2006-11-29 04:39 187,392 --------- F:\WINDOWS\system32\xpsp1res.dll
2006-11-29 04:39 186,368 --------- F:\WINDOWS\system32\encdec.dll
2006-11-29 04:39 180,360 --------- F:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-29 04:39 18,944 --------- F:\WINDOWS\system32\drivers\bthusb.sys
2006-11-29 04:39 173,536 --a------ F:\WINDOWS\system32\wuweb.dll
2006-11-29 04:39 172,312 --a------ F:\WINDOWS\system32\wuauclt1.exe
2006-11-29 04:39 17,408 --------- F:\WINDOWS\system32\winshfhc.dll
2006-11-29 04:39 17,279 --------- F:\WINDOWS\system32\drivers\atv10nt5.dll
2006-11-29 04:39 17,024 --------- F:\WINDOWS\system32\drivers\bthenum.sys
2006-11-29 04:39 166,912 --------- F:\WINDOWS\system32\drivers\s3gnbm.sys
2006-11-29 04:39 16,896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-11-29 04:39 159,232 --------- F:\WINDOWS\system32\sbeio.dll
2006-11-29 04:39 157,184 --------- F:\WINDOWS\system32\wmidx.dll
2006-11-29 04:39 15,872 --------- F:\WINDOWS\system32\w3ssl.dll
2006-11-29 04:39 15,488 --------- F:\WINDOWS\system32\drivers\mssmbios.sys
2006-11-29 04:39 15,423 --------- F:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-11-29 04:39 15,104 --------- F:\WINDOWS\system32\drivers\hidir.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\drivers\atinpdxx.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\auditusr.exe
2006-11-29 04:39 14,143 --------- F:\WINDOWS\system32\drivers\atv06nt5.dll
2006-11-29 04:39 134,656 --------- F:\WINDOWS\system32\mssap.dll
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\wscntfy.exe
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinttxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinmdxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\cmsetacl.dll
2006-11-29 04:39 13,776 --------- F:\WINDOWS\system32\drivers\recagent.sys
2006-11-29 04:39 13,568 --------- F:\WINDOWS\system32\drivers\wacompen.sys
2006-11-29 04:39 13,240 --------- F:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-29 04:39 129,536 --------- F:\WINDOWS\system32\xmlprov.dll
2006-11-29 04:39 129,535 --------- F:\WINDOWS\system32\drivers\slnt7554.sys
2006-11-29 04:39 128,896 --------- F:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-29 04:39 127,256 --a------ F:\WINDOWS\system32\wucltui.dll
2006-11-29 04:39 126,686 --------- F:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\mutohpen.sys
2006-11-29 04:39 12,416 --------- F:\WINDOWS\system32\drivers\tunmp.sys
2006-11-29 04:39 12,047 --------- F:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-11-29 04:39 118,784 --------- F:\WINDOWS\system32\msdadiag.dll
2006-11-29 04:39 116,224 --------- F:\WINDOWS\system32\p2p.dll
2006-11-29 04:39 11,935 --------- F:\WINDOWS\system32\drivers\wadv11nt.sys
2006-11-29 04:39 11,871 --------- F:\WINDOWS\system32\drivers\wadv09nt.sys
2006-11-29 04:39 11,868 --------- F:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-29 04:39 11,807 --------- F:\WINDOWS\system32\drivers\wadv07nt.sys
2006-11-29 04:39 11,615 --------- F:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-11-29 04:39 11,359 --------- F:\WINDOWS\system32\drivers\atv02nt5.dll
2006-11-29 04:39 11,325 --------- F:\WINDOWS\system32\drivers\vchnt5.dll
2006-11-29 04:39 11,295 --------- F:\WINDOWS\system32\drivers\wadv08nt.sys
2006-11-29 04:39 11,136 --------- F:\WINDOWS\system32\drivers\sffdisk.sys
2006-11-29 04:39 108,032 --------- F:\WINDOWS\system32\wshbth.dll
2006-11-29 04:39 104,960 --------- F:\WINDOWS\system32\drivers\atinrvxx.sys
2006-11-29 04:39 100,992 --------- F:\WINDOWS\system32\drivers\bthpan.sys
2006-11-29 04:39 10,240 --------- F:\WINDOWS\system32\drivers\sffp_sd.sys
2006-11-29 04:39 1,897,408 --------- F:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-29 04:39 1,737,856 --------- F:\WINDOWS\system32\mtxparhd.dll
2006-11-29 04:39 1,689,088 --------- F:\WINDOWS\system32\d3d9.dll
2006-11-29 04:39 1,329,152 --------- F:\WINDOWS\system32\WMSPDMOE.dll
2006-11-29 04:39 1,309,184 --------- F:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-29 04:39 1,088,000 --a------ F:\WINDOWS\system32\winbrand.dll
2006-11-29 04:39 1,041,536 --------- F:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\provisioning
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\peernet
2006-11-29 04:37 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2006-11-29 04:35 3,385,856 --a------ F:\WINDOWS\system32\xpsp2res.dll
2006-11-29 04:35 <DIR> d-------- F:\WINDOWS\system32\ReinstallBackups
2006-11-29 04:34 23,856 --a------ F:\WINDOWS\system32\spupdsvc.exe
2006-11-29 04:33 <DIR> d-------- F:\WINDOWS\EHome
2006-11-29 04:30 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
2006-11-29 04:29 <DIR> d--h----- F:\Program Files\InstallShield Installation Information
2006-11-29 04:28 <DIR> d-------- F:\Program Files\SMC
2006-11-29 04:28 <DIR> d-------- F:\Program Files\Common Files\InstallShield
2006-11-29 04:26 <DIR> d-------- F:\Program Files\WinRAR
2006-11-29 04:22 26,496 --a------ F:\WINDOWS\system32\drivers\usbstor.sys
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\SendTo
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Recent
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data\.
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Start Menu
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\My Documents
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Favorites
2006-11-29 02:56 <DIR> d--hs---- F:\WINDOWS\Installer
2006-11-29 02:56 <DIR> d--hs---- F:\Documents and Settings\Steve\Cookies
2006-11-29 02:56 <DIR> d--h----- F:\Program Files\Uninstall Information
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Templates
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\PrintHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\NetHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Local Settings
2006-11-29 02:56 <DIR> d---s---- F:\Documents and Settings\Steve\Application Data\Microsoft
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Desktop
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Identities
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\.
2006-11-29 02:55 <DIR> d--hs---- F:\System Volume Information
2006-11-29 02:52 112,128 --a------ F:\WINDOWS\system32\mapi32.dll
2006-11-29 02:52 <DIR> d-------- F:\WINDOWS\system32\xircom
2006-11-29 02:52 <DIR> d-------- F:\Program Files\xerox
2006-11-29 02:52 <DIR> d-------- F:\Program Files\microsoft frontpage
2006-11-29 02:51 <DIR> dr------- F:\WINDOWS\Offline Web Pages
2006-11-29 02:51 <DIR> d--hs---- F:\Documents and Settings\All Users\DRM
2006-11-29 02:51 <DIR> d---s---- F:\WINDOWS\Downloaded Program Files
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\Macromed
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\DirectX
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\srchasst
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\isign32.dll
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\ils.dll
2006-11-29 02:50 73,728 --a------ F:\WINDOWS\system32\icwdial.dll
2006-11-29 02:50 73,472 --a------ F:\WINDOWS\system32\drivers\sr.sys
2006-11-29 02:50 69,632 --a------ F:\WINDOWS\system32\msconf.dll
2006-11-29 02:50 679,424 --a------ F:\WINDOWS\system32\inetcomm.dll
2006-11-29 02:50 67,584 --a------ F:\WINDOWS\system32\srclient.dll
2006-11-29 02:50 65,536 --a------ F:\WINDOWS\system32\icwphbk.dll
2006-11-29 02:50 64,512 --a------ F:\WINDOWS\system32\acctres.dll
2006-11-29 02:50 48,128 --a------ F:\WINDOWS\system32\inetres.dll
2006-11-29 02:50 45,568 --a------ F:\WINDOWS\system32\safrslv.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\safrcdlg.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\racpldlg.dll
2006-11-29 02:50 382,464 --a------ F:\WINDOWS\system32\qmgr.dll
2006-11-29 02:50 34,560 --a------ F:\WINDOWS\system32\mnmdd.dll
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\mnmsrvc.exe
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\isrdbg32.dll
2006-11-29 02:50 29,696 --a------ F:\WINDOWS\system32\safrdm.dll
2006-11-29 02:50 28,672 --a------ F:\WINDOWS\system32\nmmkcert.dll
2006-11-29 02:50 274,944 --a------ F:\WINDOWS\system32\mstask.dll
2006-11-29 02:50 274,432 --a------ F:\WINDOWS\system32\inetcfg.dll
2006-11-29 02:50 252,928 --a------ F:\WINDOWS\system32\msoeacct.dll
2006-11-29 02:50 239,104 --a------ F:\WINDOWS\system32\srrstr.dll
2006-11-29 02:50 190,976 --a------ F:\WINDOWS\system32\schedsvc.dll
2006-11-29 02:50 18,944 --a------ F:\WINDOWS\system32\qmgrprxy.dll
2006-11-29 02:50 170,496 --a------ F:\WINDOWS\system32\srsvc.dll
2006-11-29 02:50 16,384 --a------ F:\WINDOWS\system32\icfgnt5.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\nmevtmsg.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\mstinit.exe
2006-11-29 02:50 11,264 --a------ F:\WINDOWS\system32\atrace.dll
2006-11-29 02:50 105,984 --a------ F:\WINDOWS\system32\msoert2.dll
2006-11-29 02:50 <DIR> d---s---- F:\WINDOWS\Tasks
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\system32\Restore
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\PCHEALTH
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Windows Media Player
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Outlook Express
2006-11-29 02:50 <DIR> d-------- F:\Program Files\NetMeeting
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Movie Maker
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Common Files\Services
2006-11-29 02:49 <DIR> d--h----- F:\Program Files\WindowsUpdate
2006-11-29 02:49 <DIR> d-------- F:\WINDOWS\Registration
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Online Services
2006-11-29 02:49 <DIR> d-------- F:\Program Files\MSN
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Messenger
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Internet Explorer
2006-11-29 02:49 <DIR> d-------- F:\Program Files\ComPlus Applications
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\System
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\MSSoap
2006-11-29 02:48 97,792 --a------ F:\WINDOWS\system32\comrepl.dll
2006-11-29 02:48 956,416 --a------ F:\WINDOWS\system32\msdtctm.dll
2006-11-29 02:48 93,696 --a------ F:\WINDOWS\system32\tscfgwmi.dll
2006-11-29 02:48 91,136 --a------ F:\WINDOWS\system32\mtxoci.dll
2006-11-29 02:48 9,728 --a------ F:\WINDOWS\system32\reset.exe
2006-11-29 02:48 87,176 --a------ F:\WINDOWS\system32\rdpwsx.dll
2006-11-29 02:48 85,504 --a------ F:\WINDOWS\system32\catsrvps.dll
2006-11-29 02:48 83,456 --a------ F:\WINDOWS\system32\charmap.exe
2006-11-29 02:48 73,216 --a------ F:\WINDOWS\system32\avwav.dll
2006-11-29 02:48 67,072 --a------ F:\WINDOWS\system32\rdshost.exe
2006-11-29 02:48 655,360 --a------ F:\WINDOWS\system32\mstscax.dll
2006-11-29 02:48 625,152 --a------ F:\WINDOWS\system32\catsrvut.dll
2006-11-29 02:48 62,464 --a------ F:\WINDOWS\system32\rdpclip.exe
2006-11-29 02:48 605,696 --a------ F:\WINDOWS\system32\getuname.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\remotepg.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\colbact.dll
2006-11-29 02:48 6,656 --a------ F:\WINDOWS\system32\wuauserv.dll
2006-11-29 02:48 6,144 --a------ F:\WINDOWS\system32\msdtc.exe
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\msdtclog.dll
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\licwmi.dll
2006-11-29 02:48 56,832 --a------ F:\WINDOWS\system32\sol.exe
2006-11-29 02:48 56,320 --a------ F:\WINDOWS\system32\servdeps.dll
2006-11-29 02:48 55,296 --a------ F:\WINDOWS\system32\freecell.exe
2006-11-29 02:48 540,160 --a------ F:\WINDOWS\system32\comuid.dll
2006-11-29 02:48 54,272 --a------ F:\WINDOWS\system32\stclient.dll
2006-11-29 02:48 538,624 --a------ F:\WINDOWS\system32\spider.exe
2006-11-29 02:48 5,632 --a------ F:\WINDOWS\system32\write.exe
2006-11-29 02:48 5,120 --a------ F:\WINDOWS\system32\dcomcnfg.exe
2006-11-29 02:48 498,688 --a------ F:\WINDOWS\system32\clbcatq.dll
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\tscupgrd.exe
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\hticons.dll
2006-11-29 02:48 426,496 --a------ F:\WINDOWS\system32\msdtcprx.dll
2006-11-29 02:48 407,552 --a------ F:\WINDOWS\system32\mstsc.exe
2006-11-29 02:48 40,840 --a------ F:\WINDOWS\system32\drivers\termdd.sys
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\rdpcfgex.dll
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\mtxex.dll
2006-11-29 02:48 38,912 --a------ F:\WINDOWS\system32\cfgbkend.dll
2006-11-29 02:48 360,960 --a------ F:\WINDOWS\system32\mspaint.exe
2006-11-29 02:48 35,328 --a------ F:\WINDOWS\system32\winchat.exe
2006-11-29 02:48 347,136 --a------ F:\WINDOWS\system32\hypertrm.dll
2006-11-29 02:48 33,792 --a------ F:\WINDOWS\system32\regini.exe
2006-11-29 02:48 295,424 --a------ F:\WINDOWS\system32\termsrv.dll
2006-11-29 02:48 25,600 --a------ F:\WINDOWS\system32\comaddin.dll
2006-11-29 02:48 25,088 --a------ F:\WINDOWS\system32\mtxlegih.dll
2006-11-29 02:48 227,840 --a------ F:\WINDOWS\system32\avtapi.dll
2006-11-29 02:48 225,792 --a------ F:\WINDOWS\system32\catsrv.dll
2006-11-29 02:48 22,016 --a------ F:\WINDOWS\system32\qwinsta.exe
2006-11-29 02:48 21,896 --a------ F:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-29 02:48 20,992 --a------ F:\WINDOWS\system32\msg.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\qprocess.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\mtxdm.dll
2006-11-29 02:48 196,864 --a------ F:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-29 02:48 19,968 --a------ F:\WINDOWS\system32\rdpsnd.dll
2006-11-29 02:48 185,344 --a------ F:\WINDOWS\system32\cmprops.dll
2006-11-29 02:48 183,808 --a------ F:\WINDOWS\system32\accwiz.exe
2006-11-29 02:48 17,408 --a------ F:\WINDOWS\system32\mmfutil.dll
2006-11-29 02:48 161,280 --a------ F:\WINDOWS\system32\msdtcuiu.dll
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\tsshutdn.exe
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\qappsrv.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\tskill.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\avmeter.dll
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\rwinsta.exe
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\cdmodem.dll
2006-11-29 02:48 15,360 --a------ F:\WINDOWS\system32\logoff.exe
2006-11-29 02:48 147,968 --a------ F:\WINDOWS\system32\rdchost.dll
2006-11-29 02:48 147,456 --a------ F:\WINDOWS\system32\comsnap.dll
2006-11-29 02:48 140,800 --a------ F:\WINDOWS\system32\sessmgr.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tsdiscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\shadow.exe
2006-11-29 02:48 139,528 --a------ F:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-29 02:48 138,752 --a------ F:\WINDOWS\system32\sndvol32.exe
2006-11-29 02:48 131,584 --a------ F:\WINDOWS\system32\sndrec32.exe
2006-11-29 02:48 13,824 --a------ F:\WINDOWS\system32\rdsaddin.exe
2006-11-29 02:48 126,976 --a------ F:\WINDOWS\system32\mshearts.exe
2006-11-29 02:48 124,184 --a------ F:\WINDOWS\system32\wuauclt.exe
2006-11-29 02:48 123,392 --a------ F:\WINDOWS\system32\mplay32.exe
2006-11-29 02:48 12,040 --a------ F:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-29 02:48 119,808 --a------ F:\WINDOWS\system32\winmine.exe
2006-11-29 02:48 117,760 --a------ F:\WINDOWS\system32\calc.exe
2006-11-29 02:48 110,080 --a------ F:\WINDOWS\system32\clbcatex.dll
2006-11-29 02:48 11,776 --a------ F:\WINDOWS\system32\xolehlp.dll
2006-11-29 02:48 11,264 --a------ F:\WINDOWS\system32\icaapi.dll
2006-11-29 02:48 102,912 --a------ F:\WINDOWS\system32\clipbrd.exe
2006-11-29 02:48 1,343,768 --a------ F:\WINDOWS\system32\wuaueng.dll
2006-11-29 02:48 1,267,200 --a------ F:\WINDOWS\system32\comsvcs.dll
2006-11-29 02:48 1,161 --a------ F:\WINDOWS\system32\usrlogon.cmd
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\MsDtc
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\Com
2006-11-29 02:48 <DIR> d-------- F:\Program Files\Windows NT
2006-11-29 02:48 <DIR> d-------- F:\Program Files\MSN Gaming Zone
2006-11-07 21:03 6,049,280 --------- F:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- F:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- F:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- F:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ F:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ F:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"F:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATIPTA"="F:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"VGAUtil"="F:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"SiSUSBRG"="F:\\WINDOWS\\SiSUSBrg.exe"
"Windows Defender"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"LClock"="F:\\Program Files\\LClock\\LClock.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"F:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="F:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"F:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^Steve^Start Menu^Programs^Startup^EZ Connect Wireless USB Utility.lnk]
"path"="F:\\Documents and Settings\\Steve\\Start Menu\\Programs\\Startup\\EZ Connect Wireless USB Utility.lnk"
"backup"="F:\\WINDOWS\\pss\\EZ Connect Wireless USB Utility.lnkStartup"
"location"="Startup"
"command"="F:\\PROGRA~1\\SMC\\EZCONN~1\\WLANMO~1.EXE "
"item"="EZ Connect Wireless USB Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Glass2k"
"hkey"="HKLM"
"command"="F:\\Program Files\\Glass2k\\Glass2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-02 2:35:46.14
F:\ComboFix.txt ... 06-12-02 02:35
F:\ComboFix2.txt ... 06-12-01 23:58
F:\ComboFix3.txt ... 06-12-01 18:04

steviedee · 12-01-2006, 08:03 PM

Combo Fix 2

Steve - 06-12-01 23:57:14.76 Service Pack 2
ComboFix 06.11.27W - Running from: "F:\Documents and Settings\Steve\desktop"
Command switches used :: /v ggw gebcd cluuwfri dmglaqd winuns32

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

F:\QooBox\Purity\Program Files\APPATC~1
F:\QooBox\Purity\Program Files\TSKS~1
F:\QooBox\Purity\Program Files\APPATC~1\A?pPatch

((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))

