Computing.Net > Forums > Security and Virus > MSN Virus

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

MSN Virus

Reply to Message Icon
Original Message
Name: dawgfan1785
Date: October 3, 2006 at 19:26:57 Pacific
Subject: MSN Virus
OS: Windows XP Home SP2
CPU/Ram: P4 1.8 256 Mb Ram
Model/Manufacturer: Gateway
Comment:

Ok i am sorry for posting the hijack this log in the fourm. Please don't remove this one.

Ok heres the scoop. Late Sunday night i heard someone message me on msn.
So i go to the computer. Its from someone on my messenger. They send a
link or the virus on there computer sends the link in the message.
So it being late and me being half asleep i clicked it. Yes i know
that was dumb. Ok so thin i get some icons on my desktop Yinstall and
another can't remember. So then AVG pops up and saids it found a virus.
I clicked heal. So i disconnect the cat 5 for the night. Next day i
run scan with ewido in normal mode and in safe mode safe mode first.
Then i run AVG in safe mode and normal mode. Ive ran AVG and ewido
several times. I think i got the virus gone. Just one small problem.
I run AVG in safe more it shows no infected files but it doese show
a MBR error. So i boot up with a 98 Disk and run FDISK.EXE /MBR that
didn't fix it so. I boot to the Gateway XP Home OEM CD. I get to the
R to go in recovery console. I get to prompt and type FIXMBR or
whatever the command was to fix a bad MBR i can't remember but
I DID NO IT RIGHT. I just can't remember the command because its
late. Thanks for the help.

Oh and when i ran virus first time with ewido it found several viruses.
AVG did also. Here is some of them i found.
Downloader.ADload.ej Hihgh
Not-A-Virus.Downloader.Win32.Ins LOW
Downloader.IStBar.j
The last one is only one that showed up in google.



Report Offensive Message For Removal


Response Number 1
Name: jabuck
Date: October 3, 2006 at 19:44:39 Pacific
Reply: (edit)

The mbr effor may just be a conflict between your two antivirus programs as I believe Norton stores one. You should decide which one you want to keep then get rid of the other one.

Rename hijackthis.exe as that sometime helps locate the baddies. Go to start> search> files and folders> type in the top space "hijackthis.exe" without the quotes> click search> when it is found in the right pane (looks like a pile of dynamite)>right click on it> click rename> rename it "show.exe" without the quotes> click a blank space on the screen. Then post a new Hijack This log.

Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.

!!!!!Do not run any other options than option #1 as this will damage the desktop of an uninfected computer.

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.



Report Offensive Follow Up For Removal

Response Number 2
Name: dawgfan1785
Date: October 4, 2006 at 02:33:28 Pacific
Reply: (edit)

ewido is not AV its spyware program its downoadable from AVG site.So there shouldn't be a issue. Also the computer boots.


Report Offensive Follow Up For Removal

Response Number 3
Name: dawgfan1785
Date: October 4, 2006 at 02:51:48 Pacific
Reply: (edit)

Humm wonder if this will get removed?
It was suggested i post it.

SmitFraudFix v2.104

Scan done at 5:50:19.59, Wed 10/04/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Linksys Router WRT54G
PC-1 Gateway P4 1.8 256 MB Ram.
40 GB Harddrive
Win XP Pro
PC-2
Dell Dimension V350
350 Mhz
288 Mb Ram
20 Gig Harddrive
40 Gig Slave
Windows 2000 P


Report Offensive Follow Up For Removal

Response Number 4
Name: jabuck
Date: October 4, 2006 at 07:24:28 Pacific
Reply: (edit)

The Smitrem log is clean, so you can delete that program. Please post you Hijack This log after you have renamed the hijackthis.exe file.

Please download ComboFix to the Desktop from this link:

http://download.bleepingcomputer.com/sUBs/combofix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the combofix.txt log


Report Offensive Follow Up For Removal

Response Number 5
Name: jabuck
Date: October 4, 2006 at 08:14:45 Pacific
Reply: (edit)

The virus installs itself in your Msn messenger files. So for now go to start> control panel> add/remove programs> scroll down to and uninstall "msn messenger".


