[icerider]

Well, it's not that big an issue. I don't know if this is relevant or not, but whenever I open Advanced Uninstaller, there's always an invalid program at top with the name: {2CCBABCB-6427-4A55-B091-49864623C43F}. If I remove it, it comes up again the next day.

[Advertisements]

From what I could find that number:
{2CCBABCB-6427-4A55-B091-49864623C43F}
belongs to the Google Toolbar for FireFox, which also comes with the latest Java Runtime installers.

Does that make sense?
Found that in this French forum:
http://forum.generat...machine-166979/

[Metallica]

From what I could find that number:
{2CCBABCB-6427-4A55-B091-49864623C43F}
belongs to the Google Toolbar for FireFox, which also comes with the latest Java Runtime installers.

Does that make sense?
Found that in this French forum:
http://forum.generat...machine-166979/

[icerider]

Yeah, thanks for your help. I'll guess I restore my Acronis image. Thanks again.

edit: I restored my image, but the following message came up: BootSector Write! VIRUS Continue? (Y/N) I went on and restored the image, but how do I find and get rid of the virus?

Edited by icerider, 30 November 2006 - 11:23 PM.

[Metallica]

Which program threw that warning?

It could have been a false alarm triggered by Acronis writing to the BootSector.

[icerider]

When I restarted the computer to complete the image restoration, the message appeared on a black background and grey font.

[Metallica]

Ignore it for now. We'll have a closer look once everything is installed.

[icerider]

Well, here's a HiJack! log:

Logfile of HijackThis v1.99.1
Scan saved at 10:03:25 AM, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Opera\Opera.exe
D:\HIJACK\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

[icerider]

and a ComboFix log:

Simon - 06-12-03 10:04:09.29 Service Pack 2
ComboFix 06.11.22 - Running from: "D:\"

((((((((((((((((((((((((((((((( Files Created from 2006-11-03 to 2006-12-03 ))))))))))))))))))))))))))))))))))