2006-12-01 21:29 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2006-12-01 21:28 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Adobe
2006-12-01 17:56 3,968 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-01 17:16 <DIR> d-------- F:\HJT
2006-12-01 17:14 <DIR> d-------- F:\Program Files\Lavasoft
2006-12-01 17:14 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Lavasoft
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\WBEM
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\system32\en-US
2006-12-01 15:34 <DIR> d--h-c--- F:\WINDOWS\ie7
2006-12-01 15:33 121,856 --------- F:\WINDOWS\system32\xmllite.dll
2006-12-01 15:33 <DIR> d-------- F:\WINDOWS\network diagnostic
2006-11-30 23:43 <DIR> d-------- F:\Program Files\Alcohol Soft
2006-11-30 21:44 88,340 --a------ F:\WINDOWS\system32\vbywdlfw.exe
2006-11-30 20:19 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Nero
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Common Files\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Nero
2006-11-30 17:41 <DIR> d-------- F:\Program Files\MSXML 4.0
2006-11-30 17:41 <DIR> d-------- F:\02709546a83f2d51e43489
2006-11-29 23:42 <DIR> d-------- F:\Program Files\Grisoft
2006-11-29 21:48 77,824 --a------ F:\WINDOWS\system32\tpedvf.dll
2006-11-29 21:45 88,340 --a------ F:\WINDOWS\system32\wqqxxqvq.exe
2006-11-29 21:45 <DIR> d-------- F:\Program Files\VSAdd-in
2006-11-29 21:45 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\dvdcss
2006-11-29 21:44 126,996 --a------ F:\WINDOWS\system32\gqomqnwa.dll
2006-11-29 21:44 <DIR> d-------- F:\Program Files\VideoLAN
2006-11-29 21:44 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\vlc
2006-11-29 21:43 2 --a------ F:\WINDOWS\system32\wnscpsv.exe
2006-11-29 21:42 93,696 --a------ F:\WINDOWS\system32\utbcgyb.dll
2006-11-29 21:41 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\DivX
2006-11-29 21:37 40,973 ---hs---- F:\WINDOWS\system32\ljjkiii.dll
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Microsoft Office
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Common Files\Designer
2006-11-29 16:39 <DIR> d-------- F:\Program Files\AnswerWorks 4.0
2006-11-29 16:37 <DIR> d-------- F:\Program Files\AutoCAD 2007
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Autodesk
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Autodesk
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Common Files\Autodesk Shared
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Autodesk
2006-11-29 16:31 720,896 --a------ F:\WINDOWS\system32\RhinoShExt.dll
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Rhinoceros 3.0
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Common Files\McNeel Shared
2006-11-29 16:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\McNeel
2006-11-29 16:16 266,360 --a------ F:\WINDOWS\system32\TweakUI.exe
2006-11-29 13:45 57,472 --a------ F:\WINDOWS\system32\drivers\redbook.sys
2006-11-29 13:45 3,072 --a------ F:\WINDOWS\system32\drivers\audstub.sys
2006-11-29 13:45 21,504 --a------ F:\WINDOWS\system32\hidserv.dll
2006-11-29 13:44 74,240 --a------ F:\WINDOWS\system32\usbui.dll
2006-11-29 13:44 32,768 --a------ F:\WINDOWS\system32\drivers\sisnic.sys
2006-11-29 13:43 9,936 --a------ F:\WINDOWS\system\LZEXPAND.DLL
2006-11-29 13:43 9,008 --a------ F:\WINDOWS\system\VER.DLL
2006-11-29 13:43 85,020 --a------ F:\WINDOWS\system32\dgsetup.dll
2006-11-29 13:43 82,944 --a------ F:\WINDOWS\system\OLECLI.DLL
2006-11-29 13:43 8,704 --a------ F:\WINDOWS\system32\batt.dll
2006-11-29 13:43 8,192 -ra------ F:\WINDOWS\system32\kbdhept.dll
2006-11-29 13:43 74,752 --a------ F:\WINDOWS\system32\storprop.dll
2006-11-29 13:43 7,168 -ra------ F:\WINDOWS\system32\kbdcz.dll
2006-11-29 13:43 69,584 --a------ F:\WINDOWS\system\AVICAP.DLL
2006-11-29 13:43 69,120 --a------ F:\WINDOWS\notepad.exe
2006-11-29 13:43 68,768 --a------ F:\WINDOWS\system\mmsystem.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdycl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdpl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhu.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhela3.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz2.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcr.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\KBDAL.DLL
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuq.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuf.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv1.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdhela2.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdgkl.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdest.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdycc.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbduzb.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdur.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdtat.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdro.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdpl1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdmon.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkyr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkaz.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhu1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe319.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe220.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdbu.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdblr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdazel.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdaze.dll
2006-11-29 13:43 5,120 --a------ F:\WINDOWS\system\SHELL.DLL
2006-11-29 13:43 32,816 --a------ F:\WINDOWS\system\COMMDLG.DLL
2006-11-29 13:43 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
2006-11-29 13:43 24,064 --a------ F:\WINDOWS\system\OLESVR.DLL
2006-11-29 13:43 19,200 --a------ F:\WINDOWS\system\TAPI.DLL
2006-11-29 13:43 176,157 --a------ F:\WINDOWS\system32\dgrpsetu.dll
2006-11-29 13:43 15,360 --a------ F:\WINDOWS\TASKMAN.EXE
2006-11-29 13:43 13,312 --a------ F:\WINDOWS\system32\irclass.dll
2006-11-29 13:43 126,912 --a------ F:\WINDOWS\system\MSVIDEO.DLL
2006-11-29 13:43 11,264 --a------ F:\WINDOWS\system32\drivers\irenum.sys
2006-11-29 13:43 109,456 --a------ F:\WINDOWS\system\AVIFILE.DLL
2006-11-29 13:43 103,424 --a------ F:\WINDOWS\system32\EqnClass.Dll
2006-11-29 13:43 <DIR> dr------- F:\Program Files\Common Files\..
2006-11-29 13:43 <DIR> dr------- F:\Program Files\.
2006-11-29 13:43 <DIR> dr------- F:\Program Files
2006-11-29 13:43 <DIR> d-ahs---- F:\Program Files\..
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\SpeechEngines
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\ODBC
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\Microsoft Shared
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\.
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data\.
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Start Menu
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Documents
2006-11-29 13:42 <DIR> d--h----- F:\Documents and Settings\All Users\Templates
2006-11-29 13:42 <DIR> d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot2
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Favorites
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Desktop
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\.
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings
2006-11-29 13:38 <DIR> dr-hsc--- F:\WINDOWS\system32\dllcache
2006-11-29 13:38 <DIR> dr--s---- F:\WINDOWS\Fonts
2006-11-29 13:38 <DIR> dr------- F:\WINDOWS\Web
2006-11-29 13:38 <DIR> d-ahs---- F:\WINDOWS\..
2006-11-29 13:38 <DIR> d--h----- F:\WINDOWS\inf
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\WinSxS
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\twain_32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Temp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wbem
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\usmt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\spool
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ShellExt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\Setup
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ras
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\oobe
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\npp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\inetsrv
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\IME
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\icsxml
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ias
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\export
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\etc
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\disdn
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\dhcp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3com_dmi
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3076
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\2052
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1054
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1042
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1041
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1037
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1033
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1031
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1028
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1025
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\security
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Resources
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\repair
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msapps
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msagent
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Media
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\java
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\ime
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Help
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Driver Cache
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Debug
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Cursors
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Connection Wizard
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\AppPatch
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\addins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iTunes
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iPod
2006-11-29 12:17 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Apple Computer
2006-11-29 12:16 <DIR> d-------- F:\Program Files\QuickTime
2006-11-29 12:15 <DIR> d-------- F:\Program Files\Apple Software Update
2006-11-29 12:15 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-29 12:12 <DIR> d-------- F:\Program Files\TrackMania Nations ESWC
2006-11-29 12:06 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2006-11-29 12:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-29 11:55 413,518 --a------ F:\WINDOWS\system32\vimc.exe
2006-11-29 11:52 <DIR> d-------- F:\WINDOWS\system32\VITrans
2006-11-29 11:48 <DIR> d-------- F:\Program Files\Common Files\Adobe Systems Shared
2006-11-29 11:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Macrovision
2006-11-29 09:47 <DIR> d-------- F:\Program Files\Styler
2006-11-29 09:41 20,480 --a------ F:\WINDOWS\system32\wbload.dll
2006-11-29 09:27 2,560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2006-11-29 09:15 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Styler
2006-11-29 08:59 <DIR> d-------- F:\WINDOWS\system32\VIRepair
2006-11-29 08:12 36,864 --------- F:\WINDOWS\system32\wbsys.dll
2006-11-29 08:12 <DIR> d-------- F:\Program Files\Stardock
2006-11-29 08:02 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Azureus
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Java
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Common Files\Java
2006-11-29 05:57 <DIR> d-------- F:\Program Files\DAEMON Tools
2006-11-29 05:55 82,944 --a------ F:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-29 05:55 639,224 --a------ F:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 05:55 6,400 --a------ F:\WINDOWS\system32\drivers\splitter.sys
2006-11-29 05:55 54,272 --a------ F:\WINDOWS\system32\drivers\swmidi.sys
2006-11-29 05:55 52,864 --a------ F:\WINDOWS\system32\drivers\DMusic.sys
2006-11-29 05:55 2,944 --a------ F:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-29 05:55 172,416 --a------ F:\WINDOWS\system32\drivers\kmixer.sys
2006-11-29 05:55 142,464 --a------ F:\WINDOWS\system32\drivers\aec.sys
2006-11-29 05:54 9,319,936 --a------ F:\WINDOWS\system32\RTLCPL.EXE
2006-11-29 05:54 77,824 --a------ F:\WINDOWS\SOUNDMAN.EXE
2006-11-29 05:54 7,552 --a------ F:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-29 05:54 60,800 --a------ F:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-29 05:54 60,288 --a------ F:\WINDOWS\system32\drivers\drmk.sys
2006-11-29 05:54 5,376 --a------ F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-29 05:54 40,960 --------- F:\WINDOWS\system32\ChCfg.exe
2006-11-29 05:54 4,992 --a------ F:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-29 05:54 4,096 --a------ F:\WINDOWS\system32\ksuser.dll
2006-11-29 05:54 208,896 --------- F:\WINDOWS\alcupd.exe
2006-11-29 05:54 2,297,664 --a------ F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-11-29 05:54 156,672 --a------ F:\WINDOWS\system32\RTLCPAPI.dll
2006-11-29 05:54 145,792 --a------ F:\WINDOWS\system32\drivers\portcls.sys
2006-11-29 05:54 139,264 --------- F:\WINDOWS\alcrmv.exe
2006-11-29 05:54 <DIR> d-------- F:\Program Files\Realtek Sound Manager
2006-11-29 05:54 <DIR> d-------- F:\Program Files\AvRack
2006-11-29 05:49 <DIR> d-------- F:\WINDOWS\Downloaded Installations
2006-11-29 05:49 <DIR> d-------- F:\Start Menu
2006-11-29 05:49 <DIR> d-------- F:\Program Files\MTV Networks
2006-11-29 05:46 <DIR> d-------- F:\Program Files\Windows Media Connect 2
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF
2006-11-29 05:45 <DIR> d-------- F:\534d006de7e3ce0ea069b4ff
2006-11-29 05:37 <DIR> d-------- F:\Program Files\Azureus
2006-11-29 05:36 20,640 --------- F:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 05:36 109,568 --------- F:\WINDOWS\system32\pxinsi64.exe
2006-11-29 05:36 108,544 --------- F:\WINDOWS\system32\pxcpyi64.exe
2006-11-29 05:36 <DIR> d-------- F:\Program Files\DivX
2006-11-29 05:23 <DIR> d--hs---- F:\RECYCLER
2006-11-29 05:22 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Mozilla
2006-11-29 05:19 720,412 --a------ F:\WINDOWS\system32\MGB_ScreenSaver.scr
2006-11-29 05:19 5,214,208 --a------ F:\WINDOWS\system32\vistaui.exe
2006-11-29 05:19 382,976 --a------ F:\WINDOWS\system32\Vista.scr
2006-11-29 05:19 <DIR> d-------- F:\Program Files\LClock
2006-11-29 05:15 81,920 --a------ F:\WINDOWS\system32\closeapp.exe
2006-11-29 05:15 8,636 --a------ F:\WINDOWS\system32\modifype.exe
2006-11-29 05:15 69,632 --a------ F:\WINDOWS\system32\moveex.exe
2006-11-29 05:15 19,968 --a------ F:\WINDOWS\system32\reico.exe
2006-11-29 05:15 111,104 --a------ F:\WINDOWS\system32\Uharc.exe
2006-11-29 05:15 <DIR> d-------- F:\VTPFiles
2006-11-29 05:07 <DIR> d-------- F:\Program Files\Windows Defender
2006-11-29 05:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-29 05:04 <DIR> d-------- F:\Documents and Settings\Steve\Contacts
2006-11-29 05:03 23,524 --a------ F:\WINDOWS\system32\drivers\GVTDrv.sys
2006-11-29 05:01 <DIR> d--h----- F:\WINDOWS\$hf_mig$
2006-11-29 05:01 <DIR> d-------- F:\WINDOWS\system32\PreInstall
2006-11-29 05:00 <DIR> d----c--- F:\WINDOWS\system32\DRVSTORE
2006-11-29 05:00 <DIR> d-------- F:\WINDOWS\pss
2006-11-29 05:00 <DIR> d-------- F:\Program Files\MSN Messenger
2006-11-29 05:00 <DIR> d-------- F:\Program Files\Mozilla Firefox
2006-11-29 04:59 18,200 --a------ F:\WINDOWS\system32\wups2.dll
2006-11-29 04:59 <DIR> d-------- F:\WINDOWS\system32\SoftwareDistribution
2006-11-29 04:58 <DIR> d---s---- F:\Documents and Settings\Steve\UserData
2006-11-29 04:58 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Macromedia
2006-11-29 04:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Logitech
2006-11-29 04:55 36,992 -ra------ F:\WINDOWS\system32\drivers\SISAGPX.SYS
2006-11-29 04:55 32,768 --a------ F:\WINDOWS\SIS_LIB.DLL
2006-11-29 04:55 3,583 --a------ F:\WINDOWS\SiSport.sys
2006-11-29 04:55 106,496 --a------ F:\WINDOWS\SiSUSBrg.exe
2006-11-29 04:54 <DIR> d-------- F:\Documents and Settings\Steve\WINDOWS
2006-11-29 04:53 7,296 -r------- F:\WINDOWS\system32\drivers\EIO.sys
2006-11-29 04:52 327,168 --a------ F:\WINDOWS\IsUninst.exe
2006-11-29 04:52 <DIR> d-------- F:\Program Files\GigaByte
2006-11-29 04:50 <DIR> dr--s---- F:\WINDOWS\assembly
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\system32\URTTemp
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\Microsoft.NET
2006-11-29 04:49 69,632 --a------ F:\WINDOWS\system32\KemXML.dll
2006-11-29 04:49 516,096 --------- F:\WINDOWS\system32\ati2sgag.exe
2006-11-29 04:49 3,712 --a------ F:\WINDOWS\system32\drivers\LBeepKE.sys
2006-11-29 04:49 294,912 -ra------ F:\WINDOWS\system32\atiiiexx.dll
2006-11-29 04:49 155,648 --a------ F:\WINDOWS\system32\kemutb.dll
2006-11-29 04:49 131,072 -ra------ F:\WINDOWS\system32\ATIDEMGR.dll
2006-11-29 04:49 131,072 --a------ F:\WINDOWS\system32\KemUtil.dll
2006-11-29 04:49 110,592 --a------ F:\WINDOWS\system32\KemWnd.dll
2006-11-29 04:48 94,208 --a------ F:\WINDOWS\KHALMNPR.Exe
2006-11-29 04:48 71,936 --a------ F:\WINDOWS\system32\drivers\LMouKE.Sys
2006-11-29 04:48 55,936 --a------ F:\WINDOWS\system32\drivers\L8042mou.Sys
2006-11-29 04:48 13,568 --a------ F:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Common Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\ATI Technologies
2006-11-29 04:47 23,040 -ra------ F:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\SoftwareDistribution
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\Prefetch
2006-11-29 04:39 95,424 --------- F:\WINDOWS\system32\drivers\slnthal.sys
2006-11-29 04:39 9,216 --------- F:\WINDOWS\system32\proxycfg.exe
2006-11-29 04:39 88,064 --------- F:\WINDOWS\system32\p2pnetsh.dll
2006-11-29 04:39 870,784 --------- F:\WINDOWS\system32\ati3d1ag.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\p2pgasvc.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\mdmxsdk.dll
2006-11-29 04:39 81,408 --------- F:\WINDOWS\system32\wscsvc.dll
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\smbinst.exe
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\bitsprx2.dll
2006-11-29 04:39 78,464 --------- F:\WINDOWS\system32\drivers\usbvideo.sys
2006-11-29 04:39 78,336 --a------ F:\WINDOWS\system32\ieencode.dll
2006-11-29 04:39 75,776 --------- F:\WINDOWS\system32\strmfilt.dll
2006-11-29 04:39 746,496 --a------ F:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-29 04:39 73,832 --------- F:\WINDOWS\system32\slcoinst.dll
2006-11-29 04:39 73,796 --------- F:\WINDOWS\system32\slserv.exe
2006-11-29 04:39 73,216 --------- F:\WINDOWS\system32\drivers\atintuxx.sys
2006-11-29 04:39 71,680 --------- F:\WINDOWS\system32\blastcln.exe
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsno.dll
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsfi.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdukx.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdno1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdfi1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\hccoin.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\bitsprx3.dll
2006-11-29 04:39 685,056 --------- F:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-11-29 04:39 67,584 --------- F:\WINDOWS\system32\drivers\sdbus.sys
2006-11-29 04:39 63,663 --------- F:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-11-29 04:39 63,488 --------- F:\WINDOWS\system32\drivers\atinxsxx.sys
2006-11-29 04:39 603,648 --------- F:\WINDOWS\system32\WMSPDMOD.dll
2006-11-29 04:39 60,416 --------- F:\WINDOWS\system32\fwcfg.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinmal.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinben.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt48.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt47.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdinbe1.dll
2006-11-29 04:39 6,016 --------- F:\WINDOWS\system32\drivers\smbali.sys
2006-11-29 04:39 59,648 --------- F:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-29 04:39 59,392 --------- F:\WINDOWS\system32\logman.exe
2006-11-29 04:39 57,856 --------- F:\WINDOWS\system32\drivers\atinbtxx.sys
2006-11-29 04:39 56,623 --------- F:\WINDOWS\system32\drivers\ati1btxx.sys
2006-11-29 04:39 537,088 --------- F:\WINDOWS\system32\msftedit.dll
2006-11-29 04:39 526,848 --------- F:\WINDOWS\system32\p2psvc.dll
2006-11-29 04:39 52,224 --------- F:\WINDOWS\system32\drivers\atinraxx.sys
2006-11-29 04:39 518,240 --a------ F:\WINDOWS\system32\ativvaxx.dll
2006-11-29 04:39 50,688 --------- F:\WINDOWS\system32\btpanui.dll
2006-11-29 04:39 50,176 --------- F:\WINDOWS\system32\xmlprovi.dll
2006-11-29 04:39 5,632 --------- F:\WINDOWS\system32\kbdmaori.dll
2006-11-29 04:39 49,152 --------- F:\WINDOWS\system32\powercfg.exe
2006-11-29 04:39 48,640 --------- F:\WINDOWS\system32\pnrpnsp.dll
2006-11-29 04:39 465,176 --a------ F:\WINDOWS\system32\wuapi.dll
2006-11-29 04:39 46,464 --------- F:\WINDOWS\system32\drivers\gagp30kx.sys
2006-11-29 04:39 452,736 --------- F:\WINDOWS\system32\drivers\mtxparhm.sys
2006-11-29 04:39 44,928 --------- F:\WINDOWS\system32\drivers\agpcpq.sys
2006-11-29 04:39 44,672 --------- F:\WINDOWS\system32\drivers\uagp35.sys
2006-11-29 04:39 44,032 --------- F:\WINDOWS\system32\twext.dll
2006-11-29 04:39 438,784 --------- F:\WINDOWS\system32\xpob2res.dll
2006-11-29 04:39 43,008 --------- F:\WINDOWS\system32\drivers\amdagp.sys
2006-11-29 04:39 42,752 --------- F:\WINDOWS\system32\drivers\alim1541.sys
2006-11-29 04:39 42,368 --------- F:\WINDOWS\system32\drivers\agp440.sys
2006-11-29 04:39 42,240 --------- F:\WINDOWS\system32\drivers\viaagp.sys
2006-11-29 04:39 41,240 --a------ F:\WINDOWS\system32\wups.dll
2006-11-29 04:39 41,088 --------- F:\WINDOWS\system32\drivers\sisagp.sys
2006-11-29 04:39 404,990 --------- F:\WINDOWS\system32\drivers\slntamr.sys
2006-11-29 04:39 4,274,816 --------- F:\WINDOWS\system32\nv4_disp.dll
2006-11-29 04:39 4,255 --------- F:\WINDOWS\system32\drivers\adv01nt5.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmvdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmsdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP4SDMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP43DMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\dsprpres.dll
2006-11-29 04:39 397,056 --------- F:\WINDOWS\system32\s3gnb.dll
2006-11-29 04:39 38,016 --------- F:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-29 04:39 377,984 --------- F:\WINDOWS\system32\ati2dvaa.dll
2006-11-29 04:39 37,376 --------- F:\WINDOWS\system32\drivers\amdk7.sys
2006-11-29 04:39 36,463 --------- F:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-11-29 04:39 36,096 --------- F:\WINDOWS\system32\drivers\intelppm.sys
2006-11-29 04:39 351,232 --------- F:\WINDOWS\system32\winhttp.dll
2006-11-29 04:39 35,456 --------- F:\WINDOWS\system32\drivers\bthprint.sys
2006-11-29 04:39 34,735 --------- F:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-11-29 04:39 327,040 --------- F:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-11-29 04:39 32,866 --------- F:\WINDOWS\system32\slrundll.exe
2006-11-29 04:39 32,866 --------- F:\WINDOWS\slrundll.exe
2006-11-29 04:39 32,768 --------- F:\WINDOWS\system32\ativtmxx.dll
2006-11-29 04:39 32,285 --------- F:\WINDOWS\system32\hsfcisp2.dll
2006-11-29 04:39 314,880 --------- F:\WINDOWS\system32\wmpdxm.dll
2006-11-29 04:39 312,320 --------- F:\WINDOWS\system32\p2pgraph.dll
2006-11-29 04:39 31,744 --------- F:\WINDOWS\system32\drivers\atinxbxx.sys
2006-11-29 04:39 30,671 --------- F:\WINDOWS\system32\drivers\ati1raxx.sys
2006-11-29 04:39 30,208 --------- F:\WINDOWS\system32\bthserv.dll
2006-11-29 04:39 30,080 --------- F:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-29 04:39 3,967 --------- F:\WINDOWS\system32\drivers\adv02nt5.dll
2006-11-29 04:39 3,901 --------- F:\WINDOWS\system32\drivers\siint5.dll
2006-11-29 04:39 3,775 --------- F:\WINDOWS\system32\drivers\adv11nt5.dll
2006-11-29 04:39 3,711 --------- F:\WINDOWS\system32\drivers\adv09nt5.dll
2006-11-29 04:39 3,647 --------- F:\WINDOWS\system32\drivers\adv07nt5.dll
2006-11-29 04:39 3,615 --------- F:\WINDOWS\system32\drivers\adv05nt5.dll
2006-11-29 04:39 3,135 --------- F:\WINDOWS\system32\drivers\adv08nt5.dll
2006-11-29 04:39 29,455 --------- F:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-11-29 04:39 29,184 --------- F:\WINDOWS\system32\sdhcinst.dll
2006-11-29 04:39 29,056 --------- F:\WINDOWS\system32\drivers\ip6fw.sys
2006-11-29 04:39 286,792 --------- F:\WINDOWS\system32\slextspk.dll
2006-11-29 04:39 28,672 --------- F:\WINDOWS\system32\drivers\atinsnxx.sys
2006-11-29 04:39 274,304 --------- F:\WINDOWS\system32\drivers\bthport.sys
2006-11-29 04:39 270,848 --------- F:\WINDOWS\system32\sbe.dll
2006-11-29 04:39 27,136 --------- F:\WINDOWS\system32\mspmsnsv.dll
2006-11-29 04:39 262,784 --------- F:\WINDOWS\system32\drivers\http.sys
2006-11-29 04:39 26,624 --------- F:\WINDOWS\system32\drivers\usbehci.sys
2006-11-29 04:39 26,367 --------- F:\WINDOWS\system32\drivers\ati1snxx.sys
2006-11-29 04:39 25,600 --------- F:\WINDOWS\system32\drivers\hidbth.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\watv10nt.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\atv04nt5.dll
2006-11-29 04:39 242,688 --------- F:\WINDOWS\system32\wmpasf.dll
2006-11-29 04:39 24,576 --------- F:\WINDOWS\system32\httpapi.dll
2006-11-29 04:39 23,040 --a------ F:\WINDOWS\system32\fltmc.exe
2006-11-29 04:39 229,376 --a------ F:\WINDOWS\system32\ati2cqag.dll
2006-11-29 04:39 227,328 --------- F:\WINDOWS\system32\wmerror.dll
2006-11-29 04:39 220,032 --------- F:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-11-29 04:39 22,271 --------- F:\WINDOWS\system32\drivers\watv06nt.sys
2006-11-29 04:39 21,343 --------- F:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-11-29 04:39 21,183 --------- F:\WINDOWS\system32\drivers\atv01nt5.dll
2006-11-29 04:39 207,360 --a------ F:\WINDOWS\system32\ati2dvag.dll
2006-11-29 04:39 20,992 --------- F:\WINDOWS\system32\bthci.dll
2006-11-29 04:39 20,480 --------- F:\WINDOWS\system32\encapi.dll
2006-11-29 04:39 2,155,680 --a------ F:\WINDOWS\system32\ati3duag.dll
2006-11-29 04:39 2,113,536 --------- F:\WINDOWS\system32\dxdiagn.dll
2006-11-29 04:39 194,328 --a------ F:\WINDOWS\system32\wuaueng1.dll
2006-11-29 04:39 193,024 --------- F:\WINDOWS\system32\fsquirt.exe
2006-11-29 04:39 188,508 --------- F:\WINDOWS\system32\slgen.dll
2006-11-29 04:39 187,392 --------- F:\WINDOWS\system32\xpsp1res.dll
2006-11-29 04:39 186,368 --------- F:\WINDOWS\system32\encdec.dll
2006-11-29 04:39 180,360 --------- F:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-29 04:39 18,944 --------- F:\WINDOWS\system32\drivers\bthusb.sys
2006-11-29 04:39 173,536 --a------ F:\WINDOWS\system32\wuweb.dll
2006-11-29 04:39 172,312 --a------ F:\WINDOWS\system32\wuauclt1.exe
2006-11-29 04:39 17,408 --------- F:\WINDOWS\system32\winshfhc.dll
2006-11-29 04:39 17,279 --------- F:\WINDOWS\system32\drivers\atv10nt5.dll
2006-11-29 04:39 17,024 --------- F:\WINDOWS\system32\drivers\bthenum.sys
2006-11-29 04:39 166,912 --------- F:\WINDOWS\system32\drivers\s3gnbm.sys
2006-11-29 04:39 16,896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-11-29 04:39 159,232 --------- F:\WINDOWS\system32\sbeio.dll
2006-11-29 04:39 157,184 --------- F:\WINDOWS\system32\wmidx.dll
2006-11-29 04:39 15,872 --------- F:\WINDOWS\system32\w3ssl.dll
2006-11-29 04:39 15,488 --------- F:\WINDOWS\system32\drivers\mssmbios.sys
2006-11-29 04:39 15,423 --------- F:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-11-29 04:39 15,104 --------- F:\WINDOWS\system32\drivers\hidir.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\drivers\atinpdxx.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\auditusr.exe
2006-11-29 04:39 14,143 --------- F:\WINDOWS\system32\drivers\atv06nt5.dll
2006-11-29 04:39 134,656 --------- F:\WINDOWS\system32\mssap.dll
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\wscntfy.exe
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinttxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinmdxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\cmsetacl.dll
2006-11-29 04:39 13,776 --------- F:\WINDOWS\system32\drivers\recagent.sys
2006-11-29 04:39 13,568 --------- F:\WINDOWS\system32\drivers\wacompen.sys
2006-11-29 04:39 13,240 --------- F:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-29 04:39 129,536 --------- F:\WINDOWS\system32\xmlprov.dll
2006-11-29 04:39 129,535 --------- F:\WINDOWS\system32\drivers\slnt7554.sys
2006-11-29 04:39 128,896 --------- F:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-29 04:39 127,256 --a------ F:\WINDOWS\system32\wucltui.dll
2006-11-29 04:39 126,686 --------- F:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\mutohpen.sys
2006-11-29 04:39 12,416 --------- F:\WINDOWS\system32\drivers\tunmp.sys
2006-11-29 04:39 12,047 --------- F:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-11-29 04:39 118,784 --------- F:\WINDOWS\system32\msdadiag.dll
2006-11-29 04:39 116,224 --------- F:\WINDOWS\system32\p2p.dll
2006-11-29 04:39 11,935 --------- F:\WINDOWS\system32\drivers\wadv11nt.sys
2006-11-29 04:39 11,871 --------- F:\WINDOWS\system32\drivers\wadv09nt.sys
2006-11-29 04:39 11,868 --------- F:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-29 04:39 11,807 --------- F:\WINDOWS\system32\drivers\wadv07nt.sys
2006-11-29 04:39 11,615 --------- F:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-11-29 04:39 11,359 --------- F:\WINDOWS\system32\drivers\atv02nt5.dll
2006-11-29 04:39 11,325 --------- F:\WINDOWS\system32\drivers\vchnt5.dll
2006-11-29 04:39 11,295 --------- F:\WINDOWS\system32\drivers\wadv08nt.sys
2006-11-29 04:39 11,136 --------- F:\WINDOWS\system32\drivers\sffdisk.sys
2006-11-29 04:39 108,032 --------- F:\WINDOWS\system32\wshbth.dll
2006-11-29 04:39 104,960 --------- F:\WINDOWS\system32\drivers\atinrvxx.sys
2006-11-29 04:39 100,992 --------- F:\WINDOWS\system32\drivers\bthpan.sys
2006-11-29 04:39 10,240 --------- F:\WINDOWS\system32\drivers\sffp_sd.sys
2006-11-29 04:39 1,897,408 --------- F:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-29 04:39 1,737,856 --------- F:\WINDOWS\system32\mtxparhd.dll
2006-11-29 04:39 1,689,088 --------- F:\WINDOWS\system32\d3d9.dll
2006-11-29 04:39 1,329,152 --------- F:\WINDOWS\system32\WMSPDMOE.dll
2006-11-29 04:39 1,309,184 --------- F:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-29 04:39 1,088,000 --a------ F:\WINDOWS\system32\winbrand.dll
2006-11-29 04:39 1,041,536 --------- F:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\provisioning
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\peernet
2006-11-29 04:37 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2006-11-29 04:35 3,385,856 --a------ F:\WINDOWS\system32\xpsp2res.dll
2006-11-29 04:35 <DIR> d-------- F:\WINDOWS\system32\ReinstallBackups
2006-11-29 04:34 23,856 --a------ F:\WINDOWS\system32\spupdsvc.exe
2006-11-29 04:33 <DIR> d-------- F:\WINDOWS\EHome
2006-11-29 04:30 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
2006-11-29 04:29 <DIR> d--h----- F:\Program Files\InstallShield Installation Information
2006-11-29 04:28 <DIR> d-------- F:\Program Files\SMC
2006-11-29 04:28 <DIR> d-------- F:\Program Files\Common Files\InstallShield
2006-11-29 04:26 <DIR> d-------- F:\Program Files\WinRAR
2006-11-29 04:22 26,496 --a------ F:\WINDOWS\system32\drivers\usbstor.sys
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\SendTo
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Recent
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data\.
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Start Menu
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\My Documents
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Favorites
2006-11-29 02:56 <DIR> d--hs---- F:\WINDOWS\Installer
2006-11-29 02:56 <DIR> d--hs---- F:\Documents and Settings\Steve\Cookies
2006-11-29 02:56 <DIR> d--h----- F:\Program Files\Uninstall Information
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Templates
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\PrintHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\NetHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Local Settings
2006-11-29 02:56 <DIR> d---s---- F:\Documents and Settings\Steve\Application Data\Microsoft
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Desktop
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Identities
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\.
2006-11-29 02:55 <DIR> d--hs---- F:\System Volume Information
2006-11-29 02:52 112,128 --a------ F:\WINDOWS\system32\mapi32.dll
2006-11-29 02:52 <DIR> d-------- F:\WINDOWS\system32\xircom
2006-11-29 02:52 <DIR> d-------- F:\Program Files\xerox
2006-11-29 02:52 <DIR> d-------- F:\Program Files\microsoft frontpage
2006-11-29 02:51 <DIR> dr------- F:\WINDOWS\Offline Web Pages
2006-11-29 02:51 <DIR> d--hs---- F:\Documents and Settings\All Users\DRM
2006-11-29 02:51 <DIR> d---s---- F:\WINDOWS\Downloaded Program Files
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\Macromed
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\DirectX
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\srchasst
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\isign32.dll
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\ils.dll
2006-11-29 02:50 73,728 --a------ F:\WINDOWS\system32\icwdial.dll
2006-11-29 02:50 73,472 --a------ F:\WINDOWS\system32\drivers\sr.sys
2006-11-29 02:50 69,632 --a------ F:\WINDOWS\system32\msconf.dll
2006-11-29 02:50 679,424 --a------ F:\WINDOWS\system32\inetcomm.dll
2006-11-29 02:50 67,584 --a------ F:\WINDOWS\system32\srclient.dll
2006-11-29 02:50 65,536 --a------ F:\WINDOWS\system32\icwphbk.dll
2006-11-29 02:50 64,512 --a------ F:\WINDOWS\system32\acctres.dll
2006-11-29 02:50 48,128 --a------ F:\WINDOWS\system32\inetres.dll
2006-11-29 02:50 45,568 --a------ F:\WINDOWS\system32\safrslv.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\safrcdlg.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\racpldlg.dll
2006-11-29 02:50 382,464 --a------ F:\WINDOWS\system32\qmgr.dll
2006-11-29 02:50 34,560 --a------ F:\WINDOWS\system32\mnmdd.dll
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\mnmsrvc.exe
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\isrdbg32.dll
2006-11-29 02:50 29,696 --a------ F:\WINDOWS\system32\safrdm.dll
2006-11-29 02:50 28,672 --a------ F:\WINDOWS\system32\nmmkcert.dll
2006-11-29 02:50 274,944 --a------ F:\WINDOWS\system32\mstask.dll
2006-11-29 02:50 274,432 --a------ F:\WINDOWS\system32\inetcfg.dll
2006-11-29 02:50 252,928 --a------ F:\WINDOWS\system32\msoeacct.dll
2006-11-29 02:50 239,104 --a------ F:\WINDOWS\system32\srrstr.dll
2006-11-29 02:50 190,976 --a------ F:\WINDOWS\system32\schedsvc.dll
2006-11-29 02:50 18,944 --a------ F:\WINDOWS\system32\qmgrprxy.dll
2006-11-29 02:50 170,496 --a------ F:\WINDOWS\system32\srsvc.dll
2006-11-29 02:50 16,384 --a------ F:\WINDOWS\system32\icfgnt5.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\nmevtmsg.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\mstinit.exe
2006-11-29 02:50 11,264 --a------ F:\WINDOWS\system32\atrace.dll
2006-11-29 02:50 105,984 --a------ F:\WINDOWS\system32\msoert2.dll
2006-11-29 02:50 <DIR> d---s---- F:\WINDOWS\Tasks
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\system32\Restore
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\PCHEALTH
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Windows Media Player
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Outlook Express
2006-11-29 02:50 <DIR> d-------- F:\Program Files\NetMeeting
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Movie Maker
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Common Files\Services
2006-11-29 02:49 <DIR> d--h----- F:\Program Files\WindowsUpdate
2006-11-29 02:49 <DIR> d-------- F:\WINDOWS\Registration
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Online Services
2006-11-29 02:49 <DIR> d-------- F:\Program Files\MSN
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Messenger
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Internet Explorer
2006-11-29 02:49 <DIR> d-------- F:\Program Files\ComPlus Applications
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\System
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\MSSoap
2006-11-29 02:48 97,792 --a------ F:\WINDOWS\system32\comrepl.dll
2006-11-29 02:48 956,416 --a------ F:\WINDOWS\system32\msdtctm.dll
2006-11-29 02:48 93,696 --a------ F:\WINDOWS\system32\tscfgwmi.dll
2006-11-29 02:48 91,136 --a------ F:\WINDOWS\system32\mtxoci.dll
2006-11-29 02:48 9,728 --a------ F:\WINDOWS\system32\reset.exe
2006-11-29 02:48 87,176 --a------ F:\WINDOWS\system32\rdpwsx.dll
2006-11-29 02:48 85,504 --a------ F:\WINDOWS\system32\catsrvps.dll
2006-11-29 02:48 83,456 --a------ F:\WINDOWS\system32\charmap.exe
2006-11-29 02:48 73,216 --a------ F:\WINDOWS\system32\avwav.dll
2006-11-29 02:48 67,072 --a------ F:\WINDOWS\system32\rdshost.exe
2006-11-29 02:48 655,360 --a------ F:\WINDOWS\system32\mstscax.dll
2006-11-29 02:48 625,152 --a------ F:\WINDOWS\system32\catsrvut.dll
2006-11-29 02:48 62,464 --a------ F:\WINDOWS\system32\rdpclip.exe
2006-11-29 02:48 605,696 --a------ F:\WINDOWS\system32\getuname.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\remotepg.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\colbact.dll
2006-11-29 02:48 6,656 --a------ F:\WINDOWS\system32\wuauserv.dll
2006-11-29 02:48 6,144 --a------ F:\WINDOWS\system32\msdtc.exe
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\msdtclog.dll
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\licwmi.dll
2006-11-29 02:48 56,832 --a------ F:\WINDOWS\system32\sol.exe
2006-11-29 02:48 56,320 --a------ F:\WINDOWS\system32\servdeps.dll
2006-11-29 02:48 55,296 --a------ F:\WINDOWS\system32\freecell.exe
2006-11-29 02:48 540,160 --a------ F:\WINDOWS\system32\comuid.dll
2006-11-29 02:48 54,272 --a------ F:\WINDOWS\system32\stclient.dll
2006-11-29 02:48 538,624 --a------ F:\WINDOWS\system32\spider.exe
2006-11-29 02:48 5,632 --a------ F:\WINDOWS\system32\write.exe
2006-11-29 02:48 5,120 --a------ F:\WINDOWS\system32\dcomcnfg.exe
2006-11-29 02:48 498,688 --a------ F:\WINDOWS\system32\clbcatq.dll
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\tscupgrd.exe
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\hticons.dll
2006-11-29 02:48 426,496 --a------ F:\WINDOWS\system32\msdtcprx.dll
2006-11-29 02:48 407,552 --a------ F:\WINDOWS\system32\mstsc.exe
2006-11-29 02:48 40,840 --a------ F:\WINDOWS\system32\drivers\termdd.sys
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\rdpcfgex.dll
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\mtxex.dll
2006-11-29 02:48 38,912 --a------ F:\WINDOWS\system32\cfgbkend.dll
2006-11-29 02:48 360,960 --a------ F:\WINDOWS\system32\mspaint.exe
2006-11-29 02:48 35,328 --a------ F:\WINDOWS\system32\winchat.exe
2006-11-29 02:48 347,136 --a------ F:\WINDOWS\system32\hypertrm.dll
2006-11-29 02:48 33,792 --a------ F:\WINDOWS\system32\regini.exe
2006-11-29 02:48 295,424 --a------ F:\WINDOWS\system32\termsrv.dll
2006-11-29 02:48 25,600 --a------ F:\WINDOWS\system32\comaddin.dll
2006-11-29 02:48 25,088 --a------ F:\WINDOWS\system32\mtxlegih.dll
2006-11-29 02:48 227,840 --a------ F:\WINDOWS\system32\avtapi.dll
2006-11-29 02:48 225,792 --a------ F:\WINDOWS\system32\catsrv.dll
2006-11-29 02:48 22,016 --a------ F:\WINDOWS\system32\qwinsta.exe
2006-11-29 02:48 21,896 --a------ F:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-29 02:48 20,992 --a------ F:\WINDOWS\system32\msg.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\qprocess.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\mtxdm.dll
2006-11-29 02:48 196,864 --a------ F:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-29 02:48 19,968 --a------ F:\WINDOWS\system32\rdpsnd.dll
2006-11-29 02:48 185,344 --a------ F:\WINDOWS\system32\cmprops.dll
2006-11-29 02:48 183,808 --a------ F:\WINDOWS\system32\accwiz.exe
2006-11-29 02:48 17,408 --a------ F:\WINDOWS\system32\mmfutil.dll
2006-11-29 02:48 161,280 --a------ F:\WINDOWS\system32\msdtcuiu.dll
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\tsshutdn.exe
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\qappsrv.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\tskill.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\avmeter.dll
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\rwinsta.exe
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\cdmodem.dll
2006-11-29 02:48 15,360 --a------ F:\WINDOWS\system32\logoff.exe
2006-11-29 02:48 147,968 --a------ F:\WINDOWS\system32\rdchost.dll
2006-11-29 02:48 147,456 --a------ F:\WINDOWS\system32\comsnap.dll
2006-11-29 02:48 140,800 --a------ F:\WINDOWS\system32\sessmgr.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tsdiscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\shadow.exe
2006-11-29 02:48 139,528 --a------ F:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-29 02:48 138,752 --a------ F:\WINDOWS\system32\sndvol32.exe
2006-11-29 02:48 131,584 --a------ F:\WINDOWS\system32\sndrec32.exe
2006-11-29 02:48 13,824 --a------ F:\WINDOWS\system32\rdsaddin.exe
2006-11-29 02:48 126,976 --a------ F:\WINDOWS\system32\mshearts.exe
2006-11-29 02:48 124,184 --a------ F:\WINDOWS\system32\wuauclt.exe
2006-11-29 02:48 123,392 --a------ F:\WINDOWS\system32\mplay32.exe
2006-11-29 02:48 12,040 --a------ F:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-29 02:48 119,808 --a------ F:\WINDOWS\system32\winmine.exe
2006-11-29 02:48 117,760 --a------ F:\WINDOWS\system32\calc.exe
2006-11-29 02:48 110,080 --a------ F:\WINDOWS\system32\clbcatex.dll
2006-11-29 02:48 11,776 --a------ F:\WINDOWS\system32\xolehlp.dll
2006-11-29 02:48 11,264 --a------ F:\WINDOWS\system32\icaapi.dll
2006-11-29 02:48 102,912 --a------ F:\WINDOWS\system32\clipbrd.exe
2006-11-29 02:48 1,343,768 --a------ F:\WINDOWS\system32\wuaueng.dll
2006-11-29 02:48 1,267,200 --a------ F:\WINDOWS\system32\comsvcs.dll
2006-11-29 02:48 1,161 --a------ F:\WINDOWS\system32\usrlogon.cmd
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\MsDtc
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\Com
2006-11-29 02:48 <DIR> d-------- F:\Program Files\Windows NT
2006-11-29 02:48 <DIR> d-------- F:\Program Files\MSN Gaming Zone
2006-11-07 21:03 6,049,280 --------- F:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- F:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- F:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- F:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ F:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ F:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"F:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATIPTA"="F:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"VGAUtil"="F:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"SiSUSBRG"="F:\\WINDOWS\\SiSUSBrg.exe"
"Windows Defender"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"LClock"="F:\\Program Files\\LClock\\LClock.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"F:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="F:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"F:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^Steve^Start Menu^Programs^Startup^EZ Connect Wireless USB Utility.lnk]
"path"="F:\\Documents and Settings\\Steve\\Start Menu\\Programs\\Startup\\EZ Connect Wireless USB Utility.lnk"
"backup"="F:\\WINDOWS\\pss\\EZ Connect Wireless USB Utility.lnkStartup"
"location"="Startup"
"command"="F:\\PROGRA~1\\SMC\\EZCONN~1\\WLANMO~1.EXE "
"item"="EZ Connect Wireless USB Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Glass2k"
"hkey"="HKLM"
"command"="F:\\Program Files\\Glass2k\\Glass2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-01 23:58:00.21
F:\ComboFix.txt ... 06-12-01 23:58
F:\ComboFix2.txt ... 06-12-01 18:04

