TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Synthetic on April 26, 2007, 01:01:55 PM

Title: Computer Restarting
Post by: Synthetic on April 26, 2007, 01:01:55 PM
Hi again,
I have just recently bought a pc, its not new or anything but its in good condition. When I bought it, the previous owner had cleared the harddrive. He told me that it had rebooted itself the night before. I figured I could fix it by installing anti-virus, spyware removal, and adaware onto it to keep it safe from the usual. I also installed another hard drive and downloaded some  trusted online games. Everything seemed fine last night. Then this morning I opened up an aduio player that came with the cd-drive thats installed on accident and tried to close it. It wouldn't close when I hit alt-F4 so I tried to end program and that didn't work. I decided to end process and that worked. Then I tried to defrag the hard drive it gets to 15% and then restarts itself. After that incident its been restarting itself all morning. So before I left for work this morning I shut it down.  Could the problem be coming from how much memory it needs to run programs? If so, will buying another memory chipset solve the problem? I will try and get a hijack file when I get home today.
Title: Computer Restarting
Post by: Synthetic on April 27, 2007, 10:34:13 AM
Heres the log file.

Logfile of HijackThis v1.99.1
Scan saved at 8:32:38 AM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\\trioService.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177463649433\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177465159117\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Title: Computer Restarting
Post by: Mod Ryan on April 27, 2007, 12:18:45 PM
I had the same problem with my past computer, i had to get a new motherboard to correct that problem,

im not sure about you'rs though, you will need Guestolo to help you.
Title: Computer Restarting
Post by: Synthetic on April 27, 2007, 04:48:01 PM
I was informed that I might have a trojan, I'm keeping it disconected from the internet and doing some analisis on my own until Guestolo or some one comes and helps me lol
Title: Computer Restarting
Post by: Mod Ryan on April 27, 2007, 06:38:48 PM
Thats also a possiblity, but if you havn't got one (like me) it could be you'r motherboard.
Title: Computer Restarting
Post by: Synthetic on April 27, 2007, 06:56:11 PM
my computers are well maintained, I just bought this pc from some one half an hour away. It seems to only be about a year or two old its in pretty good shape, or was until the previous owner experienced a problem the night before selling it to me. Aah my dream motherboard is for a different computer though ;D
Title: Computer Restarting
Post by: guestolo on April 28, 2007, 09:47:38 AM
Can I see a different log please
Download [color=\"#2E8B57\"]ComboScan[/color] (http://\"http://www.techsupportforum.com/sectools/Deckard/comboscan.exe\") to your Desktop.Note: When running Comboscan, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags Comboscan as suspicious. Please allow the Comboscan to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)


Post the next logs in your following reply:
 
  • Comboscan.txt
  • Supplementary.txt[/b]
Note: By default, both logs are saved too C:\ComboScan folder

You may need more than one reply to post all the info, please do so if required
Title: Computer Restarting
Post by: Synthetic on April 28, 2007, 10:58:26 AM
Heres the Supplementary log

ComboScan v20070306.20 run by user1 on 2007-04-28 at 08:51:15
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm)   2400+
Percentage of Memory in Use: 93%
Physical Memory (total/avail): 511.48 MiB / 35.16 MiB
Pagefile Memory (total/avail): 1250.38 MiB / 979.88 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1995.23 MiB

C: is Fixed (NTFS) - 57.26 GiB total, 45.42 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 74.53 GiB total, 74.46 GiB free.


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object; error code: 0x8004100E


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user1\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-KIHS3CBKMCWL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user1
LOGONSERVER=\\PC-KIHS3CBKMCWL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user1\LOCALS~1\Temp
TMP=C:\DOCUME~1\user1\LOCALS~1\Temp
USERDOMAIN=PC-KIHS3CBKMCWL
USERNAME=user1
USERPROFILE=C:\Documents and Settings\user1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user1 (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Active Virus Shield --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead InCD EasyWrite Reader --> C:\WINDOWS\UNMrw.exe /UNINSTALL
Ahead NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
AOL Security Toolbar --> regsvr32 /u /s "C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DestroyPokemon Screen Saver --> C:\WINDOWS\system32\DESTRO~1.SCR /U
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 1.99.1 --> C:\DOCUME~1\user1\LOCALS~1\Temp\Rar$EX00.033\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Java(tm) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic 8 Ball Screen Saver --> C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Magic 8 Ball Screen Saver\ST5UNST.LOG"  
MaxBlast 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{639858DD-4966-40F3-A706-7C838BCF3A2B}\setup.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser --> MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Realtek AC\'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log"
Trickster Online --> C:\Program Files\Trickster Online\uninst.exe
Trojan Remover 6.6.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
Zune Desktop Theme --> MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}


-- End of ComboScan: finished at 2007-04-28 at 08:52:41 ------------------------



And for the combo scan log

ComboScan v20070306.20 run by user1 on 2007-04-28 at 08:51:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created ComboScan Restore Point.


-- Last 5 Restore Point(s) --
45: 2007-04-28 15:51:33 UTC - RP45 - ComboScan Restore Point
44: 2007-04-28 01:48:21 UTC - RP44 - Installed Active Virus Shield.
43: 2007-04-27 16:44:14 UTC - RP43 - Removed Active Virus Shield.
42: 2007-04-27 15:46:37 UTC - RP42 - Removed J2SE Runtime Environment 5.0 Update 3
41: 2007-04-26 22:56:46 UTC - RP41 - Installed Java(tm) SE Runtime Environment 6 Update 1


-- First Restore Point --
1: 2007-04-25 00:19:52 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as user1.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:51:58 AM, on 4/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\user1\Desktop\Downloaded Stuff\comboscan.exe
C:\DOCUME~1\user1\MYDOCU~1\user1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\\trioService.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177463649433\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177465159117\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S ALCXSENS (Service for WDM 3D Audio Driver) - C:\WINDOWS\system32\drivers\ALCXSENS.SYS
3S ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
0R BsStor (InCD Storage Helper Driver) - C:\WINDOWS\system32\drivers\bsstor.sys
2R BsUDF (InCD UDF Driver) - C:\WINDOWS\system32\drivers\bsudf.sys
3S cmuda (C-Media WDM Audio Interface) - C:\WINDOWS\system32\drivers\cmuda.sys
3R FET5X86V (VIA Rhine-Family Fast-Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5bv.sys
3S FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - C:\WINDOWS\system32\drivers\fetnd5.sys
3S FETNDISB (VIA Rhine Family Fast Ethernet Adapter Driver Service) - C:\WINDOWS\system32\drivers\fetnd5b.sys
1R incdrm (InCD EasyWrite Reader) - C:\WINDOWS\system32\drivers\incdrm.sys
0R kl1 - C:\WINDOWS\system32\drivers\kl1.sys
1R klif - C:\WINDOWS\system32\drivers\klif.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S sermouse (Serial Mouse Driver) - C:\WINDOWS\system32\drivers\sermouse.sys
3S TVICHW32 - C:\WINDOWS\system32\drivers\TVICHW32.SYS
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\system32\drivers\viaagp1.sys
3R VIAudio (Vinyl AC\'97 Audio Controller (WDM)) - C:\WINDOWS\system32\drivers\vinyl97.sys
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R AVP (Active Virus Shield) - "C:\Program Files\AOL\Active Virus Shield\avp.exe" -r
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S FontCache3.0.0.0 (Windows Presentation Foundation Font Cache 3.0.0.0) - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
2R Iprip (RIP Listener) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S LPDSVC (TCP/IP Print Server) - C:\WINDOWS\System32\tcpsvcs.exe
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2R SimpTcp (Simple TCP/IP Services) - C:\WINDOWS\System32\tcpsvcs.exe
2R SNMP (SNMP Service) - C:\WINDOWS\System32\snmp.exe
3S SNMPTRAP (SNMP Trap Service) - C:\WINDOWS\System32\snmptrap.exe
2R uploadmgr (Upload Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S usprserv (User Privilege Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs


-- Files created between 2007-03-28 and 2007-04-28 -----------------------------

2007-04-28 08:30:18         0 d-------- C:\Program Files\Enigma Software Group<ENIGMA~1>
2007-04-27 22:36:34         0 d-------- C:\Program Files\Guild Wars<GUILDW~1>
2007-04-27 18:50:00         0 d-------- C:\Program Files\AOL Security Toolbar<AOLSEC~1>
2007-04-27 18:48:27      7456 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-27 18:48:27    806432 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-27 18:48:27         0 d-------- C:\Program Files\AOL
2007-04-27 18:48:27         0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-04-27 18:20:12         0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-04-27 17:53:15         0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-27 17:52:59    153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-27 17:52:59     75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-27 17:52:58         0 d-------- C:\Program Files\Trojan Remover<TROJAN~1>
2007-04-27 17:52:58         0 d-------- C:\Documents and Settings\user1\Application Data\Simply Super Software<SIMPLY~1>
2007-04-27 17:52:58         0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software<SIMPLY~1>
2007-04-27 17:50:10         0 d-------- C:\Downloads<DOWNLO~1>
2007-04-27 17:50:09         0 d-------- C:\Documents and Settings\user1\Application Data\GetRightToGo<GETRIG~1>
2007-04-26 23:14:03         0 d-------- C:\Shockwave<SHOCKW~1>
2007-04-26 23:11:38     37888 --a------ C:\WINDOWS\system32\Magic 8 Ball Screen Saver.scr<MAGIC8~1.SCR>
2007-04-26 23:11:38        65 --a------ C:\WINDOWS\system32\Magic 8 Ball Screen Saver.dat<MAGIC8~1.DAT>
2007-04-26 23:11:37     28672 --a------ C:\WINDOWS\system32\activscr.dll
2007-04-26 23:11:37         0 d-------- C:\Program Files\Magic 8 Ball Screen Saver<MAGIC8~1>
2007-04-26 23:10:43     29696 --a------ C:\WINDOWS\system32\VB5StKit.dll
2007-04-26 23:10:43     71680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-04-26 23:08:26      9728 --a------ C:\WINDOWS\system32\UnInstall DestroyPokemon.exe<UNINST~1.EXE>
2007-04-26 23:08:26    354021 --a------ C:\WINDOWS\system32\DestroyPokemon.scr<DESTRO~1.SCR>
2007-04-26 22:14:24         0 d-------- C:\Program Files\plus!
2007-04-26 19:23:31      1156 --a------ C:\WINDOWS\mozver.dat
2007-04-26 19:00:24         0 d-------- C:\Program Files\ReflexiveArcade<REFLEX~1>
2007-04-26 18:16:20         0 d-------- C:\WINDOWS\Sun
2007-04-26 18:16:20         0 d-------- C:\Documents and Settings\user1\Application Data\Sun
2007-04-26 17:43:52         3 --a------ C:\WINDOWS\system32\Dino.dll
2007-04-26 17:37:42         1 --a------ C:\WINDOWS\system32\Shark.dll
2007-04-26 17:36:58         0 d-------- C:\Program Files\3D-Relax
2007-04-26 17:32:12         0 d-------- C:\Program Files\FunWebProducts<FUNWEB~1>
2007-04-26 17:13:25         0 d-------- C:\Documents and Settings\user1\Application Data\IMVU
2007-04-26 17:12:57         0 d-------- C:\Program Files\IMVU
2007-04-26 16:26:45         0 d-------- C:\Documents and Settings\user1\Application Data\MSN6
2007-04-26 16:26:45         0 d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2007-04-25 20:58:46         0 d-------- C:\Documents and Settings\user1\Shared
2007-04-25 20:58:44         0 d-------- C:\Documents and Settings\user1\Incomplete<INCOMP~1>
2007-04-25 20:57:09         0 d-------- C:\Program Files\Java
2007-04-25 20:56:58         0 d-------- C:\Program Files\Common Files\Java
2007-04-25 20:56:52         0 d-------- C:\Program Files\LimeWire
2007-04-25 20:55:37         0 d-------- C:\Documents and Settings\user1\.limewire<LIMEWI~1>
2007-04-25 20:52:12    141612 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys<DUMP_W~1.SYS>
2007-04-25 20:52:02      4682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-25 20:33:51         0 d-------- C:\Program Files\Trickster Online<TRICKS~1>
2007-04-25 19:20:33      3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-25 19:20:30         0 d-------- C:\Program Files\Grisoft
2007-04-25 19:17:22         0 d-------- C:\Documents and Settings\user1\Application Data\Lavasoft
2007-04-25 19:17:19         0 d-------- C:\Program Files\Lavasoft
2007-04-25 19:17:06         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-04-25 19:03:52         0 --a------ C:\WINDOWS\nsreg.dat
2007-04-25 19:03:44         0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-04-25 18:30:15         0 d-------- C:\Program Files\Western Digital<WESTER~1>
2007-04-25 07:37:35    203648 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2007-04-25 07:37:10    331184 -----n--- C:\WINDOWS\system32\difxapi.dll
2007-04-25 01:07:07         0 d-------- C:\WINDOWS\system32\NtmsData
2007-04-25 01:01:18         0 d-------- C:\Program Files\MSXML 6.0<MSXML6~1.0>
2007-04-25 01:00:03         0 d-------- C:\Program Files\MSBuild
2007-04-25 00:55:42         0 d-------- C:\WINDOWS\system32\XPSViewer<XPSVIE~1>
2007-04-25 00:40:21         0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-04-25 00:39:45         0 d-------- C:\4c95fae7a481e7e3398a3828bf<4C95FA~1>
2007-04-25 00:39:30     14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-04-25 00:38:50         0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-04-25 00:37:44         0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-25 00:37:44         0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-25 00:32:41         0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2>
2007-04-25 00:30:42         0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-04-25 00:30:42         0 dr--s---- C:\WINDOWS\assembly
2007-04-25 00:30:41         0 d-------- C:\WINDOWS\system32\URTTemp
2007-04-25 00:02:30     36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-04-25 00:02:30    288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 00:02:30    116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-04-24 23:21:53    208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-24 23:21:22    208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-24 23:21:08         0 d-------- C:\NVIDIA
2007-04-24 23:09:27         0 d-------- C:\Program Files\Maxtor
2007-04-24 23:05:52         0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-04-24 22:46:55         0 d-------- C:\WINDOWS\WBEM
2007-04-24 22:46:54         0 d-------- C:\WINDOWS\system32\en-US
2007-04-24 22:45:26         0 d--h---c- C:\WINDOWS\ie7
2007-04-24 22:44:50    121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-04-24 22:44:21         0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-04-24 22:03:25         0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-04-24 22:03:23         0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-24 21:11:55    127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-24 20:57:44         0 d-------- C:\WINDOWS\Prefetch
2007-04-24 20:53:21         0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-04-24 20:53:21         0 d-------- C:\WINDOWS\peernet
2007-04-24 20:51:59         0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-04-24 20:48:47     23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-24 20:46:44         0 d-------- C:\WINDOWS\EHome
2007-04-24 20:42:07     23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-24 20:33:06     37376 -----n--- C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-24 20:33:06     43008 -----n--- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-24 20:33:06     42752 -----n--- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-24 20:33:06     44928 -----n--- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-24 20:33:06     42368 -----n--- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-24 20:33:06      3775 -----n--- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-24 20:33:06      3711 -----n--- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-24 20:33:06      3135 -----n--- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-24 20:33:06      3647 -----n--- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-24 20:33:06      3615 -----n--- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-24 20:33:06      3967 -----n--- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-24 20:33:06      4255 -----n--- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-24 20:33:05     30671 -----n--- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-24 20:33:05     12047 -----n--- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-24 20:33:05     11615 -----n--- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-24 20:33:05     56623 -----n--- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-24 20:33:04    701440 -----n--- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-24 20:33:04    327040 -----n--- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-24 20:33:04     34735 -----n--- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-24 20:33:04     29455 -----n--- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-24 20:33:04     36463 -----n--- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-24 20:33:04     21343 -----n--- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-24 20:33:04     26367 -----n--- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-24 20:33:04     63663 -----n--- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-24 20:33:04    870784 -----n--- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-24 20:33:04    201728 -----n--- C:\WINDOWS\system32\ati2dvag.dll
2007-04-24 20:33:04    377984 -----n--- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-24 20:33:04    229376 -----n--- C:\WINDOWS\system32\ati2cqag.dll
2007-04-24 20:33:03     17279 -----n--- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-24 20:33:03     14143 -----n--- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-24 20:33:03     25471 -----n--- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-24 20:33:03     11359 -----n--- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-24 20:33:03     21183 -----n--- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-24 20:33:03     63488 -----n--- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-24 20:33:03     31744 -----n--- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-24 20:33:03     73216 -----n--- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-24 20:33:03     13824 -----n--- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-24 20:33:03     28672 -----n--- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-24 20:33:03    104960 -----n--- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-24 20:33:03     52224 -----n--- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-24 20:33:03     14336 -----n--- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-24 20:33:03     13824 -----n--- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-24 20:33:03     57856 -----n--- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-24 20:33:03     14336 -----n--- C:\WINDOWS\system32\auditusr.exe
2007-04-24 20:33:03    516768 -----n--- C:\WINDOWS\system32\ativvaxx.dll
2007-04-24 20:33:03     32768 -----n--- C:\WINDOWS\system32\ativtmxx.dll
2007-04-24 20:33:03   1888992 -----n--- C:\WINDOWS\system32\ati3duag.dll
2007-04-24 20:33:02     18944 -----n--- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-24 20:33:02     35456 -----n--- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-24 20:33:02    274304 -----n--- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-24 20:33:02    100992 -----n--- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-24 20:33:02     38016 -----n--- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-24 20:33:02     17024 -----n--- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-24 20:33:02     50688 -----n--- C:\WINDOWS\system32\btpanui.dll
2007-04-24 20:33:02     30208 -----n--- C:\WINDOWS\system32\bthserv.dll
2007-04-24 20:33:02     20992 -----n--- C:\WINDOWS\system32\bthci.dll
2007-04-24 20:33:02     71680 -----n--- C:\WINDOWS\system32\blastcln.exe
2007-04-24 20:33:01     15423 -----n--- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-24 20:33:00     13824 -----n--- C:\WINDOWS\system32\cmsetacl.dll
2007-04-24 20:32:58   1689088 -----n--- C:\WINDOWS\system32\d3d9.dll
2007-04-24 20:32:55      4096 -----n--- C:\WINDOWS\system32\dsprpres.dll
2007-04-24 20:32:54   2113536 -----n--- C:\WINDOWS\system32\dxdiagn.dll
2007-04-24 20:32:53     23040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-24 20:32:53     16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-24 20:32:53     20992 -----n--- C:\WINDOWS\system32\faxpatch.exe
2007-04-24 20:32:53    186368 -----n--- C:\WINDOWS\system32\encdec.dll
2007-04-24 20:32:53     20480 -----n--- C:\WINDOWS\system32\encapi.dll
2007-04-24 20:32:53    128896 -----n--- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-24 20:32:51     60416 -----n--- C:\WINDOWS\system32\fwcfg.dll
2007-04-24 20:32:51    193024 -----n--- C:\WINDOWS\system32\fsquirt.exe
2007-04-24 20:32:51     46464 -----n--- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-24 20:32:50      7168 -----n--- C:\WINDOWS\system32\hccoin.dll
2007-04-24 20:32:50     15104 -----n--- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-24 20:32:50     25600 -----n--- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-24 20:32:49     24576 -----n--- C:\WINDOWS\system32\httpapi.dll
2007-04-24 20:32:49     32285 -----n--- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-24 20:32:49    262784 -----n--- C:\WINDOWS\system32\drivers\http.sys
2007-04-24 20:32:49   1041536 -----n--- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-24 20:32:49    685056 -----n--- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-24 20:32:49    220032 -----n--- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-24 20:32:47     78336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-04-24 20:32:46     29056 -----n--- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-24 20:32:46     36096 -----n--- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-24 20:32:45      7680 -----n--- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-24 20:32:45      7168 -----n--- C:\WINDOWS\system32\kbdno1.dll
2007-04-24 20:32:45      6144 -----n--- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-24 20:32:45      6144 -----n--- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-24 20:32:45      5632 -----n--- C:\WINDOWS\system32\kbdmaori.dll
2007-04-24 20:32:45      6656 -----n--- C:\WINDOWS\system32\kbdinmal.dll
2007-04-24 20:32:45      6656 -----n--- C:\WINDOWS\system32\kbdinben.dll
2007-04-24 20:32:45      6144 -----n--- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-24 20:32:45      7168 -----n--- C:\WINDOWS\system32\kbdfi1.dll
2007-04-24 20:32:44      7168 -----n--- C:\WINDOWS\system32\kbdukx.dll
2007-04-24 20:32:44      7680 -----n--- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-24 20:32:40     59392 -----n--- C:\WINDOWS\system32\logman.exe
2007-04-24 20:32:39     86016 -----n--- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-24 20:32:39     11868 -----n--- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-24 20:32:31    118784 -----n--- C:\WINDOWS\system32\msdadiag.dll
2007-04-24 20:32:27    539136 -----n--- C:\WINDOWS\system32\msftedit.dll
2007-04-24 20:32:24    134656 -----n--- C:\WINDOWS\system32\mssap.dll
2007-04-24 20:32:24     27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-04-24 20:32:24     15488 -----n--- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-24 20:32:21    126686 -----n--- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-24 20:32:20   1737856 -----n--- C:\WINDOWS\system32\mtxparhd.dll
2007-04-24 20:32:20     12672 -----n--- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-24 20:32:20    452736 -----n--- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-24 20:32:20   1309184 -----n--- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-24 20:32:18    180360 -----n--- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-24 20:32:17      9216 -----n--- C:\WINDOWS\system32\proxycfg.exe
2007-04-24 20:32:17     49152 -----n--- C:\WINDOWS\system32\powercfg.exe
2007-04-24 20:32:17     58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-24 20:32:17    553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-04-24 20:32:17    116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-04-24 20:32:17    313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-04-24 20:32:17    104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-04-24 20:32:17    153088 --a------ C:\WINDOWS\system32\p2p.dll
2007-04-24 20:32:16     29184 -----n--- C:\WINDOWS\system32\sdhcinst.dll
2007-04-24 20:32:16    159232 -----n--- C:\WINDOWS\system32\sbeio.dll
2007-04-24 20:32:16    270848 -----n--- C:\WINDOWS\system32\sbe.dll
2007-04-24 20:32:16    397056 -----n--- C:\WINDOWS\system32\s3gnb.dll
2007-04-24 20:32:16     67584 -----n--- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-24 20:32:16    166912 -----n--- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-24 20:32:16     30080 -----n--- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-24 20:32:16     59648 -----n--- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-24 20:32:16     13776 -----n--- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-24 20:32:15     41088 -----n--- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-24 20:32:15      3901 -----n--- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-24 20:32:15     10240 -----n--- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-24 20:32:15     11136 -----n--- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-24 20:32:14     21504 -----n--- C:\WINDOWS\system32\spupdwxp.exe
2007-04-24 20:32:14      8192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-04-24 20:32:14      8192 -----n--- C:\WINDOWS\system32\smbinst.exe
2007-04-24 20:32:14     73796 -----n--- C:\WINDOWS\system32\slserv.exe
2007-04-24 20:32:14     32866 -----n--- C:\WINDOWS\system32\slrundll.exe
2007-04-24 20:32:14    188508 -----n--- C:\WINDOWS\system32\slgen.dll
2007-04-24 20:32:14    286792 -----n--- C:\WINDOWS\system32\slextspk.dll
2007-04-24 20:32:14     73832 -----n--- C:\WINDOWS\system32\slcoinst.dll
2007-04-24 20:32:14      6016 -----n--- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-24 20:32:14     13240 -----n--- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-24 20:32:14     95424 -----n--- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-24 20:32:14    404990 -----n--- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-24 20:32:14    129535 -----n--- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-24 20:32:14     32866 -----n--- C:\WINDOWS\slrundll.exe
2007-04-24 20:32:13     75776 -----n--- C:\WINDOWS\system32\strmfilt.dll
2007-04-24 20:32:12     44032 -----n--- C:\WINDOWS\system32\twext.dll
2007-04-24 20:32:12     44672 -----n--- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-24 20:32:12     12416 -----n--- C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-24 20:32:11     15872 -----n--- C:\WINDOWS\system32\w3ssl.dll