2006-12-02 13:17 <DIR> d-------- C:\Program Files\Sports Interactive
2006-12-02 13:09 <DIR> d-------- C:\Program Files\PowerISO
2006-12-02 11:23 <DIR> d-------- C:\Program Files\Java
2006-12-02 11:23 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-02 10:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-02 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-02 10:45 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-02 10:45 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Lavasoft
2006-12-02 10:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-01 17:00 118,784 --------- C:\WINDOWS\system32\MSSTDFMT.DLL
2006-12-01 17:00 1,386,496 --------- C:\WINDOWS\system32\msvbvm60.dll
2006-11-30 22:38 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Macromedia
2006-11-30 22:18 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Adobe
2006-11-30 21:49 87,552 --a------ C:\WINDOWS\system32\CNMLM4d.DLL
2006-11-30 21:49 73,728 -ra------ C:\WINDOWS\system32\CNMCP4d.exe
2006-11-30 21:49 5,632 --a------ C:\WINDOWS\system32\CNMVS4d.DLL
2006-11-30 21:48 <DIR> d--h----- C:\BJPrinter
2006-11-30 21:44 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-11-30 21:44 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-11-30 21:44 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-30 21:44 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-11-30 21:44 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-11-30 21:44 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-11-30 21:41 <DIR> d-------- C:\Program Files\Winamp
2006-11-30 21:32 <DIR> d-------- C:\Program Files\Opera
2006-11-30 21:32 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Opera
2006-11-30 21:31 <DIR> d--hs---- C:\RECYCLER
2006-11-30 21:26 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-30 21:26 <DIR> d-------- C:\Documents and Settings\Simon\Contacts
2006-11-30 21:25 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-30 21:20 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-05 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
2006-11-05 16:25 45,056 --a------ C:\WINDOWS\system32\WMErrCHT.dll
2006-11-05 16:23 45,056 --a------ C:\WINDOWS\system32\WMErrCHS.dll
2006-11-05 16:22 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-11-05 16:21 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-11-05 16:21 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-11-05 16:21 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-11-05 16:21 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-11-05 16:21 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-11-05 16:21 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-11-05 16:21 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-11-05 16:21 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-11-05 16:21 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-11-05 16:20 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-11-05 16:20 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-11-05 16:19 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-11-05 16:19 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-11-05 16:19 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-11-05 16:19 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-11-05 16:19 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-11-05 16:19 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-11-05 16:18 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\F-Secure
2006-11-05 16:17 96,320 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2006-11-05 16:17 30,688 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2006-11-05 16:17 249,152 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2006-11-05 16:16 <DIR> d-------- C:\Program Files\Common Files\Acronis
2006-11-05 16:16 <DIR> d-------- C:\Program Files\Acronis
2006-11-05 16:15 <DIR> d-------- C:\Program Files\DivX Total Pack
2006-11-05 16:14 <DIR> d-------- C:\Program Files\WinRAR
2006-11-05 16:12 70,896 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-11-05 16:12 33,584 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-11-05 16:11 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2006-11-05 16:11 <DIR> d-------- C:\Program Files\F-Secure
2006-11-05 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2006-11-05 16:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-05 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-11-05 16:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-05 16:07 <DIR> d-------- C:\Program Files\Adobe
2006-11-05 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-05 15:57 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2006-11-05 15:56 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-11-05 15:56 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-05 15:56 <DIR> d-------- C:\Program Files\Common Files\L&H
2006-11-05 15:55 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-11-05 15:55 <DIR> d-------- C:\Program Files\Microsoft Works
2006-11-05 15:55 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
2006-11-05 15:55 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-05 15:55 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-11-05 15:54 <DIR> dr-h----- C:\MSOCache
2006-11-05 15:48 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-05 15:48 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Logitech
2006-11-05 15:45 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-11-05 15:45 <DIR> d-------- C:\Program Files\CyberLink
2006-11-05 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2006-11-05 15:44 71,533 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2006-11-05 15:44 54,817 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2006-11-05 15:44 13,105 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2006-11-05 15:44 <DIR> d-------- C:\Program Files\Logitech
2006-11-05 15:44 <DIR> d-------- C:\Program Files\Common Files\Logitech
2006-11-05 15:42 <DIR> d-------- C:\WINDOWS\system32\Lang
2006-11-05 15:40 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Help
2006-11-05 15:34 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-11-05 15:33 294,912 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-05 15:33 <DIR> d-------- C:\Program Files\ATI Technologies
2006-11-05 15:32 65,536 --------- C:\WINDOWS\system32\ntport.dll
2006-11-05 15:32 6,080 --------- C:\WINDOWS\system32\zntport.sys
2006-11-05 15:32 25,657 --------- C:\WINDOWS\install.exe
2006-11-05 15:32 25,111 --------- C:\WINDOWS\remove.exe
2006-11-05 15:32 24,971 --a------ C:\WINDOWS\system32\drivers\iteraid.sys
2006-11-05 15:32 <DIR> d-------- C:\Program Files\ITE
2006-11-05 15:31 <DIR> d-------- C:\Program Files\Marvell
2006-11-05 15:30 7,360,512 --a------ C:\WINDOWS\RTLCPL.EXE
2006-11-05 15:30 67,584 --a------ C:\WINDOWS\SOUNDMAN.EXE
2006-11-05 15:30 57,344 --a------ C:\WINDOWS\ALCMTR.EXE
2006-11-05 15:30 2,545,664 --a------ C:\WINDOWS\ALCWZRD.EXE
2006-11-05 15:30 2,161,792 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2006-11-05 15:30 156,160 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-11-05 15:30 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-05 15:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-05 15:30 <DIR> d-------- C:\Program Files\Realtek
2006-11-05 15:30 <DIR> d-------- C:\Program Files\Intel
2006-11-05 15:29 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-11-05 15:29 5,755 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-11-05 15:29 <DIR> d-------- C:\WINDOWS\ATK0110
2006-11-05 15:29 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-05 15:28 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-05 15:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-05 15:28 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-05 15:24 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-05 15:23 178,560 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2006-11-05 15:21 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-05 15:17 <DIR> dr-h----- C:\Documents and Settings\Simon\SendTo
2006-11-05 15:17 <DIR> dr-h----- C:\Documents and Settings\Simon\Recent
2006-11-05 15:17 <DIR> dr-h----- C:\Documents and Settings\Simon\Application Data\.
2006-11-05 15:17 <DIR> dr-h----- C:\Documents and Settings\Simon\Application Data
2006-11-05 15:17 <DIR> dr------- C:\Documents and Settings\Simon\Start Menu
2006-11-05 15:17 <DIR> dr------- C:\Documents and Settings\Simon\My Documents
2006-11-05 15:17 <DIR> dr------- C:\Documents and Settings\Simon\Favorites
2006-11-05 15:17 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-05 15:17 <DIR> d--h----- C:\Documents and Settings\Simon\Templates
2006-11-05 15:17 <DIR> d--h----- C:\Documents and Settings\Simon\PrintHood
2006-11-05 15:17 <DIR> d--h----- C:\Documents and Settings\Simon\NetHood
2006-11-05 15:17 <DIR> d--h----- C:\Documents and Settings\Simon\Local Settings
2006-11-05 15:17 <DIR> d---s---- C:\Documents and Settings\Simon\Cookies
2006-11-05 15:17 <DIR> d---s---- C:\Documents and Settings\Simon\Application Data\Microsoft
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\Simon\Desktop
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\Identities
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\Simon\Application Data\..
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\Simon\..
2006-11-05 15:17 <DIR> d-------- C:\Documents and Settings\Simon\.