steviedee · 12-01-2006, 08:04 PM

ComboFix after AVG scan in Safe Mode

Steve - 06-12-01 18:00:17.42 Service Pack 2
ComboFix 06.11.27W - Running from: "F:\Documents and Settings\Steve\desktop"
Command switches used :: /v ggw gebcd cluuwfri dmglaqd winuns32

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))

F:\WINDOWS\system32\gebcd.dll
F:\WINDOWS\system32\cluuwfri.dll
F:\WINDOWS\system32\dmglaqd.dll
F:\WINDOWS\system32\dcbeg.bak1
F:\WINDOWS\system32\dcbeg.bak2
F:\WINDOWS\system32\dcbeg.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

F:\WINDOWS\system32\ismini.exe
F:\WINDOWS\system32\issearch.exe
F:\WINDOWS\system32\ixt0.dll
F:\WINDOWS\system32\components
F:\Program Files\Common Files\{34652F13-0BB1-1033-0907-050411080001}
F:\Program Files\Common Files\{44652F13-0BB1-1033-0907-050411080001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

F:\QooBox\Purity\Program Files\APPATC~1
F:\QooBox\Purity\Program Files\TSKS~1
F:\QooBox\Purity\Program Files\APPATC~1\A?pPatch

((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))

2006-12-01 17:56 3,968 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-01 17:16 <DIR> d-------- F:\HJT
2006-12-01 17:14 <DIR> d-------- F:\Program Files\Lavasoft
2006-12-01 17:14 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Lavasoft
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\WBEM
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\system32\en-US
2006-12-01 15:34 <DIR> d--h-c--- F:\WINDOWS\ie7
2006-12-01 15:33 121,856 --------- F:\WINDOWS\system32\xmllite.dll
2006-12-01 15:33 <DIR> d-------- F:\WINDOWS\network diagnostic
2006-11-30 23:43 <DIR> d-------- F:\Program Files\Alcohol Soft
2006-11-30 21:44 88,340 --a------ F:\WINDOWS\system32\vbywdlfw.exe
2006-11-30 20:19 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Nero
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Common Files\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Nero
2006-11-30 17:41 <DIR> d-------- F:\Program Files\MSXML 4.0
2006-11-30 17:41 <DIR> d-------- F:\02709546a83f2d51e43489
2006-11-29 23:42 <DIR> d-------- F:\Program Files\Grisoft
2006-11-29 21:48 77,824 --a------ F:\WINDOWS\system32\tpedvf.dll
2006-11-29 21:45 88,340 --a------ F:\WINDOWS\system32\wqqxxqvq.exe
2006-11-29 21:45 <DIR> d-------- F:\Program Files\VSAdd-in
2006-11-29 21:45 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\dvdcss
2006-11-29 21:44 126,996 --a------ F:\WINDOWS\system32\gqomqnwa.dll
2006-11-29 21:44 <DIR> d-------- F:\Program Files\VideoLAN
2006-11-29 21:44 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\vlc
2006-11-29 21:43 2 --a------ F:\WINDOWS\system32\wnscpsv.exe
2006-11-29 21:42 93,696 --a------ F:\WINDOWS\system32\utbcgyb.dll
2006-11-29 21:41 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\DivX
2006-11-29 21:37 40,973 ---hs---- F:\WINDOWS\system32\ljjkiii.dll
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Microsoft Office
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Common Files\Designer
2006-11-29 16:39 <DIR> d-------- F:\Program Files\AnswerWorks 4.0
2006-11-29 16:37 <DIR> d-------- F:\Program Files\AutoCAD 2007
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Autodesk
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Autodesk
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Common Files\Autodesk Shared
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Autodesk
2006-11-29 16:31 720,896 --a------ F:\WINDOWS\system32\RhinoShExt.dll
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Rhinoceros 3.0
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Common Files\McNeel Shared
2006-11-29 16:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\McNeel
2006-11-29 16:16 266,360 --a------ F:\WINDOWS\system32\TweakUI.exe
2006-11-29 13:45 57,472 --a------ F:\WINDOWS\system32\drivers\redbook.sys
2006-11-29 13:45 3,072 --a------ F:\WINDOWS\system32\drivers\audstub.sys
2006-11-29 13:45 21,504 --a------ F:\WINDOWS\system32\hidserv.dll
2006-11-29 13:44 74,240 --a------ F:\WINDOWS\system32\usbui.dll
2006-11-29 13:44 32,768 --a------ F:\WINDOWS\system32\drivers\sisnic.sys
2006-11-29 13:43 9,936 --a------ F:\WINDOWS\system\LZEXPAND.DLL
2006-11-29 13:43 9,008 --a------ F:\WINDOWS\system\VER.DLL
2006-11-29 13:43 85,020 --a------ F:\WINDOWS\system32\dgsetup.dll
2006-11-29 13:43 82,944 --a------ F:\WINDOWS\system\OLECLI.DLL
2006-11-29 13:43 8,704 --a------ F:\WINDOWS\system32\batt.dll
2006-11-29 13:43 8,192 -ra------ F:\WINDOWS\system32\kbdhept.dll
2006-11-29 13:43 74,752 --a------ F:\WINDOWS\system32\storprop.dll
2006-11-29 13:43 7,168 -ra------ F:\WINDOWS\system32\kbdcz.dll
2006-11-29 13:43 69,584 --a------ F:\WINDOWS\system\AVICAP.DLL
2006-11-29 13:43 69,120 --a------ F:\WINDOWS\notepad.exe
2006-11-29 13:43 68,768 --a------ F:\WINDOWS\system\mmsystem.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdycl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdpl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhu.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhela3.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz2.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcr.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\KBDAL.DLL
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuq.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuf.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv1.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdhela2.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdgkl.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdest.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdycc.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbduzb.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdur.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdtat.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdro.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdpl1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdmon.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkyr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkaz.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhu1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe319.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe220.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdbu.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdblr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdazel.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdaze.dll
2006-11-29 13:43 5,120 --a------ F:\WINDOWS\system\SHELL.DLL
2006-11-29 13:43 32,816 --a------ F:\WINDOWS\system\COMMDLG.DLL
2006-11-29 13:43 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
2006-11-29 13:43 24,064 --a------ F:\WINDOWS\system\OLESVR.DLL
2006-11-29 13:43 19,200 --a------ F:\WINDOWS\system\TAPI.DLL
2006-11-29 13:43 176,157 --a------ F:\WINDOWS\system32\dgrpsetu.dll
2006-11-29 13:43 15,360 --a------ F:\WINDOWS\TASKMAN.EXE
2006-11-29 13:43 13,312 --a------ F:\WINDOWS\system32\irclass.dll
2006-11-29 13:43 126,912 --a------ F:\WINDOWS\system\MSVIDEO.DLL
2006-11-29 13:43 11,264 --a------ F:\WINDOWS\system32\drivers\irenum.sys
2006-11-29 13:43 109,456 --a------ F:\WINDOWS\system\AVIFILE.DLL
2006-11-29 13:43 103,424 --a------ F:\WINDOWS\system32\EqnClass.Dll
2006-11-29 13:43 <DIR> dr------- F:\Program Files\Common Files\..
2006-11-29 13:43 <DIR> dr------- F:\Program Files\.
2006-11-29 13:43 <DIR> dr------- F:\Program Files
2006-11-29 13:43 <DIR> d-ahs---- F:\Program Files\..
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\SpeechEngines
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\ODBC
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\Microsoft Shared
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\.
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data\.
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Start Menu
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Documents
2006-11-29 13:42 <DIR> d--h----- F:\Documents and Settings\All Users\Templates
2006-11-29 13:42 <DIR> d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot2
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Favorites
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Desktop
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\.
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings
2006-11-29 13:38 <DIR> dr-hsc--- F:\WINDOWS\system32\dllcache
2006-11-29 13:38 <DIR> dr--s---- F:\WINDOWS\Fonts
2006-11-29 13:38 <DIR> dr------- F:\WINDOWS\Web
2006-11-29 13:38 <DIR> d-ahs---- F:\WINDOWS\..
2006-11-29 13:38 <DIR> d--h----- F:\WINDOWS\inf
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\WinSxS
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\twain_32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Temp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wbem
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\usmt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\spool
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ShellExt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\Setup
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ras
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\oobe
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\npp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\inetsrv
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\IME
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\icsxml
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ias
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\export
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\etc
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\disdn
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\dhcp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3com_dmi
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3076
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\2052
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1054
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1042
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1041
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1037
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1033
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1031
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1028
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1025
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\security
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Resources
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\repair
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msapps
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msagent
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Media
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\java
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\ime
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Help
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Driver Cache
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Debug
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Cursors
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Connection Wizard
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\AppPatch
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\addins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iTunes
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iPod
2006-11-29 12:17 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Apple Computer
2006-11-29 12:16 <DIR> d-------- F:\Program Files\QuickTime
2006-11-29 12:15 <DIR> d-------- F:\Program Files\Apple Software Update
2006-11-29 12:15 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-29 12:12 <DIR> d-------- F:\Program Files\TrackMania Nations ESWC
2006-11-29 12:06 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2006-11-29 12:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-29 11:55 413,518 --a------ F:\WINDOWS\system32\vimc.exe
2006-11-29 11:52 <DIR> d-------- F:\WINDOWS\system32\VITrans
2006-11-29 11:48 <DIR> d-------- F:\Program Files\Common Files\Adobe Systems Shared
2006-11-29 11:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Macrovision
2006-11-29 09:47 <DIR> d-------- F:\Program Files\Styler
2006-11-29 09:41 20,480 --a------ F:\WINDOWS\system32\wbload.dll
2006-11-29 09:27 2,560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2006-11-29 09:15 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Styler
2006-11-29 08:59 <DIR> d-------- F:\WINDOWS\system32\VIRepair
2006-11-29 08:12 36,864 --------- F:\WINDOWS\system32\wbsys.dll
2006-11-29 08:12 <DIR> d-------- F:\Program Files\Stardock
2006-11-29 08:02 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Azureus
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Java
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Common Files\Java
2006-11-29 05:57 <DIR> d-------- F:\Program Files\DAEMON Tools
2006-11-29 05:55 82,944 --a------ F:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-29 05:55 639,224 --a------ F:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 05:55 6,400 --a------ F:\WINDOWS\system32\drivers\splitter.sys
2006-11-29 05:55 54,272 --a------ F:\WINDOWS\system32\drivers\swmidi.sys
2006-11-29 05:55 52,864 --a------ F:\WINDOWS\system32\drivers\DMusic.sys
2006-11-29 05:55 2,944 --a------ F:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-29 05:55 172,416 --a------ F:\WINDOWS\system32\drivers\kmixer.sys
2006-11-29 05:55 142,464 --a------ F:\WINDOWS\system32\drivers\aec.sys
2006-11-29 05:54 9,319,936 --a------ F:\WINDOWS\system32\RTLCPL.EXE
2006-11-29 05:54 77,824 --a------ F:\WINDOWS\SOUNDMAN.EXE
2006-11-29 05:54 7,552 --a------ F:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-29 05:54 60,800 --a------ F:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-29 05:54 60,288 --a------ F:\WINDOWS\system32\drivers\drmk.sys
2006-11-29 05:54 5,376 --a------ F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-29 05:54 40,960 --------- F:\WINDOWS\system32\ChCfg.exe
2006-11-29 05:54 4,992 --a------ F:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-29 05:54 4,096 --a------ F:\WINDOWS\system32\ksuser.dll
2006-11-29 05:54 208,896 --------- F:\WINDOWS\alcupd.exe
2006-11-29 05:54 2,297,664 --a------ F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-11-29 05:54 156,672 --a------ F:\WINDOWS\system32\RTLCPAPI.dll
2006-11-29 05:54 145,792 --a------ F:\WINDOWS\system32\drivers\portcls.sys
2006-11-29 05:54 139,264 --------- F:\WINDOWS\alcrmv.exe
2006-11-29 05:54 <DIR> d-------- F:\Program Files\Realtek Sound Manager
2006-11-29 05:54 <DIR> d-------- F:\Program Files\AvRack
2006-11-29 05:49 <DIR> d-------- F:\WINDOWS\Downloaded Installations
2006-11-29 05:49 <DIR> d-------- F:\Start Menu
2006-11-29 05:49 <DIR> d-------- F:\Program Files\MTV Networks
2006-11-29 05:46 <DIR> d-------- F:\Program Files\Windows Media Connect 2
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF
2006-11-29 05:45 <DIR> d-------- F:\534d006de7e3ce0ea069b4ff
2006-11-29 05:37 <DIR> d-------- F:\Program Files\Azureus
2006-11-29 05:36 20,640 --------- F:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 05:36 109,568 --------- F:\WINDOWS\system32\pxinsi64.exe
2006-11-29 05:36 108,544 --------- F:\WINDOWS\system32\pxcpyi64.exe
2006-11-29 05:36 <DIR> d-------- F:\Program Files\DivX
2006-11-29 05:23 <DIR> d--hs---- F:\RECYCLER
2006-11-29 05:22 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Mozilla
2006-11-29 05:19 720,412 --a------ F:\WINDOWS\system32\MGB_ScreenSaver.scr
2006-11-29 05:19 5,214,208 --a------ F:\WINDOWS\system32\vistaui.exe
2006-11-29 05:19 382,976 --a------ F:\WINDOWS\system32\Vista.scr
2006-11-29 05:19 <DIR> d-------- F:\Program Files\LClock
2006-11-29 05:15 81,920 --a------ F:\WINDOWS\system32\closeapp.exe
2006-11-29 05:15 8,636 --a------ F:\WINDOWS\system32\modifype.exe
2006-11-29 05:15 69,632 --a------ F:\WINDOWS\system32\moveex.exe
2006-11-29 05:15 19,968 --a------ F:\WINDOWS\system32\reico.exe
2006-11-29 05:15 111,104 --a------ F:\WINDOWS\system32\Uharc.exe
2006-11-29 05:15 <DIR> d-------- F:\VTPFiles
2006-11-29 05:07 <DIR> d-------- F:\Program Files\Windows Defender
2006-11-29 05:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-29 05:04 <DIR> d-------- F:\Documents and Settings\Steve\Contacts
2006-11-29 05:03 23,524 --a------ F:\WINDOWS\system32\drivers\GVTDrv.sys
2006-11-29 05:01 <DIR> d--h----- F:\WINDOWS\$hf_mig$
2006-11-29 05:01 <DIR> d-------- F:\WINDOWS\system32\PreInstall
2006-11-29 05:00 <DIR> d----c--- F:\WINDOWS\system32\DRVSTORE
2006-11-29 05:00 <DIR> d-------- F:\WINDOWS\pss
2006-11-29 05:00 <DIR> d-------- F:\Program Files\MSN Messenger
2006-11-29 05:00 <DIR> d-------- F:\Program Files\Mozilla Firefox
2006-11-29 04:59 18,200 --a------ F:\WINDOWS\system32\wups2.dll
2006-11-29 04:59 <DIR> d-------- F:\WINDOWS\system32\SoftwareDistribution
2006-11-29 04:58 <DIR> d---s---- F:\Documents and Settings\Steve\UserData
2006-11-29 04:58 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Macromedia
2006-11-29 04:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Logitech
2006-11-29 04:55 36,992 -ra------ F:\WINDOWS\system32\drivers\SISAGPX.SYS
2006-11-29 04:55 32,768 --a------ F:\WINDOWS\SIS_LIB.DLL
2006-11-29 04:55 3,583 --a------ F:\WINDOWS\SiSport.sys
2006-11-29 04:55 106,496 --a------ F:\WINDOWS\SiSUSBrg.exe
2006-11-29 04:54 <DIR> d-------- F:\Documents and Settings\Steve\WINDOWS
2006-11-29 04:53 7,296 -r------- F:\WINDOWS\system32\drivers\EIO.sys
2006-11-29 04:52 327,168 --a------ F:\WINDOWS\IsUninst.exe
2006-11-29 04:52 <DIR> d-------- F:\Program Files\GigaByte
2006-11-29 04:50 <DIR> dr--s---- F:\WINDOWS\assembly
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\system32\URTTemp
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\Microsoft.NET
2006-11-29 04:49 69,632 --a------ F:\WINDOWS\system32\KemXML.dll
2006-11-29 04:49 516,096 --------- F:\WINDOWS\system32\ati2sgag.exe
2006-11-29 04:49 3,712 --a------ F:\WINDOWS\system32\drivers\LBeepKE.sys
2006-11-29 04:49 294,912 -ra------ F:\WINDOWS\system32\atiiiexx.dll
2006-11-29 04:49 155,648 --a------ F:\WINDOWS\system32\kemutb.dll
2006-11-29 04:49 131,072 -ra------ F:\WINDOWS\system32\ATIDEMGR.dll
2006-11-29 04:49 131,072 --a------ F:\WINDOWS\system32\KemUtil.dll
2006-11-29 04:49 110,592 --a------ F:\WINDOWS\system32\KemWnd.dll
2006-11-29 04:48 94,208 --a------ F:\WINDOWS\KHALMNPR.Exe
2006-11-29 04:48 71,936 --a------ F:\WINDOWS\system32\drivers\LMouKE.Sys
2006-11-29 04:48 55,936 --a------ F:\WINDOWS\system32\drivers\L8042mou.Sys
2006-11-29 04:48 13,568 --a------ F:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Common Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\ATI Technologies
2006-11-29 04:47 23,040 -ra------ F:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\SoftwareDistribution
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\Prefetch
2006-11-29 04:39 95,424 --------- F:\WINDOWS\system32\drivers\slnthal.sys
2006-11-29 04:39 9,216 --------- F:\WINDOWS\system32\proxycfg.exe
2006-11-29 04:39 88,064 --------- F:\WINDOWS\system32\p2pnetsh.dll
2006-11-29 04:39 870,784 --------- F:\WINDOWS\system32\ati3d1ag.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\p2pgasvc.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\mdmxsdk.dll
2006-11-29 04:39 81,408 --------- F:\WINDOWS\system32\wscsvc.dll
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\smbinst.exe
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\bitsprx2.dll
2006-11-29 04:39 78,464 --------- F:\WINDOWS\system32\drivers\usbvideo.sys
2006-11-29 04:39 78,336 --a------ F:\WINDOWS\system32\ieencode.dll
2006-11-29 04:39 75,776 --------- F:\WINDOWS\system32\strmfilt.dll
2006-11-29 04:39 746,496 --a------ F:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-29 04:39 73,832 --------- F:\WINDOWS\system32\slcoinst.dll
2006-11-29 04:39 73,796 --------- F:\WINDOWS\system32\slserv.exe
2006-11-29 04:39 73,216 --------- F:\WINDOWS\system32\drivers\atintuxx.sys
2006-11-29 04:39 71,680 --------- F:\WINDOWS\system32\blastcln.exe
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsno.dll
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsfi.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdukx.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdno1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdfi1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\hccoin.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\bitsprx3.dll
2006-11-29 04:39 685,056 --------- F:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-11-29 04:39 67,584 --------- F:\WINDOWS\system32\drivers\sdbus.sys
2006-11-29 04:39 63,663 --------- F:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-11-29 04:39 63,488 --------- F:\WINDOWS\system32\drivers\atinxsxx.sys
2006-11-29 04:39 603,648 --------- F:\WINDOWS\system32\WMSPDMOD.dll
2006-11-29 04:39 60,416 --------- F:\WINDOWS\system32\fwcfg.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinmal.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinben.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt48.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt47.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdinbe1.dll
2006-11-29 04:39 6,016 --------- F:\WINDOWS\system32\drivers\smbali.sys
2006-11-29 04:39 59,648 --------- F:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-29 04:39 59,392 --------- F:\WINDOWS\system32\logman.exe
2006-11-29 04:39 57,856 --------- F:\WINDOWS\system32\drivers\atinbtxx.sys
2006-11-29 04:39 56,623 --------- F:\WINDOWS\system32\drivers\ati1btxx.sys
2006-11-29 04:39 537,088 --------- F:\WINDOWS\system32\msftedit.dll
2006-11-29 04:39 526,848 --------- F:\WINDOWS\system32\p2psvc.dll
2006-11-29 04:39 52,224 --------- F:\WINDOWS\system32\drivers\atinraxx.sys
2006-11-29 04:39 518,240 --a------ F:\WINDOWS\system32\ativvaxx.dll
2006-11-29 04:39 50,688 --------- F:\WINDOWS\system32\btpanui.dll
2006-11-29 04:39 50,176 --------- F:\WINDOWS\system32\xmlprovi.dll
2006-11-29 04:39 5,632 --------- F:\WINDOWS\system32\kbdmaori.dll
2006-11-29 04:39 49,152 --------- F:\WINDOWS\system32\powercfg.exe
2006-11-29 04:39 48,640 --------- F:\WINDOWS\system32\pnrpnsp.dll
2006-11-29 04:39 465,176 --a------ F:\WINDOWS\system32\wuapi.dll
2006-11-29 04:39 46,464 --------- F:\WINDOWS\system32\drivers\gagp30kx.sys
2006-11-29 04:39 452,736 --------- F:\WINDOWS\system32\drivers\mtxparhm.sys
2006-11-29 04:39 44,928 --------- F:\WINDOWS\system32\drivers\agpcpq.sys
2006-11-29 04:39 44,672 --------- F:\WINDOWS\system32\drivers\uagp35.sys
2006-11-29 04:39 44,032 --------- F:\WINDOWS\system32\twext.dll