Report Offensive Follow Up For Removal


Response Number 6
Name: dawgfan1785
Date: October 4, 2006 at 11:35:34 Pacific
Reply: (edit)

Its Windows Messenger not MSN messenger.

Linksys Router WRT54G
PC-1 Gateway P4 1.8 256 MB Ram.
40 GB Harddrive
Win XP Pro
PC-2
Dell Dimension V350
350 Mhz
288 Mb Ram
20 Gig Harddrive
40 Gig Slave
Windows 2000 P


Report Offensive Follow Up For Removal

Response Number 7
Name: dawgfan1785
Date: October 4, 2006 at 11:49:15 Pacific
Reply: (edit)

Here is combofix.

Owner - 06-10-04 14:39:57.48 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{C464007F-0707-1033-0401-031025200001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))

2006-10-04 05:50 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-04 05:50 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-04 05:50 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-04 05:50 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-01 19:37 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-10-01 19:37 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-30 20:28 45,568 --a------ C:\WINDOWS\UniFish3.exe
2006-09-30 19:16 76,288 --a------ C:\WINDOWS\system32\dwvercls.dll
2006-09-30 19:16 32,256 --a------ C:\WINDOWS\system32\PolyMediaDB.dll
2006-09-30 19:16 175,104 --a------ C:\WINDOWS\system32\dwSockvs.dll
2006-09-30 19:07 36,864 --a------ C:\WINDOWS\system32\EAEXEC.EXE
2006-09-30 19:07 24,576 --a------ C:\WINDOWS\system32\EALTEST.EXE
2006-09-30 18:59 756,736 --------- C:\WINDOWS\system32\ir41_32.dll
2006-09-30 17:33 299,520 --a------ C:\WINDOWS\uninst.exe
2006-09-30 13:38 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-30 13:38 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-30 13:38 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-30 13:38 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-30 13:38 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-30 12:50 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-30 12:18 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-30 12:18 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-30 12:18 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-30 12:18 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-09-25 19:38 85,360 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2006-09-25 19:38 4,976 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2006-09-25 19:38 26,816 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2006-09-25 19:38 1,294,336 --------- C:\WINDOWS\NuNinst.exe
2006-09-25 19:37 23,920 --------- C:\WINDOWS\system32\drivers\incdrm.sys
2006-09-25 19:37 1,204,224 --------- C:\WINDOWS\UNMRW.exe
2006-09-25 19:32 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-09-25 19:32 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-09-25 19:32 45,056 --a------ C:\WINDOWS\system32\hpzll3xu.dll
2006-09-25 19:32 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-09-25 19:32 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-09-25 19:32 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-09-25 19:32 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-09-25 19:31 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-09-25 19:31 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-25 19:31 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-09-25 19:01 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-25 19:01 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2006-09-25 19:01 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2006-09-25 19:01 31,744 --a------ C:\WINDOWS\system32\S32STAT.DLL
2006-09-25 19:01 252,176 --a------ C:\WINDOWS\system32\msrd2x35.dll
2006-09-25 19:01 24,848 --a------ C:\WINDOWS\system32\msjter35.dll
2006-09-25 19:01 182,784 --a------ C:\WINDOWS\system32\ddao35.dll
2006-09-25 19:01 123,664 --a------ C:\WINDOWS\system32\Msjint35.dll
2006-09-25 19:01 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-25 19:01 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2006-09-25 19:00 94,208 --a------ C:\WINDOWS\system32\qdcsinet.dll
2006-09-25 19:00 86,016 --a------ C:\WINDOWS\system32\apitrap.dll
2006-09-25 19:00 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-09-25 19:00 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-09-25 19:00 13,792 --a------ C:\WINDOWS\system32\drivers\qdfsdrv.sys
2006-09-25 18:53 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-09-25 18:33 73,728 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-09-25 18:33 69,632 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-09-25 18:33 57,344 --a------ C:\WINDOWS\system32\LVComC.dll
2006-09-25 18:33 371,766 --a------ C:\WINDOWS\system32\drivers\CamDrL21.sys
2006-09-25 18:33 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-25 18:33 167,936 --a------ C:\WINDOWS\system32\lvcodec2.dll
2006-09-25 18:33 12,112 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2006-09-25 18:33 110,592 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-09-25 18:33 102,400 --a------ C:\WINDOWS\system32\LVComS.exe
2006-09-25 18:32 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
2006-09-25 18:18 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-25 18:04 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-09-25 18:04 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-09-25 18:04 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-09-25 17:02 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2006-09-25 17:02 59,392 --------- C:\WINDOWS\system32\logman.exe
2006-09-25 17:01 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-09-25 17:01 940,544 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-09-25 17:01 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-09-25 17:01 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-09-25 17:01 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-09-25 17:01 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-09-25 17:01 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2006-09-25 17:01 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-09-25 17:01 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-09-25 17:01 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2006-09-25 17:01 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-09-25 17:01 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2006-09-25 17:01 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-09-25 17:01 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-09-25 17:01 