2006-11-05 15:15 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-05 15:15 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-05 15:15 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-05 15:13 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-11-05 15:13 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-11-05 15:11 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-11-05 15:11 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-11-05 15:11 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-11-05 15:11 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-11-05 15:11 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-11-05 15:11 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-05 15:11 <DIR> d-------- C:\Program Files\xerox
2006-11-05 15:11 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-05 15:10 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-05 15:10 0 -rahs---- C:\MSDOS.SYS
2006-11-05 15:10 0 -rahs---- C:\IO.SYS
2006-11-05 15:10 0 --a------ C:\CONFIG.SYS
2006-11-05 15:10 0 --a------ C:\AUTOEXEC.BAT
2006-11-05 15:09 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-05 15:09 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-05 15:09 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-05 15:09 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-05 15:08 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-05 15:08 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-05 15:07 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-05 15:07 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-05 15:07 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-05 15:07 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-05 15:07 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-05 15:07 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-05 15:06 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-05 15:06 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-05 15:06 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-05 15:06 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-05 15:06 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-05 15:06 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-05 15:06 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-05 15:06 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-05 15:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-05 15:06 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-05 15:06 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-05 15:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-05 15:06 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-05 15:06 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-05 15:06 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-05 15:06 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-05 15:06 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-05 15:06 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-05 15:06 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-05 15:06 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-05 15:05 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-05 15:05 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-05 15:05 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-05 15:05 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-05 15:05 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-05 15:05 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-05 15:05 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-05 15:05 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-05 15:05 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-05 15:05 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-05 15:05 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-05 15:05 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-05 15:05 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-05 15:05 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-05 15:05 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-05 15:05 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-05 15:05 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-05 15:05 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-05 15:05 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-05 15:05 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-05 15:05 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-05 15:05 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-05 15:05 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-05 15:05 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-05 15:05 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-05 15:05 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-05 15:05 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-05 15:05 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-05 15:05 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-05 15:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-05 15:04 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-05 15:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-05 15:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-05 15:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-05 15:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-05 15:04 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-05 15:04 <DIR> d-------- C:\WINDOWS\Registration
2006-11-05 15:04 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-05 15:04 <DIR> d-------- C:\Program Files\Online Services
2006-11-05 15:04 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-05 15:04 <DIR> d-------- C:\Program Files\Messenger
2006-11-05 15:04 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-05 15:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-05 15:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-05 15:03 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-05 15:03 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-05 15:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-05 15:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-05 15:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-05 15:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-05 15:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-05 15:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-05 15:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-05 15:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-05 15:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-05 15:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-05 15:03 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-05 15:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-05 15:03 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-05 15:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-05 15:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-05 15:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-05 15:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-05 15:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-05 15:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-05 15:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-05 15:03 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-05 15:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-05 15:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-05 15:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-05 15:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-05 15:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-05 15:02 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-05 15:02 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-05 15:02 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-05 15:02 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-05 15:02 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-05 15:02 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-05 15:02 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-05 15:02 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-05 15:02 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-05 15:02 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-05 15:02 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-05 15:02 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-05 15:02 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-05 15:02 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-05 15:02 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-05 15:02 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-05 15:02 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-05 15:02 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-05 15:02 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-05 15:02 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-05 15:02 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-05 15:02 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-05 15:02 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-05 15:02 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-05 15:02 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-05 15:02 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-05 15:02 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-05 15:02 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-05 15:02 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-05 15:02 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-05 15:02 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-05 15:02 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-05 15:02 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-05 15:02 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-05 15:02 <DIR> d-------- C:\Program Files\Windows NT
2006-11-05 15:02 <DIR> d-------- C:\Program Files\MSN