2006-11-29 04:39 438,784 --------- F:\WINDOWS\system32\xpob2res.dll
2006-11-29 04:39 43,008 --------- F:\WINDOWS\system32\drivers\amdagp.sys
2006-11-29 04:39 42,752 --------- F:\WINDOWS\system32\drivers\alim1541.sys
2006-11-29 04:39 42,368 --------- F:\WINDOWS\system32\drivers\agp440.sys
2006-11-29 04:39 42,240 --------- F:\WINDOWS\system32\drivers\viaagp.sys
2006-11-29 04:39 41,240 --a------ F:\WINDOWS\system32\wups.dll
2006-11-29 04:39 41,088 --------- F:\WINDOWS\system32\drivers\sisagp.sys
2006-11-29 04:39 404,990 --------- F:\WINDOWS\system32\drivers\slntamr.sys
2006-11-29 04:39 4,274,816 --------- F:\WINDOWS\system32\nv4_disp.dll
2006-11-29 04:39 4,255 --------- F:\WINDOWS\system32\drivers\adv01nt5.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmvdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmsdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP4SDMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP43DMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\dsprpres.dll
2006-11-29 04:39 397,056 --------- F:\WINDOWS\system32\s3gnb.dll
2006-11-29 04:39 38,016 --------- F:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-29 04:39 377,984 --------- F:\WINDOWS\system32\ati2dvaa.dll
2006-11-29 04:39 37,376 --------- F:\WINDOWS\system32\drivers\amdk7.sys
2006-11-29 04:39 36,463 --------- F:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-11-29 04:39 36,096 --------- F:\WINDOWS\system32\drivers\intelppm.sys
2006-11-29 04:39 351,232 --------- F:\WINDOWS\system32\winhttp.dll
2006-11-29 04:39 35,456 --------- F:\WINDOWS\system32\drivers\bthprint.sys
2006-11-29 04:39 34,735 --------- F:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-11-29 04:39 327,040 --------- F:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-11-29 04:39 32,866 --------- F:\WINDOWS\system32\slrundll.exe
2006-11-29 04:39 32,866 --------- F:\WINDOWS\slrundll.exe
2006-11-29 04:39 32,768 --------- F:\WINDOWS\system32\ativtmxx.dll
2006-11-29 04:39 32,285 --------- F:\WINDOWS\system32\hsfcisp2.dll
2006-11-29 04:39 314,880 --------- F:\WINDOWS\system32\wmpdxm.dll
2006-11-29 04:39 312,320 --------- F:\WINDOWS\system32\p2pgraph.dll
2006-11-29 04:39 31,744 --------- F:\WINDOWS\system32\drivers\atinxbxx.sys
2006-11-29 04:39 30,671 --------- F:\WINDOWS\system32\drivers\ati1raxx.sys
2006-11-29 04:39 30,208 --------- F:\WINDOWS\system32\bthserv.dll
2006-11-29 04:39 30,080 --------- F:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-29 04:39 3,967 --------- F:\WINDOWS\system32\drivers\adv02nt5.dll
2006-11-29 04:39 3,901 --------- F:\WINDOWS\system32\drivers\siint5.dll
2006-11-29 04:39 3,775 --------- F:\WINDOWS\system32\drivers\adv11nt5.dll
2006-11-29 04:39 3,711 --------- F:\WINDOWS\system32\drivers\adv09nt5.dll
2006-11-29 04:39 3,647 --------- F:\WINDOWS\system32\drivers\adv07nt5.dll
2006-11-29 04:39 3,615 --------- F:\WINDOWS\system32\drivers\adv05nt5.dll
2006-11-29 04:39 3,135 --------- F:\WINDOWS\system32\drivers\adv08nt5.dll
2006-11-29 04:39 29,455 --------- F:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-11-29 04:39 29,184 --------- F:\WINDOWS\system32\sdhcinst.dll
2006-11-29 04:39 29,056 --------- F:\WINDOWS\system32\drivers\ip6fw.sys
2006-11-29 04:39 286,792 --------- F:\WINDOWS\system32\slextspk.dll
2006-11-29 04:39 28,672 --------- F:\WINDOWS\system32\drivers\atinsnxx.sys
2006-11-29 04:39 274,304 --------- F:\WINDOWS\system32\drivers\bthport.sys
2006-11-29 04:39 270,848 --------- F:\WINDOWS\system32\sbe.dll
2006-11-29 04:39 27,136 --------- F:\WINDOWS\system32\mspmsnsv.dll
2006-11-29 04:39 262,784 --------- F:\WINDOWS\system32\drivers\http.sys
2006-11-29 04:39 26,624 --------- F:\WINDOWS\system32\drivers\usbehci.sys
2006-11-29 04:39 26,367 --------- F:\WINDOWS\system32\drivers\ati1snxx.sys
2006-11-29 04:39 25,600 --------- F:\WINDOWS\system32\drivers\hidbth.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\watv10nt.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\atv04nt5.dll
2006-11-29 04:39 242,688 --------- F:\WINDOWS\system32\wmpasf.dll
2006-11-29 04:39 24,576 --------- F:\WINDOWS\system32\httpapi.dll
2006-11-29 04:39 23,040 --a------ F:\WINDOWS\system32\fltmc.exe
2006-11-29 04:39 229,376 --a------ F:\WINDOWS\system32\ati2cqag.dll
2006-11-29 04:39 227,328 --------- F:\WINDOWS\system32\wmerror.dll
2006-11-29 04:39 220,032 --------- F:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-11-29 04:39 22,271 --------- F:\WINDOWS\system32\drivers\watv06nt.sys
2006-11-29 04:39 21,343 --------- F:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-11-29 04:39 21,183 --------- F:\WINDOWS\system32\drivers\atv01nt5.dll
2006-11-29 04:39 207,360 --a------ F:\WINDOWS\system32\ati2dvag.dll
2006-11-29 04:39 20,992 --------- F:\WINDOWS\system32\bthci.dll
2006-11-29 04:39 20,480 --------- F:\WINDOWS\system32\encapi.dll
2006-11-29 04:39 2,155,680 --a------ F:\WINDOWS\system32\ati3duag.dll
2006-11-29 04:39 2,113,536 --------- F:\WINDOWS\system32\dxdiagn.dll
2006-11-29 04:39 194,328 --a------ F:\WINDOWS\system32\wuaueng1.dll
2006-11-29 04:39 193,024 --------- F:\WINDOWS\system32\fsquirt.exe
2006-11-29 04:39 188,508 --------- F:\WINDOWS\system32\slgen.dll
2006-11-29 04:39 187,392 --------- F:\WINDOWS\system32\xpsp1res.dll
2006-11-29 04:39 186,368 --------- F:\WINDOWS\system32\encdec.dll
2006-11-29 04:39 180,360 --------- F:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-29 04:39 18,944 --------- F:\WINDOWS\system32\drivers\bthusb.sys
2006-11-29 04:39 173,536 --a------ F:\WINDOWS\system32\wuweb.dll
2006-11-29 04:39 172,312 --a------ F:\WINDOWS\system32\wuauclt1.exe
2006-11-29 04:39 17,408 --------- F:\WINDOWS\system32\winshfhc.dll
2006-11-29 04:39 17,279 --------- F:\WINDOWS\system32\drivers\atv10nt5.dll
2006-11-29 04:39 17,024 --------- F:\WINDOWS\system32\drivers\bthenum.sys
2006-11-29 04:39 166,912 --------- F:\WINDOWS\system32\drivers\s3gnbm.sys
2006-11-29 04:39 16,896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-11-29 04:39 159,232 --------- F:\WINDOWS\system32\sbeio.dll
2006-11-29 04:39 157,184 --------- F:\WINDOWS\system32\wmidx.dll
2006-11-29 04:39 15,872 --------- F:\WINDOWS\system32\w3ssl.dll
2006-11-29 04:39 15,488 --------- F:\WINDOWS\system32\drivers\mssmbios.sys
2006-11-29 04:39 15,423 --------- F:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-11-29 04:39 15,104 --------- F:\WINDOWS\system32\drivers\hidir.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\drivers\atinpdxx.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\auditusr.exe
2006-11-29 04:39 14,143 --------- F:\WINDOWS\system32\drivers\atv06nt5.dll
2006-11-29 04:39 134,656 --------- F:\WINDOWS\system32\mssap.dll
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\wscntfy.exe
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinttxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinmdxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\cmsetacl.dll
2006-11-29 04:39 13,776 --------- F:\WINDOWS\system32\drivers\recagent.sys
2006-11-29 04:39 13,568 --------- F:\WINDOWS\system32\drivers\wacompen.sys
2006-11-29 04:39 13,240 --------- F:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-29 04:39 129,536 --------- F:\WINDOWS\system32\xmlprov.dll
2006-11-29 04:39 129,535 --------- F:\WINDOWS\system32\drivers\slnt7554.sys
2006-11-29 04:39 128,896 --------- F:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-29 04:39 127,256 --a------ F:\WINDOWS\system32\wucltui.dll
2006-11-29 04:39 126,686 --------- F:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\mutohpen.sys
2006-11-29 04:39 12,416 --------- F:\WINDOWS\system32\drivers\tunmp.sys
2006-11-29 04:39 12,047 --------- F:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-11-29 04:39 118,784 --------- F:\WINDOWS\system32\msdadiag.dll
2006-11-29 04:39 116,224 --------- F:\WINDOWS\system32\p2p.dll
2006-11-29 04:39 11,935 --------- F:\WINDOWS\system32\drivers\wadv11nt.sys
2006-11-29 04:39 11,871 --------- F:\WINDOWS\system32\drivers\wadv09nt.sys
2006-11-29 04:39 11,868 --------- F:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-29 04:39 11,807 --------- F:\WINDOWS\system32\drivers\wadv07nt.sys
2006-11-29 04:39 11,615 --------- F:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-11-29 04:39 11,359 --------- F:\WINDOWS\system32\drivers\atv02nt5.dll
2006-11-29 04:39 11,325 --------- F:\WINDOWS\system32\drivers\vchnt5.dll
2006-11-29 04:39 11,295 --------- F:\WINDOWS\system32\drivers\wadv08nt.sys
2006-11-29 04:39 11,136 --------- F:\WINDOWS\system32\drivers\sffdisk.sys
2006-11-29 04:39 108,032 --------- F:\WINDOWS\system32\wshbth.dll
2006-11-29 04:39 104,960 --------- F:\WINDOWS\system32\drivers\atinrvxx.sys
2006-11-29 04:39 100,992 --------- F:\WINDOWS\system32\drivers\bthpan.sys
2006-11-29 04:39 10,240 --------- F:\WINDOWS\system32\drivers\sffp_sd.sys
2006-11-29 04:39 1,897,408 --------- F:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-29 04:39 1,737,856 --------- F:\WINDOWS\system32\mtxparhd.dll
2006-11-29 04:39 1,689,088 --------- F:\WINDOWS\system32\d3d9.dll
2006-11-29 04:39 1,329,152 --------- F:\WINDOWS\system32\WMSPDMOE.dll
2006-11-29 04:39 1,309,184 --------- F:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-29 04:39 1,088,000 --a------ F:\WINDOWS\system32\winbrand.dll
2006-11-29 04:39 1,041,536 --------- F:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\provisioning
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\peernet
2006-11-29 04:37 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2006-11-29 04:35 3,385,856 --a------ F:\WINDOWS\system32\xpsp2res.dll
2006-11-29 04:35 <DIR> d-------- F:\WINDOWS\system32\ReinstallBackups
2006-11-29 04:34 23,856 --a------ F:\WINDOWS\system32\spupdsvc.exe
2006-11-29 04:33 <DIR> d-------- F:\WINDOWS\EHome
2006-11-29 04:30 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
2006-11-29 04:29 <DIR> d--h----- F:\Program Files\InstallShield Installation Information
2006-11-29 04:28 <DIR> d-------- F:\Program Files\SMC
2006-11-29 04:28 <DIR> d-------- F:\Program Files\Common Files\InstallShield
2006-11-29 04:26 <DIR> d-------- F:\Program Files\WinRAR
2006-11-29 04:22 26,496 --a------ F:\WINDOWS\system32\drivers\usbstor.sys
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\SendTo
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Recent
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data\.
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Start Menu
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\My Documents
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Favorites
2006-11-29 02:56 <DIR> d--hs---- F:\WINDOWS\Installer
2006-11-29 02:56 <DIR> d--hs---- F:\Documents and Settings\Steve\Cookies
2006-11-29 02:56 <DIR> d--h----- F:\Program Files\Uninstall Information
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Templates
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\PrintHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\NetHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Local Settings
2006-11-29 02:56 <DIR> d---s---- F:\Documents and Settings\Steve\Application Data\Microsoft
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Desktop
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Identities
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\.
2006-11-29 02:55 <DIR> d--hs---- F:\System Volume Information
2006-11-29 02:52 112,128 --a------ F:\WINDOWS\system32\mapi32.dll
2006-11-29 02:52 <DIR> d-------- F:\WINDOWS\system32\xircom
2006-11-29 02:52 <DIR> d-------- F:\Program Files\xerox
2006-11-29 02:52 <DIR> d-------- F:\Program Files\microsoft frontpage
2006-11-29 02:51 <DIR> dr------- F:\WINDOWS\Offline Web Pages
2006-11-29 02:51 <DIR> d--hs---- F:\Documents and Settings\All Users\DRM
2006-11-29 02:51 <DIR> d---s---- F:\WINDOWS\Downloaded Program Files
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\Macromed
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\DirectX
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\srchasst
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\isign32.dll
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\ils.dll
2006-11-29 02:50 73,728 --a------ F:\WINDOWS\system32\icwdial.dll
2006-11-29 02:50 73,472 --a------ F:\WINDOWS\system32\drivers\sr.sys
2006-11-29 02:50 69,632 --a------ F:\WINDOWS\system32\msconf.dll
2006-11-29 02:50 679,424 --a------ F:\WINDOWS\system32\inetcomm.dll
2006-11-29 02:50 67,584 --a------ F:\WINDOWS\system32\srclient.dll
2006-11-29 02:50 65,536 --a------ F:\WINDOWS\system32\icwphbk.dll
2006-11-29 02:50 64,512 --a------ F:\WINDOWS\system32\acctres.dll
2006-11-29 02:50 48,128 --a------ F:\WINDOWS\system32\inetres.dll
2006-11-29 02:50 45,568 --a------ F:\WINDOWS\system32\safrslv.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\safrcdlg.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\racpldlg.dll
2006-11-29 02:50 382,464 --a------ F:\WINDOWS\system32\qmgr.dll
2006-11-29 02:50 34,560 --a------ F:\WINDOWS\system32\mnmdd.dll
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\mnmsrvc.exe
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\isrdbg32.dll
2006-11-29 02:50 29,696 --a------ F:\WINDOWS\system32\safrdm.dll
2006-11-29 02:50 28,672 --a------ F:\WINDOWS\system32\nmmkcert.dll
2006-11-29 02:50 274,944 --a------ F:\WINDOWS\system32\mstask.dll
2006-11-29 02:50 274,432 --a------ F:\WINDOWS\system32\inetcfg.dll
2006-11-29 02:50 252,928 --a------ F:\WINDOWS\system32\msoeacct.dll
2006-11-29 02:50 239,104 --a------ F:\WINDOWS\system32\srrstr.dll
2006-11-29 02:50 190,976 --a------ F:\WINDOWS\system32\schedsvc.dll
2006-11-29 02:50 18,944 --a------ F:\WINDOWS\system32\qmgrprxy.dll
2006-11-29 02:50 170,496 --a------ F:\WINDOWS\system32\srsvc.dll
2006-11-29 02:50 16,384 --a------ F:\WINDOWS\system32\icfgnt5.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\nmevtmsg.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\mstinit.exe
2006-11-29 02:50 11,264 --a------ F:\WINDOWS\system32\atrace.dll
2006-11-29 02:50 105,984 --a------ F:\WINDOWS\system32\msoert2.dll
2006-11-29 02:50 <DIR> d---s---- F:\WINDOWS\Tasks
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\system32\Restore
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\PCHEALTH
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Windows Media Player
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Outlook Express
2006-11-29 02:50 <DIR> d-------- F:\Program Files\NetMeeting
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Movie Maker
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Common Files\Services
2006-11-29 02:49 <DIR> d--h----- F:\Program Files\WindowsUpdate
2006-11-29 02:49 <DIR> d-------- F:\WINDOWS\Registration
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Online Services
2006-11-29 02:49 <DIR> d-------- F:\Program Files\MSN
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Messenger
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Internet Explorer
2006-11-29 02:49 <DIR> d-------- F:\Program Files\ComPlus Applications
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\System
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\MSSoap
2006-11-29 02:48 97,792 --a------ F:\WINDOWS\system32\comrepl.dll
2006-11-29 02:48 956,416 --a------ F:\WINDOWS\system32\msdtctm.dll
2006-11-29 02:48 93,696 --a------ F:\WINDOWS\system32\tscfgwmi.dll
2006-11-29 02:48 91,136 --a------ F:\WINDOWS\system32\mtxoci.dll
2006-11-29 02:48 9,728 --a------ F:\WINDOWS\system32\reset.exe
2006-11-29 02:48 87,176 --a------ F:\WINDOWS\system32\rdpwsx.dll
2006-11-29 02:48 85,504 --a------ F:\WINDOWS\system32\catsrvps.dll
2006-11-29 02:48 83,456 --a------ F:\WINDOWS\system32\charmap.exe
2006-11-29 02:48 73,216 --a------ F:\WINDOWS\system32\avwav.dll
2006-11-29 02:48 67,072 --a------ F:\WINDOWS\system32\rdshost.exe
2006-11-29 02:48 655,360 --a------ F:\WINDOWS\system32\mstscax.dll
2006-11-29 02:48 625,152 --a------ F:\WINDOWS\system32\catsrvut.dll
2006-11-29 02:48 62,464 --a------ F:\WINDOWS\system32\rdpclip.exe
2006-11-29 02:48 605,696 --a------ F:\WINDOWS\system32\getuname.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\remotepg.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\colbact.dll
2006-11-29 02:48 6,656 --a------ F:\WINDOWS\system32\wuauserv.dll
2006-11-29 02:48 6,144 --a------ F:\WINDOWS\system32\msdtc.exe
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\msdtclog.dll
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\licwmi.dll
2006-11-29 02:48 56,832 --a------ F:\WINDOWS\system32\sol.exe
2006-11-29 02:48 56,320 --a------ F:\WINDOWS\system32\servdeps.dll
2006-11-29 02:48 55,296 --a------ F:\WINDOWS\system32\freecell.exe
2006-11-29 02:48 540,160 --a------ F:\WINDOWS\system32\comuid.dll
2006-11-29 02:48 54,272 --a------ F:\WINDOWS\system32\stclient.dll
2006-11-29 02:48 538,624 --a------ F:\WINDOWS\system32\spider.exe
2006-11-29 02:48 5,632 --a------ F:\WINDOWS\system32\write.exe
2006-11-29 02:48 5,120 --a------ F:\WINDOWS\system32\dcomcnfg.exe
2006-11-29 02:48 498,688 --a------ F:\WINDOWS\system32\clbcatq.dll
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\tscupgrd.exe
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\hticons.dll
2006-11-29 02:48 426,496 --a------ F:\WINDOWS\system32\msdtcprx.dll
2006-11-29 02:48 407,552 --a------ F:\WINDOWS\system32\mstsc.exe
2006-11-29 02:48 40,840 --a------ F:\WINDOWS\system32\drivers\termdd.sys
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\rdpcfgex.dll
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\mtxex.dll
2006-11-29 02:48 38,912 --a------ F:\WINDOWS\system32\cfgbkend.dll
2006-11-29 02:48 360,960 --a------ F:\WINDOWS\system32\mspaint.exe
2006-11-29 02:48 35,328 --a------ F:\WINDOWS\system32\winchat.exe
2006-11-29 02:48 347,136 --a------ F:\WINDOWS\system32\hypertrm.dll
2006-11-29 02:48 33,792 --a------ F:\WINDOWS\system32\regini.exe
2006-11-29 02:48 295,424 --a------ F:\WINDOWS\system32\termsrv.dll
2006-11-29 02:48 25,600 --a------ F:\WINDOWS\system32\comaddin.dll
2006-11-29 02:48 25,088 --a------ F:\WINDOWS\system32\mtxlegih.dll
2006-11-29 02:48 227,840 --a------ F:\WINDOWS\system32\avtapi.dll
2006-11-29 02:48 225,792 --a------ F:\WINDOWS\system32\catsrv.dll
2006-11-29 02:48 22,016 --a------ F:\WINDOWS\system32\qwinsta.exe
2006-11-29 02:48 21,896 --a------ F:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-29 02:48 20,992 --a------ F:\WINDOWS\system32\msg.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\qprocess.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\mtxdm.dll
2006-11-29 02:48 196,864 --a------ F:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-29 02:48 19,968 --a------ F:\WINDOWS\system32\rdpsnd.dll
2006-11-29 02:48 185,344 --a------ F:\WINDOWS\system32\cmprops.dll
2006-11-29 02:48 183,808 --a------ F:\WINDOWS\system32\accwiz.exe
2006-11-29 02:48 17,408 --a------ F:\WINDOWS\system32\mmfutil.dll
2006-11-29 02:48 161,280 --a------ F:\WINDOWS\system32\msdtcuiu.dll
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\tsshutdn.exe
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\qappsrv.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\tskill.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\avmeter.dll
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\rwinsta.exe
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\cdmodem.dll
2006-11-29 02:48 15,360 --a------ F:\WINDOWS\system32\logoff.exe
2006-11-29 02:48 147,968 --a------ F:\WINDOWS\system32\rdchost.dll
2006-11-29 02:48 147,456 --a------ F:\WINDOWS\system32\comsnap.dll
2006-11-29 02:48 140,800 --a------ F:\WINDOWS\system32\sessmgr.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tsdiscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\shadow.exe
2006-11-29 02:48 139,528 --a------ F:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-29 02:48 138,752 --a------ F:\WINDOWS\system32\sndvol32.exe
2006-11-29 02:48 131,584 --a------ F:\WINDOWS\system32\sndrec32.exe
2006-11-29 02:48 13,824 --a------ F:\WINDOWS\system32\rdsaddin.exe
2006-11-29 02:48 126,976 --a------ F:\WINDOWS\system32\mshearts.exe
2006-11-29 02:48 124,184 --a------ F:\WINDOWS\system32\wuauclt.exe
2006-11-29 02:48 123,392 --a------ F:\WINDOWS\system32\mplay32.exe
2006-11-29 02:48 12,040 --a------ F:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-29 02:48 119,808 --a------ F:\WINDOWS\system32\winmine.exe
2006-11-29 02:48 117,760 --a------ F:\WINDOWS\system32\calc.exe
2006-11-29 02:48 110,080 --a------ F:\WINDOWS\system32\clbcatex.dll
2006-11-29 02:48 11,776 --a------ F:\WINDOWS\system32\xolehlp.dll
2006-11-29 02:48 11,264 --a------ F:\WINDOWS\system32\icaapi.dll
2006-11-29 02:48 102,912 --a------ F:\WINDOWS\system32\clipbrd.exe
2006-11-29 02:48 1,343,768 --a------ F:\WINDOWS\system32\wuaueng.dll
2006-11-29 02:48 1,267,200 --a------ F:\WINDOWS\system32\comsvcs.dll
2006-11-29 02:48 1,161 --a------ F:\WINDOWS\system32\usrlogon.cmd
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\MsDtc
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\Com
2006-11-29 02:48 <DIR> d-------- F:\Program Files\Windows NT
2006-11-29 02:48 <DIR> d-------- F:\Program Files\MSN Gaming Zone
2006-11-07 21:03 6,049,280 --------- F:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- F:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- F:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- F:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ F:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ F:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"F:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATIPTA"="F:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"VGAUtil"="F:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"SiSUSBRG"="F:\\WINDOWS\\SiSUSBrg.exe"
"Windows Defender"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"LClock"="F:\\Program Files\\LClock\\LClock.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"F:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroFilterCheck"="F:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"F:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^Steve^Start Menu^Programs^Startup^EZ Connect Wireless USB Utility.lnk]
"path"="F:\\Documents and Settings\\Steve\\Start Menu\\Programs\\Startup\\EZ Connect Wireless USB Utility.lnk"
"backup"="F:\\WINDOWS\\pss\\EZ Connect Wireless USB Utility.lnkStartup"
"location"="Startup"
"command"="F:\\PROGRA~1\\SMC\\EZCONN~1\\WLANMO~1.EXE "
"item"="EZ Connect Wireless USB Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Glass2k"
"hkey"="HKLM"
"command"="F:\\Program Files\\Glass2k\\Glass2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-01 18:04:10.76
F:\ComboFix.txt ... 06-12-01 18:04