2007-04-24 20:32:11     25471 -----n--- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-24 20:32:11     22271 -----n--- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-24 20:32:11     11935 -----n--- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-24 20:32:11     11871 -----n--- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-24 20:32:11     11295 -----n--- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-24 20:32:11     11807 -----n--- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-24 20:32:11     13568 -----n--- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-24 20:32:11     42240 -----n--- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-24 20:32:11     11325 -----n--- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-24 20:32:11     78464 -----n--- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-24 20:32:11     12672 -----n--- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-24 20:32:10    227328 -----n--- C:\WINDOWS\system32\wmerror.dll
2007-04-24 20:32:10     17408 -----n--- C:\WINDOWS\system32\winshfhc.dll
2007-04-24 20:32:10    937984 -----n--- C:\WINDOWS\system32\winbrand.dll
2007-04-24 20:32:09   2897920 -----n--- C:\WINDOWS\system32\xpsp2res.dll
2007-04-24 20:32:09    187392 -----n--- C:\WINDOWS\system32\xpsp1res.dll
2007-04-24 20:32:09     50176 -----n--- C:\WINDOWS\system32\xmlprovi.dll
2007-04-24 20:32:09    129536 -----n--- C:\WINDOWS\system32\xmlprov.dll
2007-04-24 20:32:09    108032 -----n--- C:\WINDOWS\system32\wshbth.dll
2007-04-24 20:32:09     81408 -----n--- C:\WINDOWS\system32\wscsvc.dll
2007-04-24 20:32:09     13824 -----n--- C:\WINDOWS\system32\wscntfy.exe
2007-04-24 20:32:09    314880 -----n--- C:\WINDOWS\system32\wmpdxm.dll
2007-04-24 20:32:09    242688 -----n--- C:\WINDOWS\system32\wmpasf.dll
2007-04-24 18:42:09     11776 -----n--- C:\WINDOWS\system32\spnpinst.exe
2007-04-24 18:32:01    262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-24 18:31:06     40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-24 18:31:05    331264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-24 18:31:05    614912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-24 18:31:05     77312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-24 18:30:05     91136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-24 18:30:05     66560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-24 18:30:04    101376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-24 18:30:04    397824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-24 18:30:04    581120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-24 18:30:04   1285120 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-24 18:30:04    161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-24 18:30:04    956416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-24 18:30:04    426496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-24 18:30:04    243200 --a------ C:\WINDOWS\system32\es.dll
2007-04-24 18:30:04    540160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-24 18:30:04     60416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-24 18:30:03   1267200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-24 18:30:03    110080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-24 18:30:03    625152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-24 18:30:03    225792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-24 18:29:52    171280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-24 18:29:52     46352 --a------ C:\WINDOWS\setdebug.exe
2007-04-24 18:29:51    313856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-24 18:29:51      6550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-24 18:29:47       113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-24 18:29:47       113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-24 18:29:47    171792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-24 18:29:47    286992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-24 18:29:47     21264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-24 18:29:46    947472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-24 18:29:46    154384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-24 18:29:46    172304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-24 18:29:46     15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-24 18:29:45    404752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-24 18:29:45     63248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-24 18:29:45    187152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-24 18:29:44     49424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-24 18:27:38    239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-24 18:25:29     26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-24 18:25:29         0 d--h---c- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1>
2007-04-24 18:20:15         0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-04-24 18:17:21         0 d-------- C:\WINDOWS\system32\bits
2007-04-24 18:17:01    438784 -----n--- C:\WINDOWS\system32\xpob2res.dll
2007-04-24 18:17:01    351232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-24 18:17:01     18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-24 18:17:01      7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-04-24 18:17:01      8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-04-24 18:15:58     18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-24 18:15:58     41240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-24 18:15:58    127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-24 18:15:58    194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-24 18:15:58    172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-24 18:15:58    465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-24 18:15:28         0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-24 18:14:03         0 d--hs---- C:\Documents and Settings\user1\UserData
2007-04-24 18:10:56     40960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2007-04-24 18:10:49     26624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-24 18:07:43      4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2007-04-24 18:07:37     27165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-24 18:07:23     74240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-24 18:07:23     20480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-24 18:07:23    142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-24 18:07:23     57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-24 18:01:37     17664 --a------ C:\WINDOWS\system32\drivers\sermouse.sys
2007-04-24 17:54:41   1069056 -----n--- C:\WINDOWS\UNMRW.exe
2007-04-24 17:54:41      7582 -----n--- C:\WINDOWS\system32\drivers\incdrm.sys
2007-04-24 17:54:27      9344 -----n--- C:\WINDOWS\system32\drivers\bsstor.sys
2007-04-24 17:54:27   1134592 -----n--- C:\WINDOWS\NuNinst.exe
2007-04-24 17:54:26    389504 -----n--- C:\WINDOWS\system32\drivers\bsudf.sys
2007-04-24 17:54:03   1130496 -----n--- C:\WINDOWS\UNNMP.exe
2007-04-24 17:53:02      4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-04-24 17:53:02      4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-04-24 17:53:02      4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-04-24 17:53:01      4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-24 17:53:01      4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-04-24 17:53:01   1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-04-24 17:53:01    603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-04-24 17:53:01      4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-04-24 17:53:01    757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2007-04-24 17:53:00   2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2007-04-24 17:53:00      4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-04-24 17:53:00    937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2007-04-24 17:53:00    157184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-04-24 17:53:00   1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2007-04-24 17:53:00    211456 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-24 17:53:00    100864 --a------ C:\WINDOWS\system32\logagent.exe
2007-04-24 17:53:00     11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2007-04-24 17:52:59    222208 --a------ C:\WINDOWS\system32\WMASF.dll
2007-04-24 17:52:59    179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-04-24 17:52:58    991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-04-24 17:52:58     96768 --a------ C:\WINDOWS\system32\drmstor.dll
2007-04-24 17:52:58    258296 --a------ C:\WINDOWS\system32\drmclien.dll
2007-04-24 17:52:58    542720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-04-24 17:52:17         0 d-------- C:\Program Files\Ahead
2007-04-24 17:34:47         0 d-------- C:\WINDOWS\nview
2007-04-24 17:27:53      6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-24 17:27:52     82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-24 17:27:50     52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-24 17:27:49     54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-24 17:27:48    142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-24 17:27:46    172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-24 17:27:45      2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-24 17:27:44     60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-24 17:27:32      7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-24 17:27:31      4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-24 17:27:30      5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-24 17:27:20      4096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-24 17:27:20     48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-24 17:27:20    145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-24 17:27:20    140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-24 17:27:20     60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-24 17:27:18         0 d-------- C:\Program Files\Realtek Sound Manager<REALTE~1>
2007-04-24 17:27:13         0 d-------- C:\Program Files\AvRack
2007-04-24 17:27:12   5867008 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-24 17:27:12    155648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-24 17:27:12    610988 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-24 17:27:12     65024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-24 17:27:11    712704 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-04-24 17:27:11    712704 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-24 17:27:11    765952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-04-24 17:27:10    391424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-24 17:26:49    208896 -----n--- C:\WINDOWS\alcupd.exe
2007-04-24 17:26:48       640 -----n--- C:\WINDOWS\system32\drivers\alcxinit.dat
2007-04-24 17:26:48    139264 -----n--- C:\WINDOWS\alcrmv.exe
2007-04-24 17:26:31         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-24 17:26:20         0 d-------- C:\Program Files\VIA
2007-04-24 17:25:43     35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-24 17:25:41         0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1>
2007-04-24 17:25:36    306688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-24 17:25:28         0 d-------- C:\Documents and Settings\user1\WINDOWS
2007-04-24 17:24:36         0 d-------- C:\WINDOWS\system32\Tools
2007-04-24 17:24:27         0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-24 17:22:29         0 d-------- C:\WINDOWS\system32\FxsTmp
2007-04-24 17:22:17     18944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-04-24 17:22:17     18944 --a------ C:\WINDOWS\system32\lprmon.dll
2007-04-24 17:22:17     22528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-04-24 17:22:17     35328 --a------ C:\WINDOWS\system32\iprip.dll
2007-04-24 17:22:15      8704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-04-24 17:22:15      6144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-04-24 17:22:15     33280 -ra------ C:\WINDOWS\system32\snmp.exe
2007-04-24 17:22:15     92160 --a------ C:\WINDOWS\system32\evntwin.exe
2007-04-24 17:22:15     24064 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-04-24 17:22:15    101888 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-04-24 17:22:14     33792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-04-24 17:22:14     39936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-04-24 17:22:14    400384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-04-24 17:22:14    192512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2007-04-24 17:22:14    154112 --a------ C:\WINDOWS\system32\fxsui.dll
2007-04-24 17:22:14    397312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-04-24 17:22:14    246272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-04-24 17:22:14    267776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-04-24 17:22:13    562176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-04-24 17:22:13     11264 --a------ C:\WINDOWS\system32\fxssend.exe
2007-04-24 17:22:13     31744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-04-24 17:22:13      6656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-04-24 17:22:13      8704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-04-24 17:22:13     23552 --a------ C:\WINDOWS\system32\fxsmon.dll
2007-04-24 17:22:13     23552 --a------ C:\WINDOWS\system32\fxsext32.dll
2007-04-24 17:22:13     55296 --a------ C:\WINDOWS\system32\fxsevent.dll
2007-04-24 17:22:13     27136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-04-24 17:22:13    229376 --a------ C:\WINDOWS\system32\fxscover.exe
2007-04-24 17:22:13    285184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-04-24 17:22:13     72192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-04-24 17:22:13    132608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2007-04-24 17:22:13    143360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-04-24 17:22:13    111104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2007-04-24 17:22:12    452096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-04-24 17:19:42         0 d--hs---- C:\WINDOWS\Installer<INSTAL~1>
2007-04-24 17:19:21    139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-24 17:19:02   1835008 --ah----- C:\Documents and Settings\user1\NTUSER.DAT
2007-04-24 17:18:05         0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-24 17:18:04    262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-24 17:18:03    262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-24 17:14:45         0 d-------- C:\WINDOWS\system32\xircom
2007-04-24 17:14:45         0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-24 17:14:44   2515312 --a------ C:\WINDOWS\system32\IE60~1.EXE
2007-04-24 17:14:42   5473872 --a------ C:\WINDOWS\system32\MSJAVX86.EXE
2007-04-24 17:14:41    233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-24 17:14:41         0 d-------- C:\DELL
2007-04-24 17:13:35         0 -rahs---- C:\MSDOS.SYS
2007-04-24 17:13:35         0 -rahs---- C:\IO.SYS
2007-04-24 17:13:35         0 --a------ C:\CONFIG.SYS
2007-04-24 17:13:35         0 --a------ C:\AUTOEXEC.BAT
2007-04-24 17:13:24    112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-24 17:12:44         0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-24 17:12:34         0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-24 17:12:34         0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-24 17:12:10         0 d-------- C:\WINDOWS\srchasst
2007-04-24 17:12:03         0 d-------- C:\WINDOWS\system32\DirectX
2007-04-24 17:12:02         0 d-------- C:\WINDOWS\system32\Macromed
2007-04-24 17:11:51    382464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-24 17:11:50         0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-24 17:11:34     45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-24 17:11:33     29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-24 17:11:33     43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-24 17:11:33     43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-24 17:11:33     11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-24 17:11:23         0 d-------- C:\WINDOWS\system32\Restore
2007-04-24 17:11:22    170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-24 17:11:22     67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-24 17:11:22     73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-24 17:11:21     28672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-24 17:11:21     12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-24 17:11:21     32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-24 17:11:21     34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-24 17:11:21     32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-24 17:11:21     81920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-24 17:11:20     69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-24 17:11:17    105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-24 17:11:17    252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-24 17:11:17     64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-24 17:11:17         0 d-------- C:\WINDOWS\PCHEALTH
2007-04-24 17:11:15     48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-24 17:11:15    679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-24 17:11:11         0 d---s---- C:\WINDOWS\Tasks
2007-04-24 17:11:11    190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-24 17:11:11     12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-24 17:11:11    274944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-24 17:11:10     81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-24 17:11:10    274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-24 17:11:10     65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-24 17:11:10     73728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-24 17:11:10     16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-24 17:11:07         0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-24 17:10:56     21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-24 17:10:38         0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-24 17:10:09         0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2>
2007-04-24 17:10:09         0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-04-24 17:10:04         0 d
Title: Computer Restarting
Post by: Synthetic on April 28, 2007, 11:05:52 AM
[quote name='Synthetic' date='Apr 28 2007, 10:02 AM' post='320054']
err it did post, and im having trouble with this keyboard lol
Title: Computer Restarting
Post by: guestolo on April 29, 2007, 10:38:22 AM
Did you install all those third party screens savers
Not all or any may be bad, but they sometimes have a tendency of including adware and can cause troubles
Especially the free ones
This includes
DestroyPokemon Screen Saver
Magic 8 Ball Screen Saver
Screensavers Installer Version 2