2006-11-05 15:01 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-05 15:01 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-05 15:01 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-05 15:01 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-05 15:01 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-05 15:01 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-05 15:01 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-05 15:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-05 15:01 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-05 15:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-05 15:01 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-05 15:01 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-05 15:01 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-05 15:01 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-05 15:01 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-05 06:58 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-11-05 06:58 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-05 06:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-05 06:58 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-05 06:58 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-05 06:58 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-05 06:58 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-05 06:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-11-05 06:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-05 06:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-05 06:58 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-05 06:58 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-05 06:58 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-11-05 06:58 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-05 06:58 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-11-05 06:58 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-11-05 06:58 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-05 06:58 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-11-05 06:58 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-11-05 06:57 74,240 --a------ C:\WINDOWS\system\CamExO20.dll
2006-11-05 06:57 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-05 06:57 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-11-05 06:57 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-05 06:57 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-05 06:57 44,544 --a------ C:\WINDOWS\system32\OVUI2.dll
2006-11-05 06:57 41,984 --a------ C:\WINDOWS\system32\OVUI2RC.dll
2006-11-05 06:57 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-05 06:57 39,424 --a------ C:\WINDOWS\system32\OVComS.exe
2006-11-05 06:57 314,752 --a------ C:\WINDOWS\system32\drivers\CamDrO21.sys
2006-11-05 06:57 20,480 --a------ C:\WINDOWS\system32\OVComC.dll
2006-11-05 06:57 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-05 06:57 116,736 --a------ C:\WINDOWS\system32\OVCodec2.dll
2006-11-05 06:56 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-05 06:56 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-11-05 06:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-05 06:55 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-05 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-05 06:55 <DIR> dr------- C:\Program Files\Common Files\..
2006-11-05 06:55 <DIR> dr------- C:\Program Files\.
2006-11-05 06:55 <DIR> dr------- C:\Program Files
2006-11-05 06:55 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-05 06:55 <DIR> d--hs---- C:\Program Files\..
2006-11-05 06:55 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-05 06:55 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-05 06:55 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-05 06:55 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-05 06:55 <DIR> d-------- C:\Program Files\Common Files
2006-11-05 06:54 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-05 06:54 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-05 06:54 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-05 06:54 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-05 06:54 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-05 06:54 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-05 06:54 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-05 06:54 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-05 06:54 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-05 06:54 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-05 06:54 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-05 06:54 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-05 06:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-05 06:54 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-05 06:54 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-05 06:54 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-05 06:54 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-05 06:54 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-05 06:54 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-05 06:54 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-05 06:54 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-05 06:54 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-05 06:54 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-05 06:54 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-05 06:54 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-05 06:54 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-05 06:54 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-05 06:54 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-05 06:54 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-05 06:54 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-05 06:54 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-05 06:54 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-05 06:54 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-05 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-05 06:54 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-05 06:53 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-05 06:53 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-05 06:53 <DIR> d--hs---- C:\System Volume Information
2006-11-05 06:53 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-05 06:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-05 06:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-05 06:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-05 06:53 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-05 06:53 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-05 06:53 <DIR> d-------- C:\Documents and Settings
2006-11-05 06:40 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-05 06:40 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-05 06:40 <DIR> dr------- C:\WINDOWS\Web
2006-11-05 06:40 <DIR> d--hs---- C:\WINDOWS\..
2006-11-05 06:40 <DIR> d--h----- C:\WINDOWS\inf
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Temp
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system32
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system\..
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system\.
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\system
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\security
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Resources
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\repair
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\mui
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\msapps
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\msagent
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Media
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\java
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\ime
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Help
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\ehome
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Debug
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\Config
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\addins
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS\.
2006-11-05 06:40 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"TrueImageMonitor.exe"="C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060515-154618-418
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
backup-20060514-134355-413
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060514-134355-465
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
backup-20060514-134355-287
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
backup-20060514-134355-651
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20060514-134355-255
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
backup-20060514-134355-496
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Completion time: 06-12-03 10:05:03.62
C:\ComboFix.txt ... 06-12-03 10:05

thanks.

[Metallica]

Looks good to me.
Did you do a full system scan with F-Secure after getting the last updates?

[icerider]

Yup, it found nothing. Panda activescan also found nothing. However, my computer occasionally restarts when I want to turn it off for some strange reason. The same thing happened as well before I restored the image.

Edited by icerider, 04 December 2006 - 01:28 AM.

[Metallica]

You mean when you use the Start > Turn off computer > Turn Off
it acts as if you used Reboot ?

[icerider]

yeah, it does that randomly. sometimes it turns off, and other times it restarts.

[Metallica]

Can you check the Event Viewer logs if you spot any errors or warnings for those times when the computer Restarts?

[icerider]

i cant find any errors or warning around that timeframe.

[Metallica]

Please click Start > Run > and copy this command:

regedit /e c:\bootoptimize.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction"

Then click OK to execute.
Doing this successfully will create the file c:\bootoptimize.txt
Find it and post the content of that file.

Regards,