steviedee · 12-01-2006, 08:04 PM

Rapport

SmitFraudFix v2.126

Scan done at 0:12:34.04, Sat 12/02/2006
Run from F:\Documents and Settings\Steve\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\WINDOWS\system32\ot.ico Deleted
F:\WINDOWS\system32\tpedvf.dll Deleted
F:\DOCUME~1\Steve\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

steviedee · 12-01-2006, 08:05 PM

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:19:31 AM 12/2/2006

+ Scan result:

F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

HJT

Rapport

SmitFraudFix v2.126

Scan done at 0:12:34.04, Sat 12/02/2006
Run from F:\Documents and Settings\Steve\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

F:\WINDOWS\system32\ot.ico Deleted
F:\WINDOWS\system32\tpedvf.dll Deleted
F:\DOCUME~1\Steve\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:19:31 AM 12/2/2006

+ Scan result:

F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined).
F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined).

::Report end

HJT

Logfile of HijackThis v1.99.1
Scan saved at 2:41:13 AM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\LClock\LClock.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Styler\Styler.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\HJT\fredmh.exe.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

Sorry if everything isnt correct, it was quite confusing and time consuming doing all the scans, but once again thanks for all your help.

dorts · 12-02-2006, 12:46 AM

Hello and welcome back to TSF

Try Panda Online Scan again. If it does not work, try Trend Micro Online Scan. Works for Firefox too.

Unhide Files

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Also make sure there is no checkmark beside Hide file extensions for known file types
Click Yes to confirm and then click OK.

Files Deletion

Delete the following Files indicated in RED if they still exist.

F:\WINDOWS\system32\vbywdlfw.exe
F:\WINDOWS\system32\wqqxxqvq.exe
F:\WINDOWS\system32\ gqomqnwa.dll
F:\WINDOWS\system32\ utbcgyb.dll
F:\WINDOWS\system32\ ljjkiii.dll

Boot into safe mode if they resist deletion. Delete the files from there.

ComboFix

1. Run combofix again by clicking on combofix.exe on your desktop.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Logs

Please post the following logs in your next reply...

Online Scan Log
F:\combofix.txt
A New HijackThis Log

How is your system behaving now?

steviedee · 12-02-2006, 02:41 AM

Hey the system is running very well. Thanks for all your time and effort. I also have numerous issues that arnt relating to malware, ill list them here, but there is no obligation to help as uve helped so much already:D

1.USB 2.0 Drivers no being recognized(maybe not installed but have installed service pack 2)

2.Windows does not boot up with 200GB external Hardrive on, but when turned off, boots fine

3.I applied a vista style to my desktop, and every time i reboot, it goes to its default wallpaper of some green leaves, when i want my porsche background!!!
However can go into properties and change manually.

4 C drive has been renamed to F drive...id like it to be C:/

OK ill put the logs in the next post

Thanks

steviedee · 12-02-2006, 02:43 AM

Steve - 06-12-02 21:42:55.15 Service Pack 2
ComboFix 06.11.27W - Running from: "F:\Documents and Settings\Steve\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

F:\QooBox\Purity\Program Files\APPATC~1
F:\QooBox\Purity\Program Files\TSKS~1
F:\QooBox\Purity\Program Files\APPATC~1\A?pPatch

((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))