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-09-25 17:01 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-09-25 17:01 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-09-25 17:01 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-09-25 17:01 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-09-25 17:01 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-09-25 17:01 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-09-25 17:01 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-09-25 17:01 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-09-25 17:01 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2006-09-25 17:01 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-09-25 17:01 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-09-25 17:01 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-09-25 17:01 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-09-25 17:01 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-09-25 17:01 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-09-25 17:01 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-09-25 17:01 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-09-25 17:01 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-09-25 17:01 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-09-25 17:01 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-09-25 17:01 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-09-25 17:01 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-09-25 17:01 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-09-25 17:01 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-09-25 17:01 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-09-25 17:01 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-09-25 17:01 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-09-25 17:01 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-09-25 17:01 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-09-25 17:01 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-09-25 17:01 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-09-25 17:01 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-25 17:01 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-09-25 17:01 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-09-25 17:01 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-09-25 17:01 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-09-25 17:01 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-09-25 17:01 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2006-09-25 17:01 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-09-25 17:01 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-09-25 17:01 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-09-25 17:01 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-09-25 17:01 413,944 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-09-25 17:01 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-25 17:01 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-09-25 17:01 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-09-25 17:01 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-09-25 17:01 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-09-25 17:01 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-09-25 17:01 384,512 --------- C:\WINDOWS\system32\mp4sdmod.dll
2006-09-25 17:01 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-09-25 17:01 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-09-25 17:01 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-09-25 17:01 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2006-09-25 17:01 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-09-25 17:01 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-09-25 17:01 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll
2006-09-25 17:01 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-09-25 17:01 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-09-25 17:01 32,866 --------- C:\WINDOWS\slrundll.exe
2006-09-25 17:01 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-09-25 17:01 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-09-25 17:01 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-09-25 17:01 310,272 --------- C:\WINDOWS\system32\mp43dmod.dll
2006-09-25 17:01 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-09-25 17:01 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-09-25 17:01 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-09-25 17:01 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-09-25 17:01 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-09-25 17:01 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-09-25 17:01 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-09-25 17:01 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-09-25 17:01 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-09-25 17:01 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-09-25 17:01 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-09-25 17:01 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-09-25 17:01 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-09-25 17:01 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-09-25 17:01 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-09-25 17:01 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-09-25 17:01 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-09-25 17:01 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-09-25 17:01 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-09-25 17:01 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-09-25 17:01 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-09-25 17:01 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-09-25 17:01 25,088 --a------ C:\WINDOWS\system32\MsPMSNSv.dll