If  you didn't pay for any of the above, I suggest that you try uninstalling them for now from add/remove programs then reboot
the computer

Also note this entry:
SpyHunter
If you didn't pay for it, you may want to remove it, there are free tools that do a better job
Even though SpyHunter isn't on the rogue list anymore, I still shy away from recommending it
You have Ad-Aware installed, it's a good tool

In addition to Ad-Aware I would install the following
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates (or right click and Select All)
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
Restart the computer afterwards

Post a fresh hijackthis log afterwards

Back in Windows, can you ensure the following is set
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there
Hopefully, the next time, you won't get a short blue screen and restart
The screen will stay blue, you can note the error message
Manually restart the computer and post the Whole error message
Title: Computer Restarting
Post by: Synthetic on April 29, 2007, 01:00:47 PM
fresh log file! =)

Logfile of HijackThis v1.99.1
Scan saved at 10:59:30 AM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com (http://\"http://www.all-search-engines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\\trioService.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177463649433\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177465159117\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Title: Computer Restarting
Post by: guestolo on April 29, 2007, 01:23:05 PM
For now, can I have you disable Spybot's TeaTimer
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck ONLY the Teatimer box.
Click Allow Change box if prompted
Close Spybot

Do a "System scan only" with Hijackthis and put a check next to these entries:

If you didn't manually set this first one to your preferred start page, tick it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com (http://\"http://www.all-search-engines.com\")


Tick the next one also
O4 - HKLM\..\Run: [trioService] "C:\Program Files\3D-Relax\3D Living Dinosaurs Trial\\trioService.exe "
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer

Come back here and post a fresh hijackthis log

Also, can I just check on something
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Title: Computer Restarting
Post by: Synthetic on April 29, 2007, 02:25:36 PM
it shut itself down and turned itself on about 15 min ago during guildwars then I came here to check, hopefully that solved the problem maybe /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Logfile of HijackThis v1.99.1
Scan saved at 12:21:51 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com (http://\"http://www.all-search-engines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177463649433\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177465159117\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Title: Computer Restarting
Post by: Synthetic on April 29, 2007, 03:39:38 PM
and about 20min later it minimizes everything and flashed a "windows security test" window and shut the computer down. arg this computer seems to have a mind of its own today =/ heres another logfile right after this incident.
Logfile of HijackThis v1.99.1
Scan saved at 1:42:27 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com (http://\"http://www.all-search-engines.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177463649433\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177465159117\")
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab (http://\"http://driveragent.com/files/driveragent.cab\")
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Title: Computer Restarting
Post by: guestolo on April 30, 2007, 08:00:13 PM
Did you do this???
Quote
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there

I would like to see a combofix log, this is different than comboscan
I posted the instructions earlier
Quote
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\") and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please

As Mod Ryan pointed out, this could also be a hardware problem, or just a problem of the computer overheating from dust
Have you had the box open and blown out all the dust?
Is it clean inside?

Also, can you let me know if you purposely set this as your homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com (http://\"http://www.all-search-engines.com\")
Title: Computer Restarting
Post by: Synthetic on May 01, 2007, 08:25:37 PM
"user1" - 07-05-01 18:21:18    Service Pack 2  
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\user1\"


((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\install.exe


(((((((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Iprip
-------\LEGACY_IPRIP


(((((((((((((((((((((((((((((((   Files Created from 2007-04-01 to 2007-05-01  ))))))))))))))))))))))))))))))))))