2006-12-02 21:33 76,560 --a------ F:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-02 21:32 <DIR> d-------- F:\Documents and Settings\Steve\.housecall6.6
2006-12-02 04:50 <DIR> d-------- F:\Program Files\Easy Macro Recorder
2006-12-02 04:46 <DIR> d-------- F:\Program Files\Quick ShutDown
2006-12-02 04:40 <DIR> d-------- F:\Program Files\Remote Master V1.1
2006-12-02 03:45 <DIR> d-------- F:\Program Files\TopDesk
2006-12-02 03:31 <DIR> d-------- F:\WINDOWS\Sun
2006-12-02 03:31 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Sun
2006-12-02 03:28 55,808 --a------ F:\WINDOWS\system32\lfpsd13n.dll
2006-12-02 03:28 159,744 --a------ F:\WINDOWS\system32\lfpng13n.dll
2006-12-02 03:27 69,632 --a------ F:\WINDOWS\system32\lfgif13n.dll
2006-12-02 03:27 57,344 --a------ F:\WINDOWS\system32\lfbmp13n.dll
2006-12-02 03:27 462,848 --a------ F:\WINDOWS\system32\ltkrn13n.dll
2006-12-02 03:27 450,560 --a------ F:\WINDOWS\system32\ltimg13n.dll
2006-12-02 03:27 401,408 --a------ F:\WINDOWS\system32\lfcmp13n.dll
2006-12-02 03:27 299,008 --a------ F:\WINDOWS\system32\ltdis13n.dll
2006-12-02 03:27 206,336 --a------ F:\WINDOWS\system32\ltefx13n.dll
2006-12-02 03:27 163,840 --a------ F:\WINDOWS\system32\ltfil13n.dll
2006-12-02 03:16 <DIR> d--hs---- F:\Config.Msi
2006-12-02 03:12 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Gamers Tower
2006-12-02 00:12 2,426 --a------ F:\WINDOWS\system32\tmp.reg
2006-12-01 21:29 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Adobe
2006-12-01 21:28 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Adobe
2006-12-01 17:16 <DIR> d-------- F:\HJT
2006-12-01 17:14 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Lavasoft
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\WBEM
2006-12-01 15:36 <DIR> d-------- F:\WINDOWS\system32\en-US
2006-12-01 15:34 <DIR> d--h-c--- F:\WINDOWS\ie7
2006-12-01 15:33 121,856 --------- F:\WINDOWS\system32\xmllite.dll
2006-12-01 15:33 <DIR> d-------- F:\WINDOWS\network diagnostic
2006-11-30 23:43 <DIR> d-------- F:\Program Files\Alcohol Soft
2006-11-30 20:19 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Nero
2006-11-30 20:14 <DIR> d-------- F:\Program Files\Common Files\Ahead
2006-11-30 20:14 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Nero
2006-11-30 17:41 <DIR> d-------- F:\Program Files\MSXML 4.0
2006-11-30 17:41 <DIR> d-------- F:\02709546a83f2d51e43489
2006-11-29 23:42 <DIR> d-------- F:\Program Files\Grisoft
2006-11-29 21:45 <DIR> d-------- F:\Program Files\VSAdd-in
2006-11-29 21:45 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\dvdcss
2006-11-29 21:44 <DIR> d-------- F:\Program Files\VideoLAN
2006-11-29 21:44 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\vlc
2006-11-29 21:41 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\DivX
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Microsoft Office
2006-11-29 16:39 <DIR> d-------- F:\Program Files\Common Files\Designer
2006-11-29 16:39 <DIR> d-------- F:\Program Files\AnswerWorks 4.0
2006-11-29 16:37 <DIR> d-------- F:\Program Files\AutoCAD 2007
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Autodesk
2006-11-29 16:37 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Autodesk
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Common Files\Autodesk Shared
2006-11-29 16:35 <DIR> d-------- F:\Program Files\Autodesk
2006-11-29 16:31 720,896 --a------ F:\WINDOWS\system32\RhinoShExt.dll
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Rhinoceros 3.0
2006-11-29 16:31 <DIR> d-------- F:\Program Files\Common Files\McNeel Shared
2006-11-29 16:31 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\McNeel
2006-11-29 16:16 266,360 --a------ F:\WINDOWS\system32\TweakUI.exe
2006-11-29 13:45 57,472 --a------ F:\WINDOWS\system32\drivers\redbook.sys
2006-11-29 13:45 3,072 --a------ F:\WINDOWS\system32\drivers\audstub.sys
2006-11-29 13:45 21,504 --a------ F:\WINDOWS\system32\hidserv.dll
2006-11-29 13:44 74,240 --a------ F:\WINDOWS\system32\usbui.dll
2006-11-29 13:44 32,768 --a------ F:\WINDOWS\system32\drivers\sisnic.sys
2006-11-29 13:43 9,936 --a------ F:\WINDOWS\system\LZEXPAND.DLL
2006-11-29 13:43 9,008 --a------ F:\WINDOWS\system\VER.DLL
2006-11-29 13:43 85,020 --a------ F:\WINDOWS\system32\dgsetup.dll
2006-11-29 13:43 82,944 --a------ F:\WINDOWS\system\OLECLI.DLL
2006-11-29 13:43 8,704 --a------ F:\WINDOWS\system32\batt.dll
2006-11-29 13:43 8,192 -ra------ F:\WINDOWS\system32\kbdhept.dll
2006-11-29 13:43 74,752 --a------ F:\WINDOWS\system32\storprop.dll
2006-11-29 13:43 7,168 -ra------ F:\WINDOWS\system32\kbdcz.dll
2006-11-29 13:43 69,584 --a------ F:\WINDOWS\system\AVICAP.DLL
2006-11-29 13:43 69,120 --a------ F:\WINDOWS\notepad.exe
2006-11-29 13:43 68,768 --a------ F:\WINDOWS\system\mmsystem.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdycl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdsl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdpl.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhu.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdhela3.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz2.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcz1.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\kbdcr.dll
2006-11-29 13:43 6,656 -ra------ F:\WINDOWS\system32\KBDAL.DLL
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuq.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdtuf.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv1.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdlv.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdhela2.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdgkl.dll
2006-11-29 13:43 6,144 -ra------ F:\WINDOWS\system32\kbdest.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdycc.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbduzb.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdur.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdtat.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdru.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdro.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdpl1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdmon.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdlt.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkyr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdkaz.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhu1.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe319.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe220.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdhe.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdbu.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdblr.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdazel.dll
2006-11-29 13:43 5,632 -ra------ F:\WINDOWS\system32\kbdaze.dll
2006-11-29 13:43 5,120 --a------ F:\WINDOWS\system\SHELL.DLL
2006-11-29 13:43 32,816 --a------ F:\WINDOWS\system\COMMDLG.DLL
2006-11-29 13:43 24,661 --a------ F:\WINDOWS\system32\spxcoins.dll
2006-11-29 13:43 24,064 --a------ F:\WINDOWS\system\OLESVR.DLL
2006-11-29 13:43 19,200 --a------ F:\WINDOWS\system\TAPI.DLL
2006-11-29 13:43 176,157 --a------ F:\WINDOWS\system32\dgrpsetu.dll
2006-11-29 13:43 15,360 --a------ F:\WINDOWS\TASKMAN.EXE
2006-11-29 13:43 13,312 --a------ F:\WINDOWS\system32\irclass.dll
2006-11-29 13:43 126,912 --a------ F:\WINDOWS\system\MSVIDEO.DLL
2006-11-29 13:43 11,264 --a------ F:\WINDOWS\system32\drivers\irenum.sys
2006-11-29 13:43 109,456 --a------ F:\WINDOWS\system\AVIFILE.DLL
2006-11-29 13:43 103,424 --a------ F:\WINDOWS\system32\EqnClass.Dll
2006-11-29 13:43 <DIR> dr------- F:\Program Files\Common Files\..
2006-11-29 13:43 <DIR> dr------- F:\Program Files\.
2006-11-29 13:43 <DIR> dr------- F:\Program Files
2006-11-29 13:43 <DIR> d-ahs---- F:\Program Files\..
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\SpeechEngines
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\ODBC
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\Microsoft Shared
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files\.
2006-11-29 13:43 <DIR> d-------- F:\Program Files\Common Files
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data\.
2006-11-29 13:42 <DIR> dr-h----- F:\Documents and Settings\All Users\Application Data
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Start Menu
2006-11-29 13:42 <DIR> dr------- F:\Documents and Settings\All Users\Documents
2006-11-29 13:42 <DIR> d--h----- F:\Documents and Settings\All Users\Templates
2006-11-29 13:42 <DIR> d---s---- F:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot2
2006-11-29 13:42 <DIR> d-------- F:\WINDOWS\system32\CatRoot
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Favorites
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Desktop
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\..
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings\All Users\.
2006-11-29 13:42 <DIR> d-------- F:\Documents and Settings
2006-11-29 13:38 <DIR> dr-hsc--- F:\WINDOWS\system32\dllcache
2006-11-29 13:38 <DIR> dr--s---- F:\WINDOWS\Fonts
2006-11-29 13:38 <DIR> dr------- F:\WINDOWS\Web
2006-11-29 13:38 <DIR> d-ahs---- F:\WINDOWS\..
2006-11-29 13:38 <DIR> d--h----- F:\WINDOWS\inf
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\WinSxS
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\twain_32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Temp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\wbem
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\usmt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\spool
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ShellExt
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\Setup
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ras
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\oobe
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\npp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\inetsrv
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\IME
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\icsxml
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\ias
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\export
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\etc
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\disdn
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\drivers
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\dhcp
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3com_dmi
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\3076
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\2052
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1054
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1042
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1041
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1037
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1033
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1031
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1028
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\1025
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system32
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\..
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\system
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\security
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Resources
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\repair
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\mui
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msapps
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\msagent
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Media
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\java
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\ime
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Help
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Driver Cache
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Debug
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Cursors
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Connection Wizard
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\Config
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\AppPatch
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\addins
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS\.
2006-11-29 13:38 <DIR> d-------- F:\WINDOWS
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iTunes
2006-11-29 12:17 <DIR> d-------- F:\Program Files\iPod
2006-11-29 12:17 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Apple Computer
2006-11-29 12:16 <DIR> d-------- F:\Program Files\QuickTime
2006-11-29 12:15 <DIR> d-------- F:\Program Files\Apple Software Update
2006-11-29 12:15 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Apple Computer
2006-11-29 12:12 <DIR> d-------- F:\Program Files\TrackMania Nations ESWC
2006-11-29 12:06 <DIR> d-------- F:\Program Files\Spybot - Search & Destroy
2006-11-29 12:06 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-29 11:55 413,518 --a------ F:\WINDOWS\system32\vimc.exe
2006-11-29 11:52 <DIR> d-------- F:\WINDOWS\system32\VITrans
2006-11-29 11:48 <DIR> d-------- F:\Program Files\Common Files\Adobe Systems Shared
2006-11-29 11:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Macrovision
2006-11-29 09:47 <DIR> d-------- F:\Program Files\Styler
2006-11-29 09:41 20,480 --a------ F:\WINDOWS\system32\wbload.dll
2006-11-29 09:27 2,560 --a------ F:\WINDOWS\_MSRSTRT.EXE
2006-11-29 09:15 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Styler
2006-11-29 08:59 <DIR> d-------- F:\WINDOWS\system32\VIRepair
2006-11-29 08:12 36,864 --------- F:\WINDOWS\system32\wbsys.dll
2006-11-29 08:12 <DIR> d-------- F:\Program Files\Stardock
2006-11-29 08:02 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Azureus
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Java
2006-11-29 08:01 <DIR> d-------- F:\Program Files\Common Files\Java
2006-11-29 05:57 <DIR> d-------- F:\Program Files\DAEMON Tools
2006-11-29 05:55 82,944 --a------ F:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-29 05:55 639,224 --a------ F:\WINDOWS\system32\drivers\sptd.sys
2006-11-29 05:55 6,400 --a------ F:\WINDOWS\system32\drivers\splitter.sys
2006-11-29 05:55 54,272 --a------ F:\WINDOWS\system32\drivers\swmidi.sys
2006-11-29 05:55 52,864 --a------ F:\WINDOWS\system32\drivers\DMusic.sys
2006-11-29 05:55 2,944 --a------ F:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-29 05:55 172,416 --a------ F:\WINDOWS\system32\drivers\kmixer.sys
2006-11-29 05:55 142,464 --a------ F:\WINDOWS\system32\drivers\aec.sys
2006-11-29 05:54 9,319,936 --a------ F:\WINDOWS\system32\RTLCPL.EXE
2006-11-29 05:54 77,824 --a------ F:\WINDOWS\SOUNDMAN.EXE
2006-11-29 05:54 7,552 --a------ F:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-29 05:54 60,800 --a------ F:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-29 05:54 60,288 --a------ F:\WINDOWS\system32\drivers\drmk.sys
2006-11-29 05:54 5,376 --a------ F:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-29 05:54 40,960 --------- F:\WINDOWS\system32\ChCfg.exe
2006-11-29 05:54 4,992 --a------ F:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-29 05:54 4,096 --a------ F:\WINDOWS\system32\ksuser.dll
2006-11-29 05:54 208,896 --------- F:\WINDOWS\alcupd.exe
2006-11-29 05:54 2,297,664 --a------ F:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-11-29 05:54 156,672 --a------ F:\WINDOWS\system32\RTLCPAPI.dll
2006-11-29 05:54 145,792 --a------ F:\WINDOWS\system32\drivers\portcls.sys
2006-11-29 05:54 139,264 --------- F:\WINDOWS\alcrmv.exe
2006-11-29 05:54 <DIR> d-------- F:\Program Files\Realtek Sound Manager
2006-11-29 05:54 <DIR> d-------- F:\Program Files\AvRack
2006-11-29 05:49 <DIR> d-------- F:\WINDOWS\Downloaded Installations
2006-11-29 05:49 <DIR> d-------- F:\Start Menu
2006-11-29 05:49 <DIR> d-------- F:\Program Files\MTV Networks
2006-11-29 05:46 <DIR> d-------- F:\Program Files\Windows Media Connect 2
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\LogFiles
2006-11-29 05:45 <DIR> d-------- F:\WINDOWS\system32\drivers\UMDF
2006-11-29 05:45 <DIR> d-------- F:\534d006de7e3ce0ea069b4ff
2006-11-29 05:37 <DIR> d-------- F:\Program Files\Azureus
2006-11-29 05:36 20,640 --------- F:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-29 05:36 109,568 --------- F:\WINDOWS\system32\pxinsi64.exe
2006-11-29 05:36 108,544 --------- F:\WINDOWS\system32\pxcpyi64.exe
2006-11-29 05:36 <DIR> d-------- F:\Program Files\DivX
2006-11-29 05:23 <DIR> d--hs---- F:\RECYCLER
2006-11-29 05:22 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Mozilla
2006-11-29 05:19 720,412 --a------ F:\WINDOWS\system32\MGB_ScreenSaver.scr
2006-11-29 05:19 5,214,208 --a------ F:\WINDOWS\system32\vistaui.exe
2006-11-29 05:19 382,976 --a------ F:\WINDOWS\system32\Vista.scr
2006-11-29 05:19 <DIR> d-------- F:\Program Files\LClock
2006-11-29 05:15 81,920 --a------ F:\WINDOWS\system32\closeapp.exe
2006-11-29 05:15 8,636 --a------ F:\WINDOWS\system32\modifype.exe
2006-11-29 05:15 69,632 --a------ F:\WINDOWS\system32\moveex.exe
2006-11-29 05:15 19,968 --a------ F:\WINDOWS\system32\reico.exe
2006-11-29 05:15 111,104 --a------ F:\WINDOWS\system32\Uharc.exe
2006-11-29 05:15 <DIR> d-------- F:\VTPFiles
2006-11-29 05:07 <DIR> d-------- F:\Program Files\Windows Defender
2006-11-29 05:07 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-29 05:04 <DIR> d-------- F:\Documents and Settings\Steve\Contacts
2006-11-29 05:03 23,524 --a------ F:\WINDOWS\system32\drivers\GVTDrv.sys
2006-11-29 05:01 <DIR> d--h----- F:\WINDOWS\$hf_mig$
2006-11-29 05:01 <DIR> d-------- F:\WINDOWS\system32\PreInstall
2006-11-29 05:00 <DIR> d----c--- F:\WINDOWS\system32\DRVSTORE
2006-11-29 05:00 <DIR> d-------- F:\WINDOWS\pss
2006-11-29 05:00 <DIR> d-------- F:\Program Files\MSN Messenger
2006-11-29 05:00 <DIR> d-------- F:\Program Files\Mozilla Firefox
2006-11-29 04:59 18,200 --a------ F:\WINDOWS\system32\wups2.dll
2006-11-29 04:59 <DIR> d-------- F:\WINDOWS\system32\SoftwareDistribution
2006-11-29 04:58 <DIR> d---s---- F:\Documents and Settings\Steve\UserData
2006-11-29 04:58 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Macromedia
2006-11-29 04:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Logitech
2006-11-29 04:55 36,992 -ra------ F:\WINDOWS\system32\drivers\SISAGPX.SYS
2006-11-29 04:55 32,768 --a------ F:\WINDOWS\SIS_LIB.DLL
2006-11-29 04:55 3,583 --a------ F:\WINDOWS\SiSport.sys
2006-11-29 04:55 106,496 --a------ F:\WINDOWS\SiSUSBrg.exe
2006-11-29 04:54 <DIR> d-------- F:\Documents and Settings\Steve\WINDOWS
2006-11-29 04:53 7,296 -r------- F:\WINDOWS\system32\drivers\EIO.sys
2006-11-29 04:52 327,168 --a------ F:\WINDOWS\IsUninst.exe
2006-11-29 04:52 <DIR> d-------- F:\Program Files\GigaByte
2006-11-29 04:50 <DIR> dr--s---- F:\WINDOWS\assembly
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\system32\URTTemp
2006-11-29 04:50 <DIR> d-------- F:\WINDOWS\Microsoft.NET
2006-11-29 04:49 69,632 --a------ F:\WINDOWS\system32\KemXML.dll
2006-11-29 04:49 516,096 --------- F:\WINDOWS\system32\ati2sgag.exe
2006-11-29 04:49 3,712 --a------ F:\WINDOWS\system32\drivers\LBeepKE.sys
2006-11-29 04:49 294,912 -ra------ F:\WINDOWS\system32\atiiiexx.dll
2006-11-29 04:49 155,648 --a------ F:\WINDOWS\system32\kemutb.dll
2006-11-29 04:49 131,072 -ra------ F:\WINDOWS\system32\ATIDEMGR.dll
2006-11-29 04:49 131,072 --a------ F:\WINDOWS\system32\KemUtil.dll
2006-11-29 04:49 110,592 --a------ F:\WINDOWS\system32\KemWnd.dll
2006-11-29 04:48 94,208 --a------ F:\WINDOWS\KHALMNPR.Exe
2006-11-29 04:48 71,936 --a------ F:\WINDOWS\system32\drivers\LMouKE.Sys
2006-11-29 04:48 55,936 --a------ F:\WINDOWS\system32\drivers\L8042mou.Sys
2006-11-29 04:48 13,568 --a------ F:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\Common Files\Logitech
2006-11-29 04:48 <DIR> d-------- F:\Program Files\ATI Technologies
2006-11-29 04:47 23,040 -ra------ F:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\SoftwareDistribution
2006-11-29 04:45 <DIR> d-------- F:\WINDOWS\Prefetch
2006-11-29 04:39 95,424 --------- F:\WINDOWS\system32\drivers\slnthal.sys
2006-11-29 04:39 9,216 --------- F:\WINDOWS\system32\proxycfg.exe
2006-11-29 04:39 88,064 --------- F:\WINDOWS\system32\p2pnetsh.dll
2006-11-29 04:39 870,784 --------- F:\WINDOWS\system32\ati3d1ag.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\p2pgasvc.dll
2006-11-29 04:39 86,016 --------- F:\WINDOWS\system32\mdmxsdk.dll
2006-11-29 04:39 81,408 --------- F:\WINDOWS\system32\wscsvc.dll
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\smbinst.exe
2006-11-29 04:39 8,192 --------- F:\WINDOWS\system32\bitsprx2.dll
2006-11-29 04:39 78,464 --------- F:\WINDOWS\system32\drivers\usbvideo.sys
2006-11-29 04:39 78,336 --a------ F:\WINDOWS\system32\ieencode.dll
2006-11-29 04:39 75,776 --------- F:\WINDOWS\system32\strmfilt.dll
2006-11-29 04:39 746,496 --a------ F:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-29 04:39 73,832 --------- F:\WINDOWS\system32\slcoinst.dll
2006-11-29 04:39 73,796 --------- F:\WINDOWS\system32\slserv.exe
2006-11-29 04:39 73,216 --------- F:\WINDOWS\system32\drivers\atintuxx.sys
2006-11-29 04:39 71,680 --------- F:\WINDOWS\system32\blastcln.exe
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsno.dll
2006-11-29 04:39 7,680 --------- F:\WINDOWS\system32\kbdsmsfi.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdukx.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdno1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\kbdfi1.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\hccoin.dll
2006-11-29 04:39 7,168 --------- F:\WINDOWS\system32\bitsprx3.dll
2006-11-29 04:39 685,056 --------- F:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-11-29 04:39 67,584 --------- F:\WINDOWS\system32\drivers\sdbus.sys
2006-11-29 04:39 63,663 --------- F:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-11-29 04:39 63,488 --------- F:\WINDOWS\system32\drivers\atinxsxx.sys
2006-11-29 04:39 603,648 --------- F:\WINDOWS\system32\WMSPDMOD.dll
2006-11-29 04:39 60,416 --------- F:\WINDOWS\system32\fwcfg.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinmal.dll
2006-11-29 04:39 6,656 --------- F:\WINDOWS\system32\kbdinben.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt48.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdmlt47.dll
2006-11-29 04:39 6,144 --------- F:\WINDOWS\system32\kbdinbe1.dll
2006-11-29 04:39 6,016 --------- F:\WINDOWS\system32\drivers\smbali.sys
2006-11-29 04:39 59,648 --------- F:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-29 04:39 59,392 --------- F:\WINDOWS\system32\logman.exe
2006-11-29 04:39 57,856 --------- F:\WINDOWS\system32\drivers\atinbtxx.sys
2006-11-29 04:39 56,623 --------- F:\WINDOWS\system32\drivers\ati1btxx.sys
2006-11-29 04:39 537,088 --------- F:\WINDOWS\system32\msftedit.dll
2006-11-29 04:39 526,848 --------- F:\WINDOWS\system32\p2psvc.dll
2006-11-29 04:39 52,224 --------- F:\WINDOWS\system32\drivers\atinraxx.sys
2006-11-29 04:39 518,240 --a------ F:\WINDOWS\system32\ativvaxx.dll
2006-11-29 04:39 50,688 --------- F:\WINDOWS\system32\btpanui.dll
2006-11-29 04:39 50,176 --------- F:\WINDOWS\system32\xmlprovi.dll
2006-11-29 04:39 5,632 --------- F:\WINDOWS\system32\kbdmaori.dll
2006-11-29 04:39 49,152 --------- F:\WINDOWS\system32\powercfg.exe
2006-11-29 04:39 48,640 --------- F:\WINDOWS\system32\pnrpnsp.dll
2006-11-29 04:39 465,176 --a------ F:\WINDOWS\system32\wuapi.dll
2006-11-29 04:39 46,464 --------- F:\WINDOWS\system32\drivers\gagp30kx.sys
2006-11-29 04:39 452,736 --------- F:\WINDOWS\system32\drivers\mtxparhm.sys
2006-11-29 04:39 44,928 --------- F:\WINDOWS\system32\drivers\agpcpq.sys
2006-11-29 04:39 44,672 --------- F:\WINDOWS\system32\drivers\uagp35.sys
2006-11-29 04:39 44,032 --------- F:\WINDOWS\system32\twext.dll