2006-09-25 17:01 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-09-25 17:01 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2006-09-25 17:01 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-25 17:01 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-09-25 17:01 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-09-25 17:01 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-09-25 17:01 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-09-25 17:01 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-09-25 17:01 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-09-25 17:01 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2006-09-25 17:01 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-09-25 17:01 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2006-09-25 17:01 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-25 17:01 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-09-25 17:01 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-09-25 17:01 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2006-09-25 17:01 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-09-25 17:01 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-09-25 17:01 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-25 17:01 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-25 17:01 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-09-25 17:01 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-09-25 17:01 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-09-25 17:01 168,448 --------- C:\WINDOWS\system32\wmerror.dll
2006-09-25 17:01 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-09-25 17:01 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-25 17:01 150,016 --a------ C:\WINDOWS\system32\wmidx.dll
2006-09-25 17:01 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-09-25 17:01 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-09-25 17:01 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-09-25 17:01 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-09-25 17:01 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-09-25 17:01 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-09-25 17:01 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-09-25 17:01 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-09-25 17:01 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-09-25 17:01 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-09-25 17:01 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-09-25 17:01 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-09-25 17:01 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-09-25 17:01 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-09-25 17:01 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-09-25 17:01 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-09-25 17:01 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-25 17:01 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-25 17:01 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-09-25 17:01 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll
2006-09-25 17:01 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-09-25 17:01 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-09-25 17:01 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-09-25 17:01 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-09-25 17:01 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-09-25 17:01 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2006-09-25 17:01 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-09-25 17:01 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-09-25 17:01 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-09-25 17:01 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-09-25 17:01 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-09-25 17:01 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-09-25 17:01 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-09-25 17:01 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-09-25 17:01 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-09-25 17:01 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-09-25 17:01 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-09-25 17:01 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-09-25 17:01 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-09-25 17:01 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-09-25 17:01 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2006-09-25 17:01 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-09-25 17:01 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2006-09-25 17:01 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-09-25 17:01 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-09-25 17:01 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-09-25 17:01 1,003,008 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-09-25 16:57 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2006-09-25 16:56 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-25 16:38 53,248 --a------ C:\WINDOWS\GWMDMpi.exe
2006-09-25 16:37 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-25 16:37 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-25 16:37 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-25 16:37 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-25 16:37 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-25 16:37 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2006-09-25 16:37 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-09-25 16:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-25 16:37 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-25 16:37 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-25 16:37 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-09-25 16:37 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-25 16:37 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-09-25 16:33 57,344 --a------ C:\WINDOWS\system32\PCTKRNT.SYS
2006-09-25 16:31 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-09-25 16:26 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-09-25 16:26 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-25 16:26 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2006-09-25 16:26 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2006-09-25 16:26 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2006-09-25 16:26 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2006-09-25 16:26 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2006-09-25 16:26 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2006-09-25 16:26 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2006-09-25 16:25 99,002 --a------ C:\WINDOWS\system32\drivers\ialmkchw.sys
2006-09-25 16:25 98,304 --a------ C:\WINDOWS\GWMDMU.exe
2006-09-25 16:25 95,579 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2006-09-25 16:25 94,267 --a------ C:\WINDOWS\system32\ialmrem.dll
2006-09-25 16:25 909,312 --a------ C:\WINDOWS\system32\igfxress.dll
2006-09-25 16:25 90,112 --a------ C:\WINDOWS\GWMDMMSG.exe