2007-05-01 17:44   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\Aim
2007-05-01 17:43   348,160   --a------   C:\WINDOWS\system32\msvcr71.dll
2007-05-01 17:43   <DIR>   d--------   C:\WINDOWS\LastGood
2007-05-01 17:43   <DIR>   d--------   C:\Program Files\Viewpoint
2007-05-01 17:43   <DIR>   d--------   C:\Program Files\AOD
2007-05-01 17:43   <DIR>   d--------   C:\Program Files\AIM
2007-05-01 17:43   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-01 17:31   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-29 16:18   213,148   --a------   C:\WINDOWS\INSTALL.scr
2007-04-29 10:40   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-28 22:23   <DIR>   d--h-----   C:\Program Files\InstallJammer Registry
2007-04-28 22:08   <DIR>   d--------   C:\Program Files\Astro Gemini Software
2007-04-28 08:30   <DIR>   d--------   C:\Program Files\Enigma Software Group
2007-04-27 22:36   <DIR>   d--------   C:\Program Files\Guild Wars
2007-04-27 18:50   <DIR>   d--------   C:\Program Files\AOL Security Toolbar
2007-04-27 18:48   18,464   --ahs----   C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-27 18:48   1,809,952   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-27 18:48   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-27 18:20   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-04-27 17:53   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-27 17:52   75,264   --a------   C:\WINDOWS\system32\unacev2.dll
2007-04-27 17:52   153,088   --a------   C:\WINDOWS\system32\UNRAR3.dll
2007-04-27 17:52   <DIR>   d--------   C:\Program Files\Trojan Remover
2007-04-27 17:52   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\Simply Super Software
2007-04-27 17:52   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-04-27 17:50   <DIR>   d--------   C:\Downloads
2007-04-27 17:50   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\GetRightToGo
2007-04-26 23:14   <DIR>   d--------   C:\Shockwave
2007-04-26 23:10   71,680   --a------   C:\WINDOWS\ST5UNST.EXE
2007-04-26 23:08   9,728   --a------   C:\WINDOWS\system32\UnInstall DestroyPokemon.exe
2007-04-26 22:14   <DIR>   d--------   C:\Program Files\plus!
2007-04-26 19:23   1,156   --a------   C:\WINDOWS\mozver.dat
2007-04-26 19:00   <DIR>   d--------   C:\Program Files\ReflexiveArcade
2007-04-26 17:43   3   --a------   C:\WINDOWS\system32\Dino.dll
2007-04-26 17:37   1   --a------   C:\WINDOWS\system32\Shark.dll
2007-04-26 17:13   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\IMVU
2007-04-26 17:12   <DIR>   d--------   C:\Program Files\IMVU
2007-04-26 16:26   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\MSN6
2007-04-26 16:26   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-04-25 20:58   <DIR>   d--------   C:\DOCUME~1\user1\Shared
2007-04-25 20:58   <DIR>   d--------   C:\DOCUME~1\user1\Incomplete
2007-04-25 20:56   <DIR>   d--------   C:\Program Files\LimeWire
2007-04-25 20:55   <DIR>   d--------   C:\DOCUME~1\user1\.limewire
2007-04-25 20:52   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2007-04-25 20:52   141,612   --a------   C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-25 20:33   <DIR>   d--------   C:\Program Files\Trickster Online
2007-04-25 19:20   3,968   --a------   C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-25 19:17   <DIR>   d--------   C:\Program Files\Lavasoft
2007-04-25 19:17   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 19:17   <DIR>   d--------   C:\DOCUME~1\user1\APPLIC~1\Lavasoft
2007-04-25 19:03   0   --a------   C:\WINDOWS\nsreg.dat
2007-04-25 18:30   <DIR>   d--------   C:\Program Files\Western Digital
2007-04-25 07:37   331,184   ---------   C:\WINDOWS\system32\difxapi.dll
2007-04-25 07:37   203,648   -ra------   C:\WINDOWS\system32\drivers\vinyl97.sys
2007-04-25 07:36   <DIR>   d--hs----   C:\RECYCLER
2007-04-25 01:07   <DIR>   d--------   C:\WINDOWS\system32\NtmsData
2007-04-25 01:01   <DIR>   d--------   C:\Program Files\MSXML 6.0
2007-04-25 01:00   <DIR>   d--------   C:\Program Files\MSBuild
2007-04-25 00:55   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2007-04-25 00:40   <DIR>   d--------   C:\Program Files\Reference Assemblies
2007-04-25 00:39   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2007-04-25 00:39   <DIR>   d--------   C:\4c95fae7a481e7e3398a3828bf
2007-04-25 00:38   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-04-25 00:37   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2007-04-25 00:37   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2007-04-25 00:32   <DIR>   d--------   C:\WINDOWS\RegisteredPackages
2007-04-25 00:30   <DIR>   d--------   C:\WINDOWS\system32\URTTemp
2007-04-25 00:02   36,352   ---------   C:\WINDOWS\system32\tsgqec.dll
2007-04-25 00:02   288,768   ---------   C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 00:02   116,736   ---------   C:\WINDOWS\system32\aaclient.dll
2007-04-24 23:21   208,896   --a------   C:\WINDOWS\system32\NVUNINST.EXE
2007-04-24 23:21   208,896   --a------   C:\WINDOWS\system32\nvudisp.exe
2007-04-24 23:21   <DIR>   d--------   C:\NVIDIA
2007-04-24 23:09   <DIR>   d--------   C:\Program Files\Maxtor
2007-04-24 22:44   <DIR>   d--------   C:\WINDOWS\network diagnostic
2007-04-24 22:03   <DIR>   d--------   C:\WINDOWS\system32\PreInstall
2007-04-24 21:11   127,208   --a------   C:\WINDOWS\system32\mucltui.dll
2007-04-24 20:57   <DIR>   d--------   C:\WINDOWS\Prefetch
2007-04-24 20:53   <DIR>   d--------   C:\WINDOWS\provisioning
2007-04-24 20:53   <DIR>   d--------   C:\WINDOWS\peernet
2007-04-24 20:51   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2007-04-24 20:48   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2007-04-24 20:46   <DIR>   d--------   C:\WINDOWS\EHome
2007-04-24 20:42   23,600   --a------   C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-24 20:33   870,784   ---------   C:\WINDOWS\system32\ati3d1ag.dll
2007-04-24 20:33   73,216   ---------   C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-24 20:33   71,680   ---------   C:\WINDOWS\system32\blastcln.exe
2007-04-24 20:33   701,440   ---------   C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-24 20:33   63,663   ---------   C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-24 20:33   63,488   ---------   C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-24 20:33   57,856   ---------   C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-24 20:33   56,623   ---------   C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-24 20:33   52,224   ---------   C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-24 20:33   516,768   ---------   C:\WINDOWS\system32\ativvaxx.dll
2007-04-24 20:33   50,688   ---------   C:\WINDOWS\system32\btpanui.dll
2007-04-24 20:33   44,928   ---------   C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-24 20:33   43,008   ---------   C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-24 20:33   42,752   ---------   C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-24 20:33   42,368   ---------   C:\WINDOWS\system32\drivers\agp440.sys
2007-04-24 20:33   4,255   ---------   C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-24 20:33   38,016   ---------   C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-24 20:33   377,984   ---------   C:\WINDOWS\system32\ati2dvaa.dll
2007-04-24 20:33   37,376   ---------   C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-24 20:33   36,463   ---------   C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-24 20:33   35,456   ---------   C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-24 20:33   34,735   ---------   C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-24 20:33   327,040   ---------   C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-24 20:33   32,768   ---------   C:\WINDOWS\system32\ativtmxx.dll
2007-04-24 20:33   31,744   ---------   C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-24 20:33   30,671   ---------   C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-24 20:33   30,208   ---------   C:\WINDOWS\system32\bthserv.dll
2007-04-24 20:33   3,967   ---------   C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-24 20:33   3,775   ---------   C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-24 20:33   3,711   ---------   C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-24 20:33   3,647   ---------   C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-24 20:33   3,615   ---------   C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-24 20:33   3,135   ---------   C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-24 20:33   29,455   ---------   C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-24 20:33   28,672   ---------   C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-24 20:33   274,304   ---------   C:\WINDOWS\system32\drivers\bthport.sys
2007-04-24 20:33   26,367   ---------   C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-24 20:33   25,471   ---------   C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-24 20:33   229,376   ---------   C:\WINDOWS\system32\ati2cqag.dll
2007-04-24 20:33   21,343   ---------   C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-24 20:33   21,183   ---------   C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-24 20:33   201,728   ---------   C:\WINDOWS\system32\ati2dvag.dll
2007-04-24 20:33   20,992   ---------   C:\WINDOWS\system32\bthci.dll
2007-04-24 20:33   18,944   ---------   C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-24 20:33   17,279   ---------   C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-24 20:33   17,024   ---------   C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-24 20:33   15,423   ---------   C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-24 20:33   14,336   ---------   C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-24 20:33   14,336   ---------   C:\WINDOWS\system32\auditusr.exe
2007-04-24 20:33   14,143   ---------   C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-24 20:33   13,824   ---------   C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-24 20:33   13,824   ---------   C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-24 20:33   13,824   ---------   C:\WINDOWS\system32\cmsetacl.dll
2007-04-24 20:33   12,047   ---------   C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-24 20:33   11,615   ---------   C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-24 20:33   11,359   ---------   C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-24 20:33   104,960   ---------   C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-24 20:33   100,992   ---------   C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-24 20:33   1,888,992   ---------   C:\WINDOWS\system32\ati3duag.dll
2007-04-24 20:32   95,424   ---------   C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-24 20:32   937,984   ---------   C:\WINDOWS\system32\winbrand.dll
2007-04-24 20:32   9,216   ---------   C:\WINDOWS\system32\proxycfg.exe
2007-04-24 20:32   86,016   ---------   C:\WINDOWS\system32\mdmxsdk.dll
2007-04-24 20:32   81,408   ---------   C:\WINDOWS\system32\wscsvc.dll
2007-04-24 20:32   8,192   --a------   C:\WINDOWS\system32\spdwnwxp.exe
2007-04-24 20:32   8,192   ---------   C:\WINDOWS\system32\smbinst.exe
2007-04-24 20:32   78,464   ---------   C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-24 20:32   78,336   --a------   C:\WINDOWS\system32\ieencode.dll
2007-04-24 20:32   75,776   ---------   C:\WINDOWS\system32\strmfilt.dll
2007-04-24 20:32   73,832   ---------   C:\WINDOWS\system32\slcoinst.dll
2007-04-24 20:32   73,796   ---------   C:\WINDOWS\system32\slserv.exe
2007-04-24 20:32   7,680   ---------   C:\WINDOWS\system32\kbdsmsno.dll
2007-04-24 20:32   7,680   ---------   C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-24 20:32   7,168   ---------   C:\WINDOWS\system32\kbdukx.dll
2007-04-24 20:32   7,168   ---------   C:\WINDOWS\system32\kbdno1.dll
2007-04-24 20:32   7,168   ---------   C:\WINDOWS\system32\kbdfi1.dll
2007-04-24 20:32   7,168   ---------   C:\WINDOWS\system32\hccoin.dll
2007-04-24 20:32   685,056   ---------   C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-24 20:32   67,584   ---------   C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-24 20:32   60,416   ---------   C:\WINDOWS\system32\fwcfg.dll
2007-04-24 20:32   6,656   ---------   C:\WINDOWS\system32\kbdinmal.dll
2007-04-24 20:32   6,656   ---------   C:\WINDOWS\system32\kbdinben.dll
2007-04-24 20:32   6,144   ---------   C:\WINDOWS\system32\kbdmlt48.dll
2007-04-24 20:32   6,144   ---------   C:\WINDOWS\system32\kbdmlt47.dll
2007-04-24 20:32   6,144   ---------   C:\WINDOWS\system32\kbdinbe1.dll
2007-04-24 20:32   6,016   ---------   C:\WINDOWS\system32\drivers\smbali.sys
2007-04-24 20:32   59,648   ---------   C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-24 20:32   59,392   ---------   C:\WINDOWS\system32\logman.exe
2007-04-24 20:32   58,880   --a------   C:\WINDOWS\system32\pnrpnsp.dll
2007-04-24 20:32   553,984   --a------   C:\WINDOWS\system32\p2psvc.dll
2007-04-24 20:32   50,176   ---------   C:\WINDOWS\system32\xmlprovi.dll
2007-04-24 20:32   5,632   ---------   C:\WINDOWS\system32\kbdmaori.dll
2007-04-24 20:32   49,152   ---------   C:\WINDOWS\system32\powercfg.exe
2007-04-24 20:32   46,464   ---------   C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-24 20:32   452,736   ---------   C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-24 20:32   44,672   ---------   C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-24 20:32   44,032   ---------   C:\WINDOWS\system32\twext.dll
2007-04-24 20:32   42,240   ---------   C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-24 20:32   41,088   ---------   C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-24 20:32   404,990   ---------   C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-24 20:32   4,096   ---------   C:\WINDOWS\system32\dsprpres.dll
2007-04-24 20:32   397,056   ---------   C:\WINDOWS\system32\s3gnb.dll
2007-04-24 20:32   36,096   ---------   C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-24 20:32   32,866   ---------   C:\WINDOWS\system32\slrundll.exe
2007-04-24 20:32   32,866   ---------   C:\WINDOWS\slrundll.exe
2007-04-24 20:32   32,285   ---------   C:\WINDOWS\system32\hsfcisp2.dll
2007-04-24 20:32   314,880   ---------   C:\WINDOWS\system32\wmpdxm.dll
2007-04-24 20:32   313,344   --a------   C:\WINDOWS\system32\p2pgraph.dll
2007-04-24 20:32   30,080   ---------   C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-24 20:32   3,901   ---------   C:\WINDOWS\system32\drivers\siint5.dll
2007-04-24 20:32   29,184   ---------   C:\WINDOWS\system32\sdhcinst.dll
2007-04-24 20:32   29,056   ---------   C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-24 20:32   286,792   ---------   C:\WINDOWS\system32\slextspk.dll
2007-04-24 20:32   270,848   ---------   C:\WINDOWS\system32\sbe.dll
2007-04-24 20:32   27,136   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2007-04-24 20:32   262,784   ---------   C:\WINDOWS\system32\drivers\http.sys
2007-04-24 20:32   25,600   ---------   C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-24 20:32   25,471   ---------   C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-24 20:32   242,688   ---------   C:\WINDOWS\system32\wmpasf.dll
2007-04-24 20:32   24,576   ---------   C:\WINDOWS\system32\httpapi.dll
2007-04-24 20:32   23,040   --a------   C:\WINDOWS\system32\fltmc.exe
2007-04-24 20:32   227,328   ---------   C:\WINDOWS\system32\wmerror.dll
2007-04-24 20:32   220,032   ---------   C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-24 20:32   22,271   ---------   C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-24 20:32   21,504   ---------   C:\WINDOWS\system32\spupdwxp.exe
2007-04-24 20:32   20,992   ---------   C:\WINDOWS\system32\faxpatch.exe
2007-04-24 20:32   20,480   ---------   C:\WINDOWS\system32\encapi.dll
2007-04-24 20:32   2,897,920   ---------   C:\WINDOWS\system32\xpsp2res.dll
2007-04-24 20:32   2,113,536   ---------   C:\WINDOWS\system32\dxdiagn.dll
2007-04-24 20:32   193,024   ---------   C:\WINDOWS\system32\fsquirt.exe
2007-04-24 20:32   188,508   ---------   C:\WINDOWS\system32\slgen.dll