2006-11-29 04:39 438,784 --------- F:\WINDOWS\system32\xpob2res.dll
2006-11-29 04:39 43,008 --------- F:\WINDOWS\system32\drivers\amdagp.sys
2006-11-29 04:39 42,752 --------- F:\WINDOWS\system32\drivers\alim1541.sys
2006-11-29 04:39 42,368 --------- F:\WINDOWS\system32\drivers\agp440.sys
2006-11-29 04:39 42,240 --------- F:\WINDOWS\system32\drivers\viaagp.sys
2006-11-29 04:39 41,240 --a------ F:\WINDOWS\system32\wups.dll
2006-11-29 04:39 41,088 --------- F:\WINDOWS\system32\drivers\sisagp.sys
2006-11-29 04:39 404,990 --------- F:\WINDOWS\system32\drivers\slntamr.sys
2006-11-29 04:39 4,274,816 --------- F:\WINDOWS\system32\nv4_disp.dll
2006-11-29 04:39 4,255 --------- F:\WINDOWS\system32\drivers\adv01nt5.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmvdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\wmsdmoe2.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP4SDMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\MP43DMOD.dll
2006-11-29 04:39 4,096 --------- F:\WINDOWS\system32\dsprpres.dll
2006-11-29 04:39 397,056 --------- F:\WINDOWS\system32\s3gnb.dll
2006-11-29 04:39 38,016 --------- F:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-29 04:39 377,984 --------- F:\WINDOWS\system32\ati2dvaa.dll
2006-11-29 04:39 37,376 --------- F:\WINDOWS\system32\drivers\amdk7.sys
2006-11-29 04:39 36,463 --------- F:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-11-29 04:39 36,096 --------- F:\WINDOWS\system32\drivers\intelppm.sys
2006-11-29 04:39 351,232 --------- F:\WINDOWS\system32\winhttp.dll
2006-11-29 04:39 35,456 --------- F:\WINDOWS\system32\drivers\bthprint.sys
2006-11-29 04:39 34,735 --------- F:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-11-29 04:39 327,040 --------- F:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-11-29 04:39 32,866 --------- F:\WINDOWS\system32\slrundll.exe
2006-11-29 04:39 32,866 --------- F:\WINDOWS\slrundll.exe
2006-11-29 04:39 32,768 --------- F:\WINDOWS\system32\ativtmxx.dll
2006-11-29 04:39 32,285 --------- F:\WINDOWS\system32\hsfcisp2.dll
2006-11-29 04:39 314,880 --------- F:\WINDOWS\system32\wmpdxm.dll
2006-11-29 04:39 312,320 --------- F:\WINDOWS\system32\p2pgraph.dll
2006-11-29 04:39 31,744 --------- F:\WINDOWS\system32\drivers\atinxbxx.sys
2006-11-29 04:39 30,671 --------- F:\WINDOWS\system32\drivers\ati1raxx.sys
2006-11-29 04:39 30,208 --------- F:\WINDOWS\system32\bthserv.dll
2006-11-29 04:39 30,080 --------- F:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-29 04:39 3,967 --------- F:\WINDOWS\system32\drivers\adv02nt5.dll
2006-11-29 04:39 3,901 --------- F:\WINDOWS\system32\drivers\siint5.dll
2006-11-29 04:39 3,775 --------- F:\WINDOWS\system32\drivers\adv11nt5.dll
2006-11-29 04:39 3,711 --------- F:\WINDOWS\system32\drivers\adv09nt5.dll
2006-11-29 04:39 3,647 --------- F:\WINDOWS\system32\drivers\adv07nt5.dll
2006-11-29 04:39 3,615 --------- F:\WINDOWS\system32\drivers\adv05nt5.dll
2006-11-29 04:39 3,135 --------- F:\WINDOWS\system32\drivers\adv08nt5.dll
2006-11-29 04:39 29,455 --------- F:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-11-29 04:39 29,184 --------- F:\WINDOWS\system32\sdhcinst.dll
2006-11-29 04:39 29,056 --------- F:\WINDOWS\system32\drivers\ip6fw.sys
2006-11-29 04:39 286,792 --------- F:\WINDOWS\system32\slextspk.dll
2006-11-29 04:39 28,672 --------- F:\WINDOWS\system32\drivers\atinsnxx.sys
2006-11-29 04:39 274,304 --------- F:\WINDOWS\system32\drivers\bthport.sys
2006-11-29 04:39 270,848 --------- F:\WINDOWS\system32\sbe.dll
2006-11-29 04:39 27,136 --------- F:\WINDOWS\system32\mspmsnsv.dll
2006-11-29 04:39 262,784 --------- F:\WINDOWS\system32\drivers\http.sys
2006-11-29 04:39 26,624 --------- F:\WINDOWS\system32\drivers\usbehci.sys
2006-11-29 04:39 26,367 --------- F:\WINDOWS\system32\drivers\ati1snxx.sys
2006-11-29 04:39 25,600 --------- F:\WINDOWS\system32\drivers\hidbth.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\watv10nt.sys
2006-11-29 04:39 25,471 --------- F:\WINDOWS\system32\drivers\atv04nt5.dll
2006-11-29 04:39 242,688 --------- F:\WINDOWS\system32\wmpasf.dll
2006-11-29 04:39 24,576 --------- F:\WINDOWS\system32\httpapi.dll
2006-11-29 04:39 23,040 --a------ F:\WINDOWS\system32\fltmc.exe
2006-11-29 04:39 229,376 --a------ F:\WINDOWS\system32\ati2cqag.dll
2006-11-29 04:39 227,328 --------- F:\WINDOWS\system32\wmerror.dll
2006-11-29 04:39 220,032 --------- F:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-11-29 04:39 22,271 --------- F:\WINDOWS\system32\drivers\watv06nt.sys
2006-11-29 04:39 21,343 --------- F:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-11-29 04:39 21,183 --------- F:\WINDOWS\system32\drivers\atv01nt5.dll
2006-11-29 04:39 207,360 --a------ F:\WINDOWS\system32\ati2dvag.dll
2006-11-29 04:39 20,992 --------- F:\WINDOWS\system32\bthci.dll
2006-11-29 04:39 20,480 --------- F:\WINDOWS\system32\encapi.dll
2006-11-29 04:39 2,155,680 --a------ F:\WINDOWS\system32\ati3duag.dll
2006-11-29 04:39 2,113,536 --------- F:\WINDOWS\system32\dxdiagn.dll
2006-11-29 04:39 194,328 --a------ F:\WINDOWS\system32\wuaueng1.dll
2006-11-29 04:39 193,024 --------- F:\WINDOWS\system32\fsquirt.exe
2006-11-29 04:39 188,508 --------- F:\WINDOWS\system32\slgen.dll
2006-11-29 04:39 187,392 --------- F:\WINDOWS\system32\xpsp1res.dll
2006-11-29 04:39 186,368 --------- F:\WINDOWS\system32\encdec.dll
2006-11-29 04:39 180,360 --------- F:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-29 04:39 18,944 --------- F:\WINDOWS\system32\drivers\bthusb.sys
2006-11-29 04:39 173,536 --a------ F:\WINDOWS\system32\wuweb.dll
2006-11-29 04:39 172,312 --a------ F:\WINDOWS\system32\wuauclt1.exe
2006-11-29 04:39 17,408 --------- F:\WINDOWS\system32\winshfhc.dll
2006-11-29 04:39 17,279 --------- F:\WINDOWS\system32\drivers\atv10nt5.dll
2006-11-29 04:39 17,024 --------- F:\WINDOWS\system32\drivers\bthenum.sys
2006-11-29 04:39 166,912 --------- F:\WINDOWS\system32\drivers\s3gnbm.sys
2006-11-29 04:39 16,896 --a------ F:\WINDOWS\system32\fltlib.dll
2006-11-29 04:39 159,232 --------- F:\WINDOWS\system32\sbeio.dll
2006-11-29 04:39 157,184 --------- F:\WINDOWS\system32\wmidx.dll
2006-11-29 04:39 15,872 --------- F:\WINDOWS\system32\w3ssl.dll
2006-11-29 04:39 15,488 --------- F:\WINDOWS\system32\drivers\mssmbios.sys
2006-11-29 04:39 15,423 --------- F:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-11-29 04:39 15,104 --------- F:\WINDOWS\system32\drivers\hidir.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\drivers\atinpdxx.sys
2006-11-29 04:39 14,336 --------- F:\WINDOWS\system32\auditusr.exe
2006-11-29 04:39 14,143 --------- F:\WINDOWS\system32\drivers\atv06nt5.dll
2006-11-29 04:39 134,656 --------- F:\WINDOWS\system32\mssap.dll
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\wscntfy.exe
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinttxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\drivers\atinmdxx.sys
2006-11-29 04:39 13,824 --------- F:\WINDOWS\system32\cmsetacl.dll
2006-11-29 04:39 13,776 --------- F:\WINDOWS\system32\drivers\recagent.sys
2006-11-29 04:39 13,568 --------- F:\WINDOWS\system32\drivers\wacompen.sys
2006-11-29 04:39 13,240 --------- F:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-29 04:39 129,536 --------- F:\WINDOWS\system32\xmlprov.dll
2006-11-29 04:39 129,535 --------- F:\WINDOWS\system32\drivers\slnt7554.sys
2006-11-29 04:39 128,896 --------- F:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-29 04:39 127,256 --a------ F:\WINDOWS\system32\wucltui.dll
2006-11-29 04:39 126,686 --------- F:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-29 04:39 12,672 --------- F:\WINDOWS\system32\drivers\mutohpen.sys
2006-11-29 04:39 12,416 --------- F:\WINDOWS\system32\drivers\tunmp.sys
2006-11-29 04:39 12,047 --------- F:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-11-29 04:39 118,784 --------- F:\WINDOWS\system32\msdadiag.dll
2006-11-29 04:39 116,224 --------- F:\WINDOWS\system32\p2p.dll
2006-11-29 04:39 11,935 --------- F:\WINDOWS\system32\drivers\wadv11nt.sys
2006-11-29 04:39 11,871 --------- F:\WINDOWS\system32\drivers\wadv09nt.sys
2006-11-29 04:39 11,868 --------- F:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-29 04:39 11,807 --------- F:\WINDOWS\system32\drivers\wadv07nt.sys
2006-11-29 04:39 11,615 --------- F:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-11-29 04:39 11,359 --------- F:\WINDOWS\system32\drivers\atv02nt5.dll
2006-11-29 04:39 11,325 --------- F:\WINDOWS\system32\drivers\vchnt5.dll
2006-11-29 04:39 11,295 --------- F:\WINDOWS\system32\drivers\wadv08nt.sys
2006-11-29 04:39 11,136 --------- F:\WINDOWS\system32\drivers\sffdisk.sys
2006-11-29 04:39 108,032 --------- F:\WINDOWS\system32\wshbth.dll
2006-11-29 04:39 104,960 --------- F:\WINDOWS\system32\drivers\atinrvxx.sys
2006-11-29 04:39 100,992 --------- F:\WINDOWS\system32\drivers\bthpan.sys
2006-11-29 04:39 10,240 --------- F:\WINDOWS\system32\drivers\sffp_sd.sys
2006-11-29 04:39 1,897,408 --------- F:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-29 04:39 1,737,856 --------- F:\WINDOWS\system32\mtxparhd.dll
2006-11-29 04:39 1,689,088 --------- F:\WINDOWS\system32\d3d9.dll
2006-11-29 04:39 1,329,152 --------- F:\WINDOWS\system32\WMSPDMOE.dll
2006-11-29 04:39 1,309,184 --------- F:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-29 04:39 1,088,000 --a------ F:\WINDOWS\system32\winbrand.dll
2006-11-29 04:39 1,041,536 --------- F:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\provisioning
2006-11-29 04:39 <DIR> d-------- F:\WINDOWS\peernet
2006-11-29 04:37 <DIR> d-------- F:\WINDOWS\ServicePackFiles
2006-11-29 04:35 3,385,856 --a------ F:\WINDOWS\system32\xpsp2res.dll
2006-11-29 04:35 <DIR> d-------- F:\WINDOWS\system32\ReinstallBackups
2006-11-29 04:34 23,856 --a------ F:\WINDOWS\system32\spupdsvc.exe
2006-11-29 04:33 <DIR> d-------- F:\WINDOWS\EHome
2006-11-29 04:30 <DIR> d---s---- F:\WINDOWS\system32\Microsoft
2006-11-29 04:29 <DIR> d--h----- F:\Program Files\InstallShield Installation Information
2006-11-29 04:28 <DIR> d-------- F:\Program Files\SMC
2006-11-29 04:28 <DIR> d-------- F:\Program Files\Common Files\InstallShield
2006-11-29 04:26 <DIR> d-------- F:\Program Files\WinRAR
2006-11-29 04:22 26,496 --a------ F:\WINDOWS\system32\drivers\usbstor.sys
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\SendTo
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Recent
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data\.
2006-11-29 02:56 <DIR> dr-h----- F:\Documents and Settings\Steve\Application Data
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Start Menu
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\My Documents
2006-11-29 02:56 <DIR> dr------- F:\Documents and Settings\Steve\Favorites
2006-11-29 02:56 <DIR> d--hs---- F:\WINDOWS\Installer
2006-11-29 02:56 <DIR> d--hs---- F:\Documents and Settings\Steve\Cookies
2006-11-29 02:56 <DIR> d--h----- F:\Program Files\Uninstall Information
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Templates
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\PrintHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\NetHood
2006-11-29 02:56 <DIR> d--h----- F:\Documents and Settings\Steve\Local Settings
2006-11-29 02:56 <DIR> d---s---- F:\Documents and Settings\Steve\Application Data\Microsoft
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Desktop
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\Identities
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\Application Data\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\..
2006-11-29 02:56 <DIR> d-------- F:\Documents and Settings\Steve\.
2006-11-29 02:55 <DIR> d--hs---- F:\System Volume Information
2006-11-29 02:52 112,128 --a------ F:\WINDOWS\system32\mapi32.dll
2006-11-29 02:52 <DIR> d-------- F:\WINDOWS\system32\xircom
2006-11-29 02:52 <DIR> d-------- F:\Program Files\xerox
2006-11-29 02:52 <DIR> d-------- F:\Program Files\microsoft frontpage
2006-11-29 02:51 <DIR> dr------- F:\WINDOWS\Offline Web Pages
2006-11-29 02:51 <DIR> d--hs---- F:\Documents and Settings\All Users\DRM
2006-11-29 02:51 <DIR> d---s---- F:\WINDOWS\Downloaded Program Files
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\Macromed
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\system32\DirectX
2006-11-29 02:51 <DIR> d-------- F:\WINDOWS\srchasst
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\isign32.dll
2006-11-29 02:50 81,920 --a------ F:\WINDOWS\system32\ils.dll
2006-11-29 02:50 73,728 --a------ F:\WINDOWS\system32\icwdial.dll
2006-11-29 02:50 73,472 --a------ F:\WINDOWS\system32\drivers\sr.sys
2006-11-29 02:50 69,632 --a------ F:\WINDOWS\system32\msconf.dll
2006-11-29 02:50 679,424 --a------ F:\WINDOWS\system32\inetcomm.dll
2006-11-29 02:50 67,584 --a------ F:\WINDOWS\system32\srclient.dll
2006-11-29 02:50 65,536 --a------ F:\WINDOWS\system32\icwphbk.dll
2006-11-29 02:50 64,512 --a------ F:\WINDOWS\system32\acctres.dll
2006-11-29 02:50 48,128 --a------ F:\WINDOWS\system32\inetres.dll
2006-11-29 02:50 45,568 --a------ F:\WINDOWS\system32\safrslv.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\safrcdlg.dll
2006-11-29 02:50 43,520 --a------ F:\WINDOWS\system32\racpldlg.dll
2006-11-29 02:50 382,464 --a------ F:\WINDOWS\system32\qmgr.dll
2006-11-29 02:50 34,560 --a------ F:\WINDOWS\system32\mnmdd.dll
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\mnmsrvc.exe
2006-11-29 02:50 32,768 --a------ F:\WINDOWS\system32\isrdbg32.dll
2006-11-29 02:50 29,696 --a------ F:\WINDOWS\system32\safrdm.dll
2006-11-29 02:50 28,672 --a------ F:\WINDOWS\system32\nmmkcert.dll
2006-11-29 02:50 274,944 --a------ F:\WINDOWS\system32\mstask.dll
2006-11-29 02:50 274,432 --a------ F:\WINDOWS\system32\inetcfg.dll
2006-11-29 02:50 252,928 --a------ F:\WINDOWS\system32\msoeacct.dll
2006-11-29 02:50 239,104 --a------ F:\WINDOWS\system32\srrstr.dll
2006-11-29 02:50 190,976 --a------ F:\WINDOWS\system32\schedsvc.dll
2006-11-29 02:50 18,944 --a------ F:\WINDOWS\system32\qmgrprxy.dll
2006-11-29 02:50 170,496 --a------ F:\WINDOWS\system32\srsvc.dll
2006-11-29 02:50 16,384 --a------ F:\WINDOWS\system32\icfgnt5.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\nmevtmsg.dll
2006-11-29 02:50 12,288 --a------ F:\WINDOWS\system32\mstinit.exe
2006-11-29 02:50 11,264 --a------ F:\WINDOWS\system32\atrace.dll
2006-11-29 02:50 105,984 --a------ F:\WINDOWS\system32\msoert2.dll
2006-11-29 02:50 <DIR> d---s---- F:\WINDOWS\Tasks
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\system32\Restore
2006-11-29 02:50 <DIR> d-------- F:\WINDOWS\PCHEALTH
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Windows Media Player
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Outlook Express
2006-11-29 02:50 <DIR> d-------- F:\Program Files\NetMeeting
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Movie Maker
2006-11-29 02:50 <DIR> d-------- F:\Program Files\Common Files\Services
2006-11-29 02:49 <DIR> d--h----- F:\Program Files\WindowsUpdate
2006-11-29 02:49 <DIR> d-------- F:\WINDOWS\Registration
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Online Services
2006-11-29 02:49 <DIR> d-------- F:\Program Files\MSN
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Messenger
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Internet Explorer
2006-11-29 02:49 <DIR> d-------- F:\Program Files\ComPlus Applications
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\System
2006-11-29 02:49 <DIR> d-------- F:\Program Files\Common Files\MSSoap
2006-11-29 02:48 97,792 --a------ F:\WINDOWS\system32\comrepl.dll
2006-11-29 02:48 956,416 --a------ F:\WINDOWS\system32\msdtctm.dll
2006-11-29 02:48 93,696 --a------ F:\WINDOWS\system32\tscfgwmi.dll
2006-11-29 02:48 91,136 --a------ F:\WINDOWS\system32\mtxoci.dll
2006-11-29 02:48 9,728 --a------ F:\WINDOWS\system32\reset.exe
2006-11-29 02:48 87,176 --a------ F:\WINDOWS\system32\rdpwsx.dll
2006-11-29 02:48 85,504 --a------ F:\WINDOWS\system32\catsrvps.dll
2006-11-29 02:48 83,456 --a------ F:\WINDOWS\system32\charmap.exe
2006-11-29 02:48 73,216 --a------ F:\WINDOWS\system32\avwav.dll
2006-11-29 02:48 67,072 --a------ F:\WINDOWS\system32\rdshost.exe
2006-11-29 02:48 655,360 --a------ F:\WINDOWS\system32\mstscax.dll
2006-11-29 02:48 625,152 --a------ F:\WINDOWS\system32\catsrvut.dll
2006-11-29 02:48 62,464 --a------ F:\WINDOWS\system32\rdpclip.exe
2006-11-29 02:48 605,696 --a------ F:\WINDOWS\system32\getuname.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\remotepg.dll
2006-11-29 02:48 60,416 --a------ F:\WINDOWS\system32\colbact.dll
2006-11-29 02:48 6,656 --a------ F:\WINDOWS\system32\wuauserv.dll
2006-11-29 02:48 6,144 --a------ F:\WINDOWS\system32\msdtc.exe
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\msdtclog.dll
2006-11-29 02:48 58,880 --a------ F:\WINDOWS\system32\licwmi.dll
2006-11-29 02:48 56,832 --a------ F:\WINDOWS\system32\sol.exe
2006-11-29 02:48 56,320 --a------ F:\WINDOWS\system32\servdeps.dll
2006-11-29 02:48 55,296 --a------ F:\WINDOWS\system32\freecell.exe
2006-11-29 02:48 540,160 --a------ F:\WINDOWS\system32\comuid.dll
2006-11-29 02:48 54,272 --a------ F:\WINDOWS\system32\stclient.dll
2006-11-29 02:48 538,624 --a------ F:\WINDOWS\system32\spider.exe
2006-11-29 02:48 5,632 --a------ F:\WINDOWS\system32\write.exe
2006-11-29 02:48 5,120 --a------ F:\WINDOWS\system32\dcomcnfg.exe
2006-11-29 02:48 498,688 --a------ F:\WINDOWS\system32\clbcatq.dll
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\tscupgrd.exe
2006-11-29 02:48 44,544 --a------ F:\WINDOWS\system32\hticons.dll
2006-11-29 02:48 426,496 --a------ F:\WINDOWS\system32\msdtcprx.dll
2006-11-29 02:48 407,552 --a------ F:\WINDOWS\system32\mstsc.exe
2006-11-29 02:48 40,840 --a------ F:\WINDOWS\system32\drivers\termdd.sys
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\rdpcfgex.dll
2006-11-29 02:48 4,096 --a------ F:\WINDOWS\system32\mtxex.dll
2006-11-29 02:48 38,912 --a------ F:\WINDOWS\system32\cfgbkend.dll
2006-11-29 02:48 360,960 --a------ F:\WINDOWS\system32\mspaint.exe
2006-11-29 02:48 35,328 --a------ F:\WINDOWS\system32\winchat.exe
2006-11-29 02:48 347,136 --a------ F:\WINDOWS\system32\hypertrm.dll
2006-11-29 02:48 33,792 --a------ F:\WINDOWS\system32\regini.exe
2006-11-29 02:48 295,424 --a------ F:\WINDOWS\system32\termsrv.dll
2006-11-29 02:48 25,600 --a------ F:\WINDOWS\system32\comaddin.dll
2006-11-29 02:48 25,088 --a------ F:\WINDOWS\system32\mtxlegih.dll
2006-11-29 02:48 227,840 --a------ F:\WINDOWS\system32\avtapi.dll
2006-11-29 02:48 225,792 --a------ F:\WINDOWS\system32\catsrv.dll
2006-11-29 02:48 22,016 --a------ F:\WINDOWS\system32\qwinsta.exe
2006-11-29 02:48 21,896 --a------ F:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-29 02:48 20,992 --a------ F:\WINDOWS\system32\msg.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\qprocess.exe
2006-11-29 02:48 20,480 --a------ F:\WINDOWS\system32\mtxdm.dll
2006-11-29 02:48 196,864 --a------ F:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-29 02:48 19,968 --a------ F:\WINDOWS\system32\rdpsnd.dll
2006-11-29 02:48 185,344 --a------ F:\WINDOWS\system32\cmprops.dll
2006-11-29 02:48 183,808 --a------ F:\WINDOWS\system32\accwiz.exe
2006-11-29 02:48 17,408 --a------ F:\WINDOWS\system32\mmfutil.dll
2006-11-29 02:48 161,280 --a------ F:\WINDOWS\system32\msdtcuiu.dll
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\tsshutdn.exe
2006-11-29 02:48 16,896 --a------ F:\WINDOWS\system32\qappsrv.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\tskill.exe
2006-11-29 02:48 16,384 --a------ F:\WINDOWS\system32\avmeter.dll
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\rwinsta.exe
2006-11-29 02:48 15,872 --a------ F:\WINDOWS\system32\cdmodem.dll
2006-11-29 02:48 15,360 --a------ F:\WINDOWS\system32\logoff.exe
2006-11-29 02:48 147,968 --a------ F:\WINDOWS\system32\rdchost.dll
2006-11-29 02:48 147,456 --a------ F:\WINDOWS\system32\comsnap.dll
2006-11-29 02:48 140,800 --a------ F:\WINDOWS\system32\sessmgr.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tsdiscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\tscon.exe
2006-11-29 02:48 14,848 --a------ F:\WINDOWS\system32\shadow.exe
2006-11-29 02:48 139,528 --a------ F:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-29 02:48 138,752 --a------ F:\WINDOWS\system32\sndvol32.exe
2006-11-29 02:48 131,584 --a------ F:\WINDOWS\system32\sndrec32.exe
2006-11-29 02:48 13,824 --a------ F:\WINDOWS\system32\rdsaddin.exe
2006-11-29 02:48 126,976 --a------ F:\WINDOWS\system32\mshearts.exe
2006-11-29 02:48 124,184 --a------ F:\WINDOWS\system32\wuauclt.exe
2006-11-29 02:48 123,392 --a------ F:\WINDOWS\system32\mplay32.exe
2006-11-29 02:48 12,040 --a------ F:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-29 02:48 119,808 --a------ F:\WINDOWS\system32\winmine.exe
2006-11-29 02:48 117,760 --a------ F:\WINDOWS\system32\calc.exe
2006-11-29 02:48 110,080 --a------ F:\WINDOWS\system32\clbcatex.dll
2006-11-29 02:48 11,776 --a------ F:\WINDOWS\system32\xolehlp.dll
2006-11-29 02:48 11,264 --a------ F:\WINDOWS\system32\icaapi.dll
2006-11-29 02:48 102,912 --a------ F:\WINDOWS\system32\clipbrd.exe
2006-11-29 02:48 1,343,768 --a------ F:\WINDOWS\system32\wuaueng.dll
2006-11-29 02:48 1,267,200 --a------ F:\WINDOWS\system32\comsvcs.dll
2006-11-29 02:48 1,161 --a------ F:\WINDOWS\system32\usrlogon.cmd
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\MsDtc
2006-11-29 02:48 <DIR> d-------- F:\WINDOWS\system32\Com
2006-11-29 02:48 <DIR> d-------- F:\Program Files\Windows NT
2006-11-29 02:48 <DIR> d-------- F:\Program Files\MSN Gaming Zone
2006-11-07 21:03 6,049,280 --------- F:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- F:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- F:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- F:\WINDOWS\system32\ieui.dll
2006-11-07 03:26 13,312 --a------ F:\WINDOWS\system32\ieudinit.exe
2006-11-04 14:14 1,245,696 --a------ F:\WINDOWS\system32\msxml4.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"F:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"F:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"ctfmon.exe"="F:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATIPTA"="F:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"VGAUtil"="F:\\Program Files\\GigaByte\\VGA Utility Manager\\G-VGA.exe"
"SiSUSBRG"="F:\\WINDOWS\\SiSUSBrg.exe"
"Windows Defender"="\"F:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"LClock"="F:\\Program Files\\LClock\\LClock.exe"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"F:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"TopDesk"="F:\\Program Files\\TopDesk\\topdesk.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"path"="F:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoCAD Startup Accelerator.lnk"
"backup"="F:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="F:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^Steve^Start Menu^Programs^Startup^EZ Connect Wireless USB Utility.lnk]
"path"="F:\\Documents and Settings\\Steve\\Start Menu\\Programs\\Startup\\EZ Connect Wireless USB Utility.lnk"
"backup"="F:\\WINDOWS\\pss\\EZ Connect Wireless USB Utility.lnkStartup"
"location"="Startup"
"command"="F:\\PROGRA~1\\SMC\\EZCONN~1\\WLANMO~1.EXE "
"item"="EZ Connect Wireless USB Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Glass2k]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Glass2k"
"hkey"="HKLM"
"command"="F:\\Program Files\\Glass2k\\Glass2k.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="F:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"F:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_3DWonder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_3DWonder"
"hkey"="HKCU"
"command"="\\_3DWonder.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061202-001116-457
R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)
backup-20061202-001116-289
O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing)