2006-09-25 16:25 9,785 --a------ C:\WINDOWS\system32\drivers\a312.sys
2006-09-25 16:25 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2006-09-25 16:25 720,896 --a------ C:\WINDOWS\system32\a3d.dll
2006-09-25 16:25 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2006-09-25 16:25 69,632 --a------ C:\WINDOWS\GWMDMD2K.exe
2006-09-25 16:25 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_0_pv1102.dll
2006-09-25 16:25 53,248 --a------ C:\WINDOWS\system32\Prounstl.exe
2006-09-25 16:25 53,248 --a------ C:\WINDOWS\system32\GWMDM168.dll
2006-09-25 16:25 499,712 --a------ C:\WINDOWS\system32\igfxcfg.exe
2006-09-25 16:25 488,002 --a------ C:\WINDOWS\system32\ialmdd5.dll
2006-09-25 16:25 46,647 --a------ C:\WINDOWS\system32\drivers\a304.sys
2006-09-25 16:25 459,944 --a------ C:\WINDOWS\system32\drivers\smwdm.sys
2006-09-25 16:25 45,056 --a------ C:\WINDOWS\system32\igfxdgps.dll
2006-09-25 16:25 36,927 --a------ C:\WINDOWS\system32\ialmrnt5.dll
2006-09-25 16:25 33,847 --a------ C:\WINDOWS\system32\drivers\wa301b.sys
2006-09-25 16:25 33,847 --a------ C:\WINDOWS\system32\drivers\wa301a.sys
2006-09-25 16:25 33,335 --a------ C:\WINDOWS\system32\drivers\a311.sys
2006-09-25 16:25 33,335 --a------ C:\WINDOWS\system32\drivers\a310.sys
2006-09-25 16:25 323,584 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2006-09-25 16:25 3,744 --a------ C:\WINDOWS\system32\drivers\smsens.sys
2006-09-25 16:25 29,751 --a------ C:\WINDOWS\system32\drivers\a303.sys
2006-09-25 16:25 262,144 --a------ C:\WINDOWS\system32\shpshftr.dll
2006-09-25 16:25 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-09-25 16:25 26,167 --a------ C:\WINDOWS\system32\drivers\a309.sys
2006-09-25 16:25 23,040 --a------ C:\WINDOWS\system32\IntelNic.dll
2006-09-25 16:25 221,184 --a------ C:\WINDOWS\system32\igfxeud.dll
2006-09-25 16:25 21,559 --a------ C:\WINDOWS\system32\drivers\a307.sys
2006-09-25 16:25 21,045 --a------ C:\WINDOWS\system32\drivers\vch.sys
2006-09-25 16:25 204,800 --a------ C:\WINDOWS\system32\igfxpph.dll
2006-09-25 16:25 2,619 --a------ C:\WINDOWS\system32\drivers\sensupgd.sys
2006-09-25 16:25 198,331 --a------ C:\WINDOWS\system32\ialmdev5.dll
2006-09-25 16:25 192,512 --a------ C:\WINDOWS\system32\ialmgdev.dll
2006-09-25 16:25 16,951 --a------ C:\WINDOWS\system32\drivers\a306.sys
2006-09-25 16:25 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-09-25 16:25 151,552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2006-09-25 16:25 151,552 --a------ C:\WINDOWS\system32\igfxdev.dll
2006-09-25 16:25 139,776 --a------ C:\WINDOWS\system32\drivers\e100b325.sys
2006-09-25 16:25 122,880 --a------ C:\WINDOWS\system32\igfxhk.dll
2006-09-25 16:25 122,110 --a------ C:\WINDOWS\system32\drivers\ialmsbw.sys
2006-09-25 16:25 12,855 --a------ C:\WINDOWS\system32\drivers\a305.sys
2006-09-25 16:25 118,784 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-25 16:25 118,784 --a------ C:\WINDOWS\system32\hccutils.dll
2006-09-25 16:25 116,796 --a------ C:\WINDOWS\system32\ialmdnt5.dll
2006-09-25 16:25 11,831 --a------ C:\WINDOWS\system32\drivers\a302.sys
2006-09-25 16:25 11,319 --a------ C:\WINDOWS\system32\drivers\a308.sys
2006-09-25 16:25 1,851,392 --a------ C:\WINDOWS\system32\ialmgicd.dll
2006-09-25 16:25 1,107,680 --a------ C:\WINDOWS\system32\drivers\GWMDM.sys
2006-09-25 16:16 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-25 16:16 0 -rahs---- C:\MSDOS.SYS
2006-09-25 16:16 0 -rahs---- C:\IO.SYS
2006-09-25 16:16 0 --a------ C:\CONFIG.SYS
2006-09-25 16:16 0 --a------ C:\AUTOEXEC.BAT
2006-09-25 16:14 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-25 16:14 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-25 16:14 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-25 16:14 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-25 16:14 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-25 16:14 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-25 16:14 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-25 16:14 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-25 16:14 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-25 16:14 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-25 16:14 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-25 16:14 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-25 16:14 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-25 16:14 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-25 16:14 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-25 16:14 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-25 16:14 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-25 16:14 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-25 16:14 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-25 16:14 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-25 16:14 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-25 16:14 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-25 16:14 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-25 16:14 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-25 16:14 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-25 16:14 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-25 16:14 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-25 16:14 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-25 16:14 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-25 16:14 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-25 16:14 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-25 16:13 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-25 16:13 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-25 16:13 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-25 16:13 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-25 16:13 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-25 16:13 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-25 16:13 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-25 16:13 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-25 16:13 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-25 16:13 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-25 16:13 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-25 16:13 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-25 16:13 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-25 16:13 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-25 16:13 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-25 