2007-04-24 20:32   187,392   ---------   C:\WINDOWS\system32\xpsp1res.dll
2007-04-24 20:32   186,368   ---------   C:\WINDOWS\system32\encdec.dll
2007-04-24 20:32   180,360   ---------   C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-24 20:32   17,408   ---------   C:\WINDOWS\system32\winshfhc.dll
2007-04-24 20:32   166,912   ---------   C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-24 20:32   16,896   --a------   C:\WINDOWS\system32\fltlib.dll
2007-04-24 20:32   159,232   ---------   C:\WINDOWS\system32\sbeio.dll
2007-04-24 20:32   153,088   --a------   C:\WINDOWS\system32\p2p.dll
2007-04-24 20:32   15,872   ---------   C:\WINDOWS\system32\w3ssl.dll
2007-04-24 20:32   15,488   ---------   C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-24 20:32   15,104   ---------   C:\WINDOWS\system32\drivers\hidir.sys
2007-04-24 20:32   134,656   ---------   C:\WINDOWS\system32\mssap.dll
2007-04-24 20:32   13,824   ---------   C:\WINDOWS\system32\wscntfy.exe
2007-04-24 20:32   13,776   ---------   C:\WINDOWS\system32\drivers\recagent.sys
2007-04-24 20:32   13,568   ---------   C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-24 20:32   13,240   ---------   C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-24 20:32   129,536   ---------   C:\WINDOWS\system32\xmlprov.dll
2007-04-24 20:32   129,535   ---------   C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-24 20:32   128,896   ---------   C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-24 20:32   126,686   ---------   C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-24 20:32   12,672   ---------   C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-24 20:32   12,672   ---------   C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-24 20:32   12,416   ---------   C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-24 20:32   118,784   ---------   C:\WINDOWS\system32\msdadiag.dll
2007-04-24 20:32   116,224   --a------   C:\WINDOWS\system32\p2pnetsh.dll
2007-04-24 20:32   11,935   ---------   C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-24 20:32   11,871   ---------   C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-24 20:32   11,868   ---------   C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-24 20:32   11,807   ---------   C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-24 20:32   11,325   ---------   C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-24 20:32   11,295   ---------   C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-24 20:32   11,136   ---------   C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-24 20:32   108,032   ---------   C:\WINDOWS\system32\wshbth.dll
2007-04-24 20:32   104,960   --a------   C:\WINDOWS\system32\p2pgasvc.dll
2007-04-24 20:32   10,240   ---------   C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-24 20:32   1,737,856   ---------   C:\WINDOWS\system32\mtxparhd.dll
2007-04-24 20:32   1,689,088   ---------   C:\WINDOWS\system32\d3d9.dll
2007-04-24 20:32   1,309,184   ---------   C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-24 20:32   1,041,536   ---------   C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-24 18:42   11,776   ---------   C:\WINDOWS\system32\spnpinst.exe
2007-04-24 18:32   262,144   --a------   C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-24 18:31   77,312   --a------   C:\WINDOWS\system32\browser.dll
2007-04-24 18:31   614,912   --a------   C:\WINDOWS\system32\h323msp.dll
2007-04-24 18:31   40,960   --a------   C:\WINDOWS\system32\mf3216.dll
2007-04-24 18:31   331,264   --a------   C:\WINDOWS\system32\ipnathlp.dll
2007-04-24 18:30   956,416   --a------   C:\WINDOWS\system32\msdtctm.dll
2007-04-24 18:30   91,136   --a------   C:\WINDOWS\system32\mtxoci.dll
2007-04-24 18:30   66,560   --a------   C:\WINDOWS\system32\mtxclu.dll
2007-04-24 18:30   625,152   --a------   C:\WINDOWS\system32\catsrvut.dll
2007-04-24 18:30   60,416   --a------   C:\WINDOWS\system32\colbact.dll
2007-04-24 18:30   581,120   --a------   C:\WINDOWS\system32\rpcrt4.dll
2007-04-24 18:30   540,160   --a------   C:\WINDOWS\system32\comuid.dll
2007-04-24 18:30   426,496   --a------   C:\WINDOWS\system32\msdtcprx.dll
2007-04-24 18:30   397,824   --a------   C:\WINDOWS\system32\rpcss.dll
2007-04-24 18:30   243,200   --a------   C:\WINDOWS\system32\es.dll
2007-04-24 18:30   225,792   --a------   C:\WINDOWS\system32\catsrv.dll
2007-04-24 18:30   161,280   --a------   C:\WINDOWS\system32\msdtcuiu.dll
2007-04-24 18:30   110,080   --a------   C:\WINDOWS\system32\clbcatex.dll
2007-04-24 18:30   101,376   --a------   C:\WINDOWS\system32\txflog.dll
2007-04-24 18:30   1,285,120   --a------   C:\WINDOWS\system32\ole32.dll
2007-04-24 18:30   1,267,200   --a------   C:\WINDOWS\system32\comsvcs.dll
2007-04-24 18:29   947,472   --a------   C:\WINDOWS\system32\msjava.dll
2007-04-24 18:29   63,248   --a------   C:\WINDOWS\system32\javaprxy.dll
2007-04-24 18:29   6,550   --a------   C:\WINDOWS\jautoexp.dat
2007-04-24 18:29   49,424   --a------   C:\WINDOWS\system32\clspack.exe
2007-04-24 18:29   46,352   --a------   C:\WINDOWS\setdebug.exe
2007-04-24 18:29   404,752   --a------   C:\WINDOWS\system32\javart.dll
2007-04-24 18:29   313,856   --a------   C:\WINDOWS\system32\dx3j.dll
2007-04-24 18:29   286,992   --a------   C:\WINDOWS\system32\vmhelper.dll
2007-04-24 18:29   21,264   --a------   C:\WINDOWS\system32\msjdbc10.dll
2007-04-24 18:29   187,152   --a------   C:\WINDOWS\system32\javacypt.dll
2007-04-24 18:29   172,304   --a------   C:\WINDOWS\system32\jview.exe
2007-04-24 18:29   171,792   --a------   C:\WINDOWS\system32\wjview.exe
2007-04-24 18:29   171,280   --a------   C:\WINDOWS\system32\jit.dll
2007-04-24 18:29   154,384   --a------   C:\WINDOWS\system32\msawt.dll
2007-04-24 18:29   15,120   --a------   C:\WINDOWS\system32\jdbgmgr.exe
2007-04-24 18:29   113   --a------   C:\WINDOWS\system32\zonedon.reg
2007-04-24 18:29   113   --a------   C:\WINDOWS\system32\zonedoff.reg
2007-04-24 18:27   239,104   --a------   C:\WINDOWS\system32\srrstr.dll
2007-04-24 18:25   26,112   --a------   C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-24 18:20   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-24 18:17   8,192   ---------   C:\WINDOWS\system32\bitsprx2.dll
2007-04-24 18:17   7,168   ---------   C:\WINDOWS\system32\bitsprx3.dll
2007-04-24 18:17   438,784   ---------   C:\WINDOWS\system32\xpob2res.dll
2007-04-24 18:17   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2007-04-24 18:17   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2007-04-24 18:17   <DIR>   d--------   C:\WINDOWS\system32\bits
2007-04-24 18:15   465,176   --a------   C:\WINDOWS\system32\wuapi.dll
2007-04-24 18:15   41,240   --a------   C:\WINDOWS\system32\wups.dll
2007-04-24 18:15   194,328   --a------   C:\WINDOWS\system32\wuaueng1.dll
2007-04-24 18:15   18,200   --a------   C:\WINDOWS\system32\wups2.dll
2007-04-24 18:15   172,312   --a------   C:\WINDOWS\system32\wuauclt1.exe
2007-04-24 18:15   127,256   --a------   C:\WINDOWS\system32\wucltui.dll
2007-04-24 18:15   <DIR>   d--------   C:\WINDOWS\SoftwareDistribution
2007-04-24 18:14   <DIR>   d--hs----   C:\DOCUME~1\user1\UserData
2007-04-24 18:10   40,960   -ra------   C:\WINDOWS\system32\drivers\fetnd5b.sys
2007-04-24 18:10   26,624   -ra------   C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-24 18:07   74,240   --a------   C:\WINDOWS\system32\usbui.dll
2007-04-24 18:07   57,600   --a------   C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-24 18:07   4,736   --a------   C:\WINDOWS\system32\drivers\usbd.sys
2007-04-24 18:07   27,165   --a------   C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-24 18:07   20,480   --a------   C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-24 18:07   142,976   --a------   C:\WINDOWS\system32\drivers\usbport.sys
2007-04-24 18:01   17,664   --a------   C:\WINDOWS\system32\drivers\sermouse.sys
2007-04-24 17:54   9,344   ---------   C:\WINDOWS\system32\drivers\bsstor.sys
2007-04-24 17:54   7,582   ---------   C:\WINDOWS\system32\drivers\incdrm.sys
2007-04-24 17:54   389,504   ---------   C:\WINDOWS\system32\drivers\bsudf.sys
2007-04-24 17:54   1,134,592   ---------   C:\WINDOWS\NuNinst.exe
2007-04-24 17:54   1,130,496   ---------   C:\WINDOWS\UNNMP.exe
2007-04-24 17:54   1,069,056   ---------   C:\WINDOWS\UNMRW.exe
2007-04-24 17:53   937,984   --a------   C:\WINDOWS\system32\WMNetMgr.dll
2007-04-24 17:53   757,248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2007-04-24 17:53   603,648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\MPG4DMOD.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\MP4SDMOD.dll
2007-04-24 17:53   4,096   --a------   C:\WINDOWS\system32\MP43DMOD.dll
2007-04-24 17:53   211,456   --a------   C:\WINDOWS\system32\qasf.dll
2007-04-24 17:53   157,184   --a------   C:\WINDOWS\system32\wmidx.dll
2007-04-24 17:53   11,264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2007-04-24 17:53   100,864   --a------   C:\WINDOWS\system32\logagent.exe
2007-04-24 17:53   1,329,152   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2007-04-24 17:53   1,117,696   --a------   C:\WINDOWS\system32\WMADMOE.dll
2007-04-24 17:52   991,744   --a------   C:\WINDOWS\system32\drmv2clt.dll
2007-04-24 17:52   96,768   --a------   C:\WINDOWS\system32\drmstor.dll
2007-04-24 17:52   542,720   --a------   C:\WINDOWS\system32\blackbox.dll
2007-04-24 17:52   258,296   --a------   C:\WINDOWS\system32\drmclien.dll
2007-04-24 17:52   222,208   --a------   C:\WINDOWS\system32\WMASF.dll
2007-04-24 17:52   179,712   --a------   C:\WINDOWS\system32\msnetobj.dll
2007-04-24 17:52   <DIR>   d--------   C:\Program Files\Ahead
2007-04-24 17:34   <DIR>   d--------   C:\WINDOWS\nview
2007-04-24 17:27   82,944   --a------   C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-24 17:27   765,952   --a------   C:\WINDOWS\system\crlds3d.dll
2007-04-24 17:27   712,704   --a------   C:\WINDOWS\system32\Audio3D.dll
2007-04-24 17:27   712,704   --a------   C:\WINDOWS\system32\a3d.dll
2007-04-24 17:27   7,552   --a------   C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-24 17:27   65,024   --a------   C:\WINDOWS\SOUNDMAN.EXE
2007-04-24 17:27   610,988   --a------   C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-24 17:27   60,800   --a------   C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-24 17:27   60,288   --a------   C:\WINDOWS\system32\drivers\drmk.sys
2007-04-24 17:27   6,400   --a------   C:\WINDOWS\system32\drivers\splitter.sys
2007-04-24 17:27   54,272   --a------   C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-24 17:27   52,864   --a------   C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-24 17:27   5,867,008   --a------   C:\WINDOWS\system32\RTLCPL.EXE
2007-04-24 17:27   5,376   --a------   C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-24 17:27   48,640   --a------   C:\WINDOWS\system32\drivers\stream.sys
2007-04-24 17:27   4,992   --a------   C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-24 17:27   4,096   --a------   C:\WINDOWS\system32\ksuser.dll
2007-04-24 17:27   391,424   --a------   C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-24 17:27   2,944   --a------   C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-24 17:27   172,416   --a------   C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-24 17:27   155,648   --a------   C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-24 17:27   145,792   --a------   C:\WINDOWS\system32\drivers\portcls.sys
2007-04-24 17:27   142,464   --a------   C:\WINDOWS\system32\drivers\aec.sys
2007-04-24 17:27   140,928   --a------   C:\WINDOWS\system32\drivers\ks.sys
2007-04-24 17:27   <DIR>   d--------   C:\Program Files\Realtek Sound Manager
2007-04-24 17:27   <DIR>   d--------   C:\Program Files\AvRack
2007-04-24 17:26   640   ---------   C:\WINDOWS\system32\drivers\alcxinit.dat
2007-04-24 17:26   208,896   ---------   C:\WINDOWS\alcupd.exe
2007-04-24 17:26   139,264   ---------   C:\WINDOWS\alcrmv.exe
2007-04-24 17:26   <DIR>   d--h-----   C:\Program Files\InstallShield Installation Information
2007-04-24 17:26   <DIR>   d--------   C:\Program Files\VIA
2007-04-24 17:25   35,840   --a------   C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-24 17:25   306,688   --a------   C:\WINDOWS\IsUninst.exe
2007-04-24 17:25   <DIR>   d--------   C:\WINDOWS\system32\ReinstallBackups
2007-04-24 17:25   <DIR>   d--------   C:\DOCUME~1\user1\WINDOWS
2007-04-24 17:24   <DIR>   d--------   C:\WINDOWS\system32\Tools
2007-04-24 17:24   <DIR>   d--------   C:\Program Files\Common Files\InstallShield
2007-04-24 17:22   92,160   --a------   C:\WINDOWS\system32\evntwin.exe
2007-04-24 17:22   8,704   --a------   C:\WINDOWS\system32\snmptrap.exe
2007-04-24 17:22   8,704   --a------   C:\WINDOWS\system32\fxsperf.dll
2007-04-24 17:22   72,192   --a------   C:\WINDOWS\system32\fxscom.dll
2007-04-24 17:22   6,656   --a------   C:\WINDOWS\system32\fxsres.dll
2007-04-24 17:22   6,144   --a------   C:\WINDOWS\system32\snmpmib.dll
2007-04-24 17:22   562,176   --a------   C:\WINDOWS\system32\fxsst.dll
2007-04-24 17:22   55,296   --a------   C:\WINDOWS\system32\fxsevent.dll
2007-04-24 17:22   452,096   --a------   C:\WINDOWS\system32\fxsapi.dll
2007-04-24 17:22   400,384   --a------   C:\WINDOWS\system32\fxsxp32.dll
2007-04-24 17:22   397,312   --a------   C:\WINDOWS\system32\fxstiff.dll
2007-04-24 17:22   39,936   --a------   C:\WINDOWS\system32\hostmib.dll
2007-04-24 17:22   35,328   --a------   C:\WINDOWS\system32\iprip.dll
2007-04-24 17:22   33,792   --a------   C:\WINDOWS\system32\lmmib2.dll
2007-04-24 17:22   33,280   -ra------   C:\WINDOWS\system32\snmp.exe
2007-04-24 17:22   31,744   --a------   C:\WINDOWS\system32\fxsroute.dll
2007-04-24 17:22   285,184   --a------   C:\WINDOWS\system32\fxscomex.dll
2007-04-24 17:22   27,136   --a------   C:\WINDOWS\system32\fxsdrv.dll
2007-04-24 17:22   267,776   --a------   C:\WINDOWS\system32\fxssvc.exe
2007-04-24 17:22   246,272   --a------   C:\WINDOWS\system32\fxst30.dll
2007-04-24 17:22   24,064   --a------   C:\WINDOWS\system32\evntcmd.exe
2007-04-24 17:22   23,552   --a------   C:\WINDOWS\system32\fxsmon.dll
2007-04-24 17:22   23,552   --a------   C:\WINDOWS\system32\fxsext32.dll
2007-04-24 17:22   229,376   --a------   C:\WINDOWS\system32\fxscover.exe
2007-04-24 17:22   22,528   --a------   C:\WINDOWS\system32\lpdsvc.dll
2007-04-24 17:22   192,512   --a------   C:\WINDOWS\system32\fxswzrd.dll
2007-04-24 17:22   18,944   --a------   C:\WINDOWS\system32\simptcp.dll
2007-04-24 17:22   18,944   --a------   C:\WINDOWS\system32\lprmon.dll
2007-04-24 17:22   154,112   --a------   C:\WINDOWS\system32\fxsui.dll
2007-04-24 17:22   143,360   --a------   C:\WINDOWS\system32\fxsclnt.exe
2007-04-24 17:22   132,608   --a------   C:\WINDOWS\system32\fxsclntR.dll
2007-04-24 17:22   111,104   --a------   C:\WINDOWS\system32\fxscfgwz.dll
2007-04-24 17:22   11,264   --a------   C:\WINDOWS\system32\fxssend.exe
2007-04-24 17:22   101,888   --a------   C:\WINDOWS\system32\evntagnt.dll
2007-04-24 17:22   <DIR>   d--------   C:\WINDOWS\system32\FxsTmp
2007-04-24 17:19   2,359,296   --ah-----   C:\DOCUME~1\user1\NTUSER.DAT
2007-04-24 17:19   139,536   --a------   C:\WINDOWS\system32\javaee.dll
2007-04-24 17:19   <DIR>   d--hs----   C:\WINDOWS\Installer
2007-04-24 17:18   786,432   --ah-----   C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-24 17:18   786,432   --ah-----   C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-24 17:18   <DIR>   d--hs----   C:\System Volume Information
2007-04-24 17:14   5,473,872   --a------   C:\WINDOWS\system32\MSJAVX86.EXE
2007-04-24 17:14   233,472   ---h-----   C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-24 17:14   2,515,312   --a------   C:\WINDOWS\system32\IE60~1.EXE
2007-04-24 17:14   <DIR>   d--------   C:\WINDOWS\system32\xircom
2007-04-24 17:14   <DIR>   d--------   C:\Program Files\microsoft frontpage
2007-04-24 17:14   <DIR>   d--------   C:\DELL
2007-04-24 17:13   112,128   --a------   C:\WINDOWS\system32\mapi32.dll
2007-04-24 17:13   0   -rahs----   C:\MSDOS.SYS
2007-04-24 17:13   0   -rahs----   C:\IO.SYS
2007-04-24 17:13   0   --a------   C:\CONFIG.SYS
2007-04-24 17:13   0   --a------   C:\AUTOEXEC.BAT