Contents of the 'Scheduled Tasks' folder
F:\WINDOWS\tasks\AppleSoftwareUpdate.job
F:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-02 21:43:39.06
F:\ComboFix.txt ... 06-12-02 21:43

steviedee · 12-02-2006, 02:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:44:10 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
F:\Program Files\TopDesk\topdesk.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Remote Master V1.1\RemoteMaster.exe
F:\Program Files\Styler\Styler.exe
F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\WINDOWS\system32\svchost.exe
F:\Program Files\LClock\lclock.exe
F:\HJT\fredmh.exe.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TopDesk] F:\Program Files\TopDesk\topdesk.exe
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Remote Master.lnk = F:\Program Files\Remote Master V1.1\RemoteMaster.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

steviedee · 12-02-2006, 02:44 AM

trend micro will take an hour...

steviedee · 12-02-2006, 07:56 PM

my internet is too shoddy to do trend mircro or panda, it keeps on cutting out an stuff, so we may have to skip this log

11-29-2006, 10:51 PM	#1 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Slower PC HJT Log Hi, i think i have spyware from a serials site..opened a exe file and now my computers runnin slower, i was dumb. Anyway heres my log: Logfile of HijackThis v1.99.1 Scan saved at 5:50:30 PM, on 11/30/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\issearch.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\LClock\LClock.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE F:\Program Files\Styler\Styler.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\msiexec.exe \?\F:\WINDOWS\system32\WBEM\WMIADAP.EXE F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe F:\WINDOWS\system32\wuauclt.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Steve\Desktop\HijackThis.exe R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Styler.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe thanks.

11-30-2006, 07:06 PM	#2 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and Welcome to TSF Rename HijackThis I need you to rename HijackThis as malware may be hiding some entries. Do the following to rename HijackThis: Rename HijackThis.exe to fredmh.exe. Navigate to C:\hjt\HijackThis.exe (or wherever you saved HijackThis) Right click on HijackThis.exe Select 'Rename' Type in fredmh.exe Press Enter. Please run a scan with the newly renamed fredmh.exe and save the log. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-30-2006, 10:06 PM	#4 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hi and welcome back to TSF. My name is Keneth and I would be helping you clean up your computer. I am currently reviewing your log and will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-30-2006, 10:23 PM	#7 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome to TSF Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. As long as HijackThis is in a permanent folder, it is fine. Windows Defender Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries. You can re-enable it after you're clean. To disable Real-Time Protection: Go to "Tools" \| "General Settings" Scroll down to "Real-time protection options" Uncheck "Turn on real-time protection (recommended)" Remember to reactivate this feature when we have finished all our work. Downloads and others Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. DO NOT run it yet. Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1 Download AVG Anti Spyware Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows" Install AVG Anti Spyware Double-click the icon on Desktop to launch AVG On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly. ComboFix 1. Download this file using either of these links http://download.bleepingcomputer.com/sUBs/combofix.exe http://www.techsupportforum.com/sectools/combofix.exe * IMPORTANT !!! Place combofix.exe on your Desktop 2. Go to Start => Run => paste in the single line command & click OK "%userprofile%\desktop\combofix.exe" /v ggw gebcd cluuwfri dmglaqd winuns32 3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Safe Mode Restart your computer. Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key. A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard. This will take a while than usual, so just wait. After it loads, Login on your usual account. Fixes with HijackThis Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing) *Please remember to close all other windows, including browsers then click Fix checked.* SmitfraudFix - Option #2 Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk F: (F:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ATF Cleaner Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Uncheck and Delete Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: "Security Info" "Warning Message" "Security Desktop" "Warning Homepage" "Desktop Uninstall" or something similar Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. AVG Anti-Spyware Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). You may now reboot back to normal mode SmitfraudFix - Option #3 Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #3 - Delete Trusted zone by typing 3 and press Enter Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. Online Scan Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan ComboFix 1. Run combofix again by just clicking on combofix.exe on your desktop. 2. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Logs Please post the following logs of this order in your next reply... F:\combofix2.txt F:\rapport.txt AVG Anti-Spyware's Log Panda’s Online Scan Log F:\combofix.txt A New HijackThis Log __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

12-01-2006, 10:41 AM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,970 OS: WinXP and Vista	Hello steviedee, Please post your logs in this thread--use multiple replies if need be. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

11-30-2006, 10:04 PM	#3 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Thanks for your reply, and i noticed you were online so we can work on it now: Logfile of HijackThis v1.99.1 Scan saved at 5:01:59 PM, on 12/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\issearch.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\LClock\LClock.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE F:\Program Files\Styler\Styler.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Windows Media Player\wmplayer.exe F:\WINDOWS\system32\DllHost.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Steve\Desktop\fredmh.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - F:\WINDOWS\system32\ixt0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

11-30-2006, 10:08 PM	#5 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Thanks Champ

11-30-2006, 10:19 PM	#6 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	hi, before i ran HJT from the desktop, then i realized i should run it from a folder in the c drive, so heres a new log with HJT renamed in a folder called "HJT" in the c drive root Logfile of HijackThis v1.99.1 Scan saved at 5:17:29 PM, on 12/1/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\system32\issearch.exe F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\LClock\LClock.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE F:\Program Files\Styler\Styler.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\MSN Messenger\msnmsgr.exe F:\Program Files\Windows Media Player\wmplayer.exe F:\WINDOWS\system32\DllHost.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe F:\Program Files\Azureus\Azureus.exe F:\HJT\fredmh.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O2 - BHO: (no name) - {24CDD4B4-EA0B-46AC-A34D-EC294EC45334} - F:\WINDOWS\system32\gebcd.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - F:\WINDOWS\system32\cluuwfri.dll O2 - BHO: (no name) - {3B9E242C-6F5E-7DCF-4F5D-013C44912EED} - F:\WINDOWS\system32\dmglaqd.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {755bbd1a-aa59-456c-afeb-b4c42c4dcb6f} - F:\WINDOWS\system32\ixt0.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {88441D4E-A9AD-E73B-DCA8-D028E575319E} - F:\WINDOWS\system32\ggw.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: gebcd - F:\WINDOWS\system32\gebcd.dll O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

12-01-2006, 07:51 AM	#8 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	hey, i sent all my logs to your email, because it was too long for the forums, did you recieve it?

12-01-2006, 08:04 PM	#13 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Rapport SmitFraudFix v2.126 Scan done at 0:12:34.04, Sat 12/02/2006 Run from F:\Documents and Settings\Steve\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files F:\WINDOWS\system32\ot.ico Deleted F:\WINDOWS\system32\tpedvf.dll Deleted F:\DOCUME~1\Steve\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

12-01-2006, 08:05 PM	#14 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	AVG --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:19:31 AM 12/2/2006 + Scan result: F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined). F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end HJT Rapport SmitFraudFix v2.126 Scan done at 0:12:34.04, Sat 12/02/2006 Run from F:\Documents and Settings\Steve\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files F:\WINDOWS\system32\ot.ico Deleted F:\WINDOWS\system32\tpedvf.dll Deleted F:\DOCUME~1\Steve\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End AVG --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 2:19:31 AM 12/2/2006 + Scan result: F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009001.dll -> Adware.Softomate : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009002.exe -> Adware.Softomate : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009028.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP39\A0009029.exe -> Dropper.Agent.azn : Cleaned with backup (quarantined). F:\System Volume Information\_restore{784B1AA9-0DC1-4964-9BFD-30E42D64087D}\RP29\A0008480.dll -> Trojan.Mezzia : Cleaned with backup (quarantined). F:\WINDOWS\system32\wnscpsv.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end HJT Logfile of HijackThis v1.99.1 Scan saved at 2:41:13 AM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\LClock\LClock.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe F:\Program Files\Styler\Styler.exe F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE F:\WINDOWS\system32\NOTEPAD.EXE F:\WINDOWS\system32\svchost.exe F:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe F:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\HJT\fredmh.exe.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = F:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Sorry if everything isnt correct, it was quite confusing and time consuming doing all the scans, but once again thanks for all your help.

12-02-2006, 12:46 AM	#15 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome back to TSF Try Panda Online Scan again. If it does not work, try Trend Micro Online Scan. Works for Firefox too. Unhide Files Go to My Computer->Tools->Folder Options->View tab: Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types Click Yes to confirm and then click OK. Files Deletion Delete the following Files indicated in RED if they still exist. F:\WINDOWS\system32\vbywdlfw.exe F:\WINDOWS\system32\wqqxxqvq.exe F:\WINDOWS\system32\ gqomqnwa.dll F:\WINDOWS\system32\ utbcgyb.dll F:\WINDOWS\system32\ ljjkiii.dll Boot into safe mode if they resist deletion. Delete the files from there. ComboFix 1. Run combofix again by clicking on combofix.exe on your desktop. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Logs Please post the following logs in your next reply... Online Scan Log F:\combofix.txt A New HijackThis Log How is your system behaving now? __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

12-02-2006, 02:41 AM	#16 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Hey the system is running very well. Thanks for all your time and effort. I also have numerous issues that arnt relating to malware, ill list them here, but there is no obligation to help as uve helped so much already:D 1.USB 2.0 Drivers no being recognized(maybe not installed but have installed service pack 2) 2.Windows does not boot up with 200GB external Hardrive on, but when turned off, boots fine 3.I applied a vista style to my desktop, and every time i reboot, it goes to its default wallpaper of some green leaves, when i want my porsche background!!! However can go into properties and change manually. 4 C drive has been renamed to F drive...id like it to be C:/ OK ill put the logs in the next post Thanks

12-02-2006, 02:44 AM	#18 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	Logfile of HijackThis v1.99.1 Scan saved at 9:44:10 PM, on 12/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe F:\Program Files\Windows Defender\MSASCui.exe F:\WINDOWS\SOUNDMAN.EXE F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe F:\Program Files\TopDesk\topdesk.exe F:\Program Files\MSN Messenger\MsnMsgr.Exe F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Remote Master V1.1\RemoteMaster.exe F:\Program Files\Styler\Styler.exe F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe F:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE F:\PROGRA~1\MOZILL~1\FIREFOX.EXE F:\WINDOWS\system32\svchost.exe F:\Program Files\LClock\lclock.exe F:\HJT\fredmh.exe.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - F:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [VGAUtil] F:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [LClock] F:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [TopDesk] F:\Program Files\TopDesk\topdesk.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Startup: Remote Master.lnk = F:\Program Files\Remote Master V1.1\RemoteMaster.exe O4 - Startup: Styler.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by132fd.bay132.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164736733968 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WBSrv - F:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

12-02-2006, 02:44 AM	#19 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	trend micro will take an hour...

12-02-2006, 07:56 PM	#20 (permalink)
steviedee Registered User Join Date: May 2006 Posts: 153 OS: XP	my internet is too shoddy to do trend mircro or panda, it keeps on cutting out an stuff, so we may have to skip this log