16:13 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-25 16:13 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-25 16:13 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-25 16:13 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-25 16:13 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-25 16:13 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-25 16:13 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-25 16:13 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-25 16:13 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-25 16:13 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-25 16:13 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-25 16:13 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-25 16:13 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-25 16:13 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-25 16:13 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-25 16:13 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-25 16:13 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-25 16:13 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-25 16:13 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-25 16:13 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-25 16:13 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-25 16:13 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-25 16:13 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-25 16:13 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-25 16:13 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-25 16:13 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-25 16:13 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-25 16:13 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-25 16:13 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-25 16:13 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-25 16:13 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-25 16:13 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-25 16:13 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-25 16:13 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-25 16:13 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-25 16:13 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-25 16:13 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-25 16:13 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-25 16:13 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-25 16:13 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-25 16:13 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-25 16:13 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-25 16:13 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-25 16:13 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-25 16:13 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-25 16:13 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-25 16:13 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-25 16:13 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-25 16:13 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-25 16:13 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-25 16:13 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-25 16:13 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-25 16:13 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-25 16:13 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-25 16:13 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-25 16:13 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-25 16:13 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-25 16:13 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-25 16:13 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-25 16:13 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-25 16:13 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-25 16:13 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-25 16:13 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-25 16:13 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-25 16:13 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-25 16:13 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-25 16:13 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-25 16:13 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-25 16:13 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-25 16:13 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-25 16:13 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-25 16:13 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-25 11:12 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-09-25 11:12 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-09-25 11:12 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-09-25 11:12 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-25 11:12 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-09-25 11:11 871,388 --a------ C:\WINDOWS\system32\drivers\BCMDM.sys
2006-09-25 11:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-25 11:11 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-09-25 11:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-09-25 11:09 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-25 11:09 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-25 11:09 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-25 11:09 69,120 --a------ C:\WINDOWS\notepad.exe
2006-09-25 11:09 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-25 11:09 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-25 11:09 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-25 11:09 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-25 11:09 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-25 11:09 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 14:40 -------- d-------- C:\Program Files\Common Files
2006-10-04 11:40 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-04 11:07 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-10-03 21:48 -------- d-------- C:\Program Files\Trend Micro
2006-10-02 14:56 -------- d-------- C:\Program Files\ICQ
2006-10-02 00:07 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-02 00:06 -------- d-------- C:\Program Files\Yahoo!
2006-10-01 19:40 -------- d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2006-10-01 19:39 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-01 19:39 -------- d-------- C:\Program Files\FaxTools