2007-04-24 17:12   <DIR>   dr-------   C:\WINDOWS\Offline Web Pages
2007-04-24 17:12   <DIR>   d--hs----   C:\DOCUME~1\ALLUSE~1\DRM
2007-04-24 17:12   <DIR>   d---s----   C:\WINDOWS\Downloaded Program Files
2007-04-24 17:12   <DIR>   d--------   C:\WINDOWS\system32\Macromed
2007-04-24 17:12   <DIR>   d--------   C:\WINDOWS\system32\DirectX
2007-04-24 17:12   <DIR>   d--------   C:\WINDOWS\srchasst
2007-04-24 17:11   81,920   --a------   C:\WINDOWS\system32\isign32.dll
2007-04-24 17:11   81,920   --a------   C:\WINDOWS\system32\ils.dll
2007-04-24 17:11   73,728   --a------   C:\WINDOWS\system32\icwdial.dll
2007-04-24 17:11   73,472   --a------   C:\WINDOWS\system32\drivers\sr.sys
2007-04-24 17:11   69,632   --a------   C:\WINDOWS\system32\msconf.dll
2007-04-24 17:11   679,424   --a------   C:\WINDOWS\system32\inetcomm.dll
2007-04-24 17:11   67,584   --a------   C:\WINDOWS\system32\srclient.dll
2007-04-24 17:11   65,536   --a------   C:\WINDOWS\system32\icwphbk.dll
2007-04-24 17:11   64,512   --a------   C:\WINDOWS\system32\acctres.dll
2007-04-24 17:11   48,128   --a------   C:\WINDOWS\system32\inetres.dll
2007-04-24 17:11   45,568   --a------   C:\WINDOWS\system32\safrslv.dll
2007-04-24 17:11   43,520   --a------   C:\WINDOWS\system32\safrcdlg.dll
2007-04-24 17:11   43,520   --a------   C:\WINDOWS\system32\racpldlg.dll
2007-04-24 17:11   382,464   --a------   C:\WINDOWS\system32\qmgr.dll
2007-04-24 17:11   34,560   --a------   C:\WINDOWS\system32\mnmdd.dll
2007-04-24 17:11   32,768   --a------   C:\WINDOWS\system32\mnmsrvc.exe
2007-04-24 17:11   32,768   --a------   C:\WINDOWS\system32\isrdbg32.dll
2007-04-24 17:11   29,696   --a------   C:\WINDOWS\system32\safrdm.dll
2007-04-24 17:11   28,672   --a------   C:\WINDOWS\system32\nmmkcert.dll
2007-04-24 17:11   274,944   --a------   C:\WINDOWS\system32\mstask.dll
2007-04-24 17:11   274,432   --a------   C:\WINDOWS\system32\inetcfg.dll
2007-04-24 17:11   252,928   --a------   C:\WINDOWS\system32\msoeacct.dll
2007-04-24 17:11   190,976   --a------   C:\WINDOWS\system32\schedsvc.dll
2007-04-24 17:11   170,496   --a------   C:\WINDOWS\system32\srsvc.dll
2007-04-24 17:11   16,384   --a------   C:\WINDOWS\system32\icfgnt5.dll
2007-04-24 17:11   12,288   --a------   C:\WINDOWS\system32\nmevtmsg.dll
2007-04-24 17:11   12,288   --a------   C:\WINDOWS\system32\mstinit.exe
2007-04-24 17:11   11,264   --a------   C:\WINDOWS\system32\atrace.dll
2007-04-24 17:11   105,984   --a------   C:\WINDOWS\system32\msoert2.dll
2007-04-24 17:11   <DIR>   d---s----   C:\WINDOWS\Tasks
2007-04-24 17:11   <DIR>   d--------   C:\WINDOWS\system32\Restore
2007-04-24 17:11   <DIR>   d--------   C:\WINDOWS\PCHEALTH
2007-04-24 17:11   <DIR>   d--------   C:\Program Files\Movie Maker
2007-04-24 17:11   <DIR>   d--------   C:\Program Files\Common Files\MSSoap
2007-04-24 17:10   21,640   --a------   C:\WINDOWS\system32\emptyregdb.dat
2007-04-24 17:10   <DIR>   d--h-----   C:\Program Files\WindowsUpdate
2007-04-24 17:10   <DIR>   d--------   C:\WINDOWS\Registration
2007-04-24 17:10   <DIR>   d--------   C:\Program Files\Online Services
2007-04-24 17:10   <DIR>   d--------   C:\Program Files\Messenger
2007-04-24 17:09   97,792   --a------   C:\WINDOWS\system32\comrepl.dll
2007-04-24 17:09   93,696   --a------   C:\WINDOWS\system32\tscfgwmi.dll
2007-04-24 17:09   9,728   --a------   C:\WINDOWS\system32\reset.exe
2007-04-24 17:09   87,176   --a------   C:\WINDOWS\system32\rdpwsx.dll
2007-04-24 17:09   85,504   --a------   C:\WINDOWS\system32\catsrvps.dll
2007-04-24 17:09   80,384   --a------   C:\WINDOWS\system32\charmap.exe
2007-04-24 17:09   73,216   --a------   C:\WINDOWS\system32\avwav.dll
2007-04-24 17:09   67,072   --a------   C:\WINDOWS\system32\rdshost.exe
2007-04-24 17:09   62,464   --a------   C:\WINDOWS\system32\rdpclip.exe
2007-04-24 17:09   605,696   --a------   C:\WINDOWS\system32\getuname.dll
2007-04-24 17:09   600,576   --a------   C:\WINDOWS\system32\mstsc.exe
2007-04-24 17:09   60,416   --a------   C:\WINDOWS\system32\remotepg.dll
2007-04-24 17:09   6,656   --a------   C:\WINDOWS\system32\wuauserv.dll
2007-04-24 17:09   6,144   --a------   C:\WINDOWS\system32\msdtc.exe
2007-04-24 17:09   58,880   --a------   C:\WINDOWS\system32\msdtclog.dll
2007-04-24 17:09   58,880   --a------   C:\WINDOWS\system32\licwmi.dll
2007-04-24 17:09   56,832   --a------   C:\WINDOWS\system32\sol.exe
2007-04-24 17:09   56,320   --a------   C:\WINDOWS\system32\servdeps.dll
2007-04-24 17:09   55,296   --a------   C:\WINDOWS\system32\freecell.exe
2007-04-24 17:09   54,272   --a------   C:\WINDOWS\system32\stclient.dll
2007-04-24 17:09   538,624   --a------   C:\WINDOWS\system32\spider.exe
2007-04-24 17:09   5,632   --a------   C:\WINDOWS\system32\write.exe
2007-04-24 17:09   5,120   --a------   C:\WINDOWS\system32\dcomcnfg.exe
2007-04-24 17:09   44,544   --a------   C:\WINDOWS\system32\tscupgrd.exe
2007-04-24 17:09   44,544   --a------   C:\WINDOWS\system32\hticons.dll
2007-04-24 17:09   40,840   --a------   C:\WINDOWS\system32\drivers\termdd.sys
2007-04-24 17:09   4,096   --a------   C:\WINDOWS\system32\rdpcfgex.dll
2007-04-24 17:09   4,096   --a------   C:\WINDOWS\system32\mtxex.dll
2007-04-24 17:09   38,912   --a------   C:\WINDOWS\system32\cfgbkend.dll
2007-04-24 17:09   35,328   --a------   C:\WINDOWS\system32\winchat.exe
2007-04-24 17:09   347,136   --a------   C:\WINDOWS\system32\hypertrm.dll
2007-04-24 17:09   343,040   --a------   C:\WINDOWS\system32\mspaint.exe
2007-04-24 17:09   33,792   --a------   C:\WINDOWS\system32\regini.exe
2007-04-24 17:09   295,424   -ra------   C:\WINDOWS\system32\termsrv.dll
2007-04-24 17:09   25,600   --a------   C:\WINDOWS\system32\comaddin.dll
2007-04-24 17:09   25,088   --a------   C:\WINDOWS\system32\mtxlegih.dll
2007-04-24 17:09   227,840   --a------   C:\WINDOWS\system32\avtapi.dll
2007-04-24 17:09   22,016   --a------   C:\WINDOWS\system32\qwinsta.exe
2007-04-24 17:09   21,896   --a------   C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-24 17:09   20,992   --a------   C:\WINDOWS\system32\msg.exe
2007-04-24 17:09   20,480   --a------   C:\WINDOWS\system32\qprocess.exe
2007-04-24 17:09   20,480   --a------   C:\WINDOWS\system32\mtxdm.dll
2007-04-24 17:09   196,864   --a------   C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-24 17:09   19,968   --a------   C:\WINDOWS\system32\rdpsnd.dll
2007-04-24 17:09   185,344   --a------   C:\WINDOWS\system32\cmprops.dll
2007-04-24 17:09   183,808   --a------   C:\WINDOWS\system32\accwiz.exe
2007-04-24 17:09   17,408   --a------   C:\WINDOWS\system32\mmfutil.dll
2007-04-24 17:09   16,896   --a------   C:\WINDOWS\system32\tsshutdn.exe
2007-04-24 17:09   16,896   --a------   C:\WINDOWS\system32\qappsrv.exe
2007-04-24 17:09   16,384   --a------   C:\WINDOWS\system32\tskill.exe
2007-04-24 17:09   16,384   --a------   C:\WINDOWS\system32\avmeter.dll
2007-04-24 17:09   15,872   --a------   C:\WINDOWS\system32\rwinsta.exe
2007-04-24 17:09   15,872   --a------   C:\WINDOWS\system32\cdmodem.dll
2007-04-24 17:09   15,360   --a------   C:\WINDOWS\system32\logoff.exe
2007-04-24 17:09   147,968   --a------   C:\WINDOWS\system32\rdchost.dll
2007-04-24 17:09   147,456   --a------   C:\WINDOWS\system32\comsnap.dll
2007-04-24 17:09   140,800   --a------   C:\WINDOWS\system32\sessmgr.exe
2007-04-24 17:09   14,848   --a------   C:\WINDOWS\system32\tsdiscon.exe
2007-04-24 17:09   14,848   --a------   C:\WINDOWS\system32\tscon.exe
2007-04-24 17:09   14,848   --a------   C:\WINDOWS\system32\shadow.exe
2007-04-24 17:09   139,528   --a------   C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-24 17:09   138,752   --a------   C:\WINDOWS\system32\sndvol32.exe
2007-04-24 17:09   131,584   --a------   C:\WINDOWS\system32\sndrec32.exe
2007-04-24 17:09   13,824   --a------   C:\WINDOWS\system32\rdsaddin.exe
2007-04-24 17:09   126,976   --a------   C:\WINDOWS\system32\mshearts.exe
2007-04-24 17:09   124,184   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-04-24 17:09   123,392   --a------   C:\WINDOWS\system32\mplay32.exe
2007-04-24 17:09   12,040   --a------   C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-24 17:09   119,808   --a------   C:\WINDOWS\system32\winmine.exe
2007-04-24 17:09   114,688   --a------   C:\WINDOWS\system32\calc.exe
2007-04-24 17:09   11,776   --a------   C:\WINDOWS\system32\xolehlp.dll
2007-04-24 17:09   11,264   --a------   C:\WINDOWS\system32\icaapi.dll
2007-04-24 17:09   102,912   --a------   C:\WINDOWS\system32\clipbrd.exe
2007-04-24 17:09   1,866,240   --a------   C:\WINDOWS\system32\mstscax.dll
2007-04-24 17:09   1,343,768   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-04-24 17:09   1,161   --a------   C:\WINDOWS\system32\usrlogon.cmd
2007-04-24 17:09   <DIR>   d--------   C:\WINDOWS\system32\MsDtc
2007-04-24 17:09   <DIR>   d--------   C:\WINDOWS\system32\Com
2007-04-24 17:09   <DIR>   d--------   C:\Program Files\Windows NT
2007-04-24 17:09   <DIR>   d--------   C:\Program Files\MSN Gaming Zone
2007-04-24 10:07   3,072   --a------   C:\WINDOWS\system32\drivers\audstub.sys
2007-04-24 10:06   57,472   --a------   C:\WINDOWS\system32\drivers\redbook.sys
2007-04-24 10:05   9,936   --a------   C:\WINDOWS\system\LZEXPAND.DLL
2007-04-24 10:05   9,008   --a------   C:\WINDOWS\system\VER.DLL
2007-04-24 10:05   85,020   --a------   C:\WINDOWS\system32\dgsetup.dll
2007-04-24 10:05   82,944   --a------   C:\WINDOWS\system\OLECLI.DLL
2007-04-24 10:05   8,704   --a------   C:\WINDOWS\system32\batt.dll
2007-04-24 10:05   8,192   -ra------   C:\WINDOWS\system32\kbdhept.dll
2007-04-24 10:05   74,752   --a------   C:\WINDOWS\system32\storprop.dll
2007-04-24 10:05   7,168   -ra------   C:\WINDOWS\system32\kbdcz.dll
2007-04-24 10:05   69,584   --a------   C:\WINDOWS\system\AVICAP.DLL
2007-04-24 10:05   69,120   --a------   C:\WINDOWS\notepad.exe
2007-04-24 10:05   68,768   --a------   C:\WINDOWS\system\mmsystem.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdycl.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdsl1.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdsl.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdpl.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdhu.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdhela3.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdcz2.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdcz1.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\kbdcr.dll
2007-04-24 10:05   6,656   -ra------   C:\WINDOWS\system32\KBDAL.DLL
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdtuq.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdtuf.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdlv1.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdlv.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdhela2.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdgkl.dll
2007-04-24 10:05   6,144   -ra------   C:\WINDOWS\system32\kbdest.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdro.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdpl1.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdmon.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdlt1.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdlt.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdkyr.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdhu1.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdhe319.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdhe220.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdhe.dll
2007-04-24 10:05   5,632   -ra------   C:\WINDOWS\system32\kbdazel.dll
2007-04-24 10:05   5,120   --a------   C:\WINDOWS\system\SHELL.DLL
2007-04-24 10:05   32,816   --a------   C:\WINDOWS\system\COMMDLG.DLL
2007-04-24 10:05   24,661   --a------   C:\WINDOWS\system32\spxcoins.dll
2007-04-24 10:05   24,064   --a------   C:\WINDOWS\system\OLESVR.DLL
2007-04-24 10:05   19,200   --a------   C:\WINDOWS\system\TAPI.DLL
2007-04-24 10:05   176,157   --a------   C:\WINDOWS\system32\dgrpsetu.dll
2007-04-24 10:05   15,360   --a------   C:\WINDOWS\TASKMAN.EXE
2007-04-24 10:05   13,312   --a------   C:\WINDOWS\system32\irclass.dll
2007-04-24 10:05   126,912   --a------   C:\WINDOWS\system\MSVIDEO.DLL
2007-04-24 10:05   11,264   --a------   C:\WINDOWS\system32\drivers\irenum.sys
2007-04-24 10:05   109,456   --a------   C:\WINDOWS\system\AVIFILE.DLL
2007-04-24 10:05   103,424   --a------   C:\WINDOWS\system32\EqnClass.Dll
2007-04-24 10:05   <DIR>   dr-------   C:\Program Files
2007-04-24 10:05   <DIR>   dr-------   C:\DOCUME~1\ALLUSE~1\Documents
2007-04-24 10:05   <DIR>   d--------   C:\Program Files\Common Files\SpeechEngines
2007-04-24 10:05   <DIR>   d--------   C:\Program Files\Common Files\ODBC
2007-04-24 10:04   <DIR>   d--------   C:\WINDOWS\system32\CatRoot2
2007-04-24 10:04   <DIR>   d--------   C:\WINDOWS\system32\CatRoot
2007-04-24 10:04   <DIR>   d--------   C:\Documents and Settings
2007-04-24 10:00   <DIR>   dr-hsc---   C:\WINDOWS\system32\dllcache
2007-04-24 10:00   <DIR>   dr--s----   C:\WINDOWS\Fonts
2007-04-24 10:00   <DIR>   dr-------   C:\WINDOWS\Web
2007-04-24 10:00   <DIR>   d--h-----   C:\WINDOWS\inf
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\WinSxS
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\twain_32
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\wins
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\wbem
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\usmt
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\spool
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\ShellExt
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\Setup
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\ras
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\oobe
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\npp
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\mui
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\inetsrv
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\IME
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\icsxml
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\ias
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\export
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\drivers\etc
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\drivers\disdn
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\drivers
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\dhcp
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\config
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\3com_dmi
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\3076
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\2052
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1054
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1042
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1041
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1037
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1033
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1031
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1028
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32\1025
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system32
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\system
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\security
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Resources
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\repair
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\mui
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\msapps
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\msagent
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Media
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\ime
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Help
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Driver Cache
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Debug
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Cursors
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Connection Wizard
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\Config
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\AppPatch
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS\addins
2007-04-24 10:00   <DIR>   d--------   C:\WINDOWS