2006-10-01 19:39 -------- d-------- C:\Program Files\ABBYY FineReader 6.0
2006-10-01 19:05 -------- d-------- C:\Program Files\HP
2006-09-30 23:39 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-09-30 21:00 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-30 20:45 875 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-09-30 20:45 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-09-30 20:45 -------- d-------- C:\Program Files\Adobe
2006-09-30 20:39 -------- d-------- C:\Program Files\BibleCollection
2006-09-30 20:39 -------- d-------- C:\Program Files\bDeluxe
2006-09-30 20:37 -------- d-------- C:\Program Files\ValuSoft
2006-09-30 20:27 -------- d-------- C:\Program Files\Hasbro Interactive
2006-09-30 20:16 -------- d-------- C:\Program Files\trailer park tycoon
2006-09-30 20:01 -------- d-------- C:\Program Files\Microsoft Games
2006-09-30 19:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2006-09-30 19:54 -------- d-------- C:\Program Files\Atari
2006-09-30 19:50 -------- d-------- C:\Program Files\Activision Value
2006-09-30 19:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-30 19:16 -------- d-------- C:\Program Files\Headgames
2006-09-30 19:14 -------- d-------- C:\Program Files\Hard Truck 18 Wheels
2006-09-30 19:05 -------- d-------- C:\Program Files\EA SPORTS
2006-09-30 18:59 56832 --------- C:\WINDOWS\system32\Iyvu9_32.dll
2006-09-30 15:16 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-09-30 14:12 -------- d-------- C:\Program Files\AIM
2006-09-30 14:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\Aim
2006-09-30 14:11 -------- d-------- C:\Program Files\Viewpoint
2006-09-30 14:11 -------- d-------- C:\Program Files\AOD
2006-09-30 14:09 457 --a------ C:\Program Files\INSTALL.LOG
2006-09-30 14:09 -------- d-------- C:\Program Files\Internet Explorer
2006-09-30 14:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\ICQ
2006-09-30 13:38 -------- d-------- C:\Program Files\Grisoft
2006-09-30 13:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-09-30 13:04 -------- d-------- C:\Program Files\Google
2006-09-30 13:03 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2006-09-30 13:02 -------- d-------- C:\Program Files\Messenger
2006-09-30 12:58 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-09-30 12:27 -------- d-------- C:\Program Files\Windows Media Player
2006-09-30 12:27 -------- d-------- C:\Program Files\Outlook Express
2006-09-30 12:27 -------- d-------- C:\Program Files\Common Files\System
2006-09-30 11:12 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-30 11:12 -------- d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2006-09-25 19:51 -------- d-------- C:\Program Files\Symantec
2006-09-25 19:43 -------- d-------- C:\Program Files\CyberLink
2006-09-25 19:38 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-25 19:38 -------- d-------- C:\Program Files\Ahead
2006-09-25 19:35 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-25 19:12 -------- d-------- C:\Program Files\Norton SystemWorks
2006-09-25 18:51 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-25 18:51 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-25 18:51 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-25 18:50 -------- d-------- C:\Program Files\Microsoft Works
2006-09-25 18:50 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-25 18:50 -------- d-------- C:\Program Files\Microsoft Office
2006-09-25 18:50 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-09-25 18:34 -------- d-------- C:\Program Files\Common Files\Logitech
2006-09-25 18:33 -------- d-------- C:\Program Files\Windows Media Components
2006-09-25 18:32 -------- d-------- C:\Program Files\Logitech
2006-09-25 18:24 -------- d-------- C:\Program Files\Common Files\HP
2006-09-25 18:23 -------- d-------- C:\Program Files\Hewlett-Packard
2006-09-25 18:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\HP
2006-09-25 17:01 -------- d-------- C:\Program Files\Movie Maker
2006-09-25 16:59 -------- d-------- C:\Program Files\Windows NT
2006-09-25 16:59 -------- d-------- C:\Program Files\NetMeeting
2006-09-25 16:34 -------- d-------- C:\Program Files\Gateway
2006-09-25 16:33 -------- d-------- C:\Program Files\SIFXINST
2006-09-25 16:32 -------- d-------- C:\Program Files\Common Files\Lanovation
2006-09-25 16:26 -------- d-------- C:\Program Files\Intel
2006-09-25 16:21 -------- d-------- C:\Documents and Settings\Owner\Application Data\Identities
2006-09-25 16:16 -------- d-------- C:\Program Files\xerox
2006-09-25 16:16 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-25 16:15 -------- d-------- C:\Program Files\Online Services
2006-09-25 16:14 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-25 16:14 -------- d-------- C:\Program Files\Common Files\Services
2006-09-25 16:14 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-25 16:13 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-25 16:13 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-25 16:13 -------- d-------- C:\Program Files\MSN
2006-09-25 11:09 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2006-09-25 11:09 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-25 11:09 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 12:24 14872 --a------ C:\WINDOWS\system32\SBBD.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Mirabilis ICQ"="C:\\PROGRA~1\\ICQ\\ICQNet.exe"
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start"
"item"="Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GhostStartTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GWMDMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWMDMMSG"
"hkey"="HKLM"
"command"="GWMDMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GWMDMpi]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWMDMpi"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\GWMDMpi.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LDM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BackWeb-8876480"
"hkey"="HKCU"
"command"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechGalleryRepair]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ISStart"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LogitechImageStudioTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogiTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\LVCOMS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LVCOMS"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\WebReg Deskjet 3900 series.job

Completion time: Wed 10/04/2006 14:41:25.93
ComboFix.txt

============================================
As for the Hijack this. If i post the Hijack this log it will get removed again.
But here it is anyway. If i get banned its your faught.

Logfile of HijackThis v1.99.1
Scan saved at 2:47:57 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yc...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yc...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yc...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gatewaybiz.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gm...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtes...
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

Linksys Router WRT54G
PC-1 Gateway P4 1.8 256 MB Ram.
40 GB Harddrive
Win XP Pro
PC-2
Dell Dimension V350
350 Mhz
288 Mb Ram
20 Gig Harddrive
40 Gig Slave
Windows 2000 P


Report Offensive Follow Up For Removal

Response Number 8
Name: jabuck
Date: October 4, 2006 at 13:56:49 Pacific
Reply: (edit)

So far I don't see anything much.

Update ewido

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.


Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot into normal mode and post the Ewido report on your desktop.


Report Offensive Follow Up For Removal

Response Number 9
Name: dawgfan1785
Date: October 4, 2006 at 14:53:55 Pacific
Reply: (edit)

Ok the AVG scan with MBR error. I only get the error in safe mode. When i scan with AVG in normal mode it just shows MBR changed
something like that. Also ive ran ewido in safemode sevaral times. I do have 2 partitions. I for Windows and the other for recovery. The recovery is a hidden partition. It can't be accesed in Windows. Also system restore is turned off. The ewido in safemode is hard to work with. Some of the buttons go above the top of the screen where i can't hardly select so what you said i can't do. But i have ran several scans in safemode with ewido. I could be getting the error because of the hidden partition thats just a thought. Oh and im good with computers. I just needed help with this little bug. I haven't had many viruses ive been lucky over the years. The main thing about computers im good with is hardware i could be a tech if i really put my mind to it. Ive took this computer apart many times and put it back toghther in 15 mins. Just thought i would add about my knowledge.


Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: October 4, 2006 at 17:19:57 Pacific
Reply: (edit)

It is most likely a conflict between the two antivirus programs. Norton stores a copy of your boot record and AVG may see that. You should get rid of one of them.

I had a computer that would giant screen Ewido in safe mode also, never figured that out.

The file that was deleted in combofix under the heading "Other Deletions" appears to be a reminant of Smitrem.

These files could be virus related:

C:\WINDOWS\UniFish3.exe

C:\WINDOWS\system32\PolyMediaDB.dll

May want to upload them to jott's and have them checked.

Wish we could have been more help to you.



Report Offensive Follow Up For Removal

Response Number 11
Name: dawgfan1785
Date: October 4, 2006 at 18:04:02 Pacific
Reply: (edit)

I have uninstalled Norton AV before i even had the virus. Doese it still show something containing Norton AV? I hate Norton AV because if you remove it it leave traces in the system. The only thing Norton i have is Ghost and System works. Oh and also Norton AV will make system restore fail.


Report Offensive Follow Up For Removal

Response Number 12
Name: dawgfan1785
Date: October 4, 2006 at 18:22:11 Pacific
Reply: (edit)

Ok i just found out. It also shows MBR error in normal mode.

Maybe it is because i had norton AV installed.


Report Offensive Follow Up For Removal

Response Number 13
Name: dawgfan1785
Date: October 4, 2006 at 18:23:39 Pacific
Reply: (edit)

And i meant to post this link to the AVG results. This fourm needs an edit feature.


[URL=http://imageshack.us][IMG]http://img209.imageshack.us/img209/2118/avgscankj1.jpg[/IMG][/URL]


Report Offensive Follow Up For Removal

Response Number 14
Name: jabuck
Date: October 4, 2006 at 19:23:23 Pacific
Reply: (edit)

You might try running "error checker" to see what it finds.


Report Offensive Follow Up For Removal

Response Number 15
Name: dawgfan1785
Date: October 6, 2006 at 02:43:45 Pacific
Reply: (edit)

I think you were right the first time. Here is what i did. I uninstalled AVG. Installed Norton Internet Security 2006 with antispy. Did a scan in safemode nothing found. I uninstalled Norton. Reinstalled AVG uninstalled ewido. It no longer shows MBR error. So there must be a conflict with ewido and AVG. They should have a fix for this. ewido is a part of grifsoft now.


Report Offensive Follow Up For Removal

Response Number 16
Name: richbot
Date: October 14, 2006 at 07:23:48 Pacific
Reply: (edit)

intreasting i've had problems with norton aswell

Richard :


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: MSN Virus

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 4 Days.
Discuss in The Lounge


disable secuity in Outlook using VC

New printer cannot find in XP

DNS with router gone

Reset ROM BIOS password for Nx7400

Advance Batch file help needed

All Posts Awaiting Replies