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-24 10:05   62   --ahs----   C:\DOCUME~1\user1\APPLIC~1\desktop.ini
2007-03-23 06:07   583504   ---------   C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07   1683280   ---------   C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25   124928   ---------   C:\WINDOWS\system32\prntvpt.dll
2007-03-17 06:43   292864   --a------   C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23   497496   --a------   C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19   526184   --a------   C:\WINDOWS\system32\xceedcry.dll
2007-03-08 08:36   577536   --a------   C:\WINDOWS\system32\user32.dll
2007-03-08 08:36   281600   --a------   C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47   1843584   --a------   C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17   185344   --a------   C:\WINDOWS\system32\upnphost.dll


((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}   C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F}   C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}   C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AudioDeck"="C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe 1"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
   Authentication Packages   REG_MULTI_SZ      msv1_0
   Security Packages   REG_MULTI_SZ      kerberosmsv1_0schannelwdigest
   Notification Packages   REG_MULTI_SZ      scecli

 
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService   REG_MULTI_SZ      DnsCache
rpcss   REG_MULTI_SZ      RpcSs
imgsvc   REG_MULTI_SZ      StiSvc
termsvcs   REG_MULTI_SZ      TermService
HTTPFilter   REG_MULTI_SZ      HTTPFilter
DcomLaunch   REG_MULTI_SZ      DcomLaunchTermService
WudfServiceGroup   REG_MULTI_SZ      WUDFSvc


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-05-01 18:23:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  AudioDeck = C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-05-01 18:23:44
C:\ComboFix-quarantined-files.txt ... 07-05-01 18:23
Title: Computer Restarting
Post by: Synthetic on May 01, 2007, 08:30:03 PM
The problem before was that it had a trojan on it and it was removed with a program called "Trojan Remover" but the problems persisted. I'm not sure if this program hid the trojan from my scans or it was the spyware that was effecting it. I've been disconecting the entire computer everynight to make sure no further threats enter while it is in its current condition. Oh, and no i did not purposely set that as my home page it was like that already when i got it
Title: Computer Restarting
Post by: guestolo on May 01, 2007, 11:02:01 PM
So have you checked out the possibility that the comp. could be overheating?
Is it totally clean inside the box?

Also, I asked you if you did this, if you don't answer, I don't respond back
Quote
RIGHT Click on the "MyComputer" icon and select Properties
Select the "Advanced" tab
Select "Settings" under Startup and Recovery
UNCheck "Automatically Restart" under System Failure
OK out of there

Also, can you do the following
Download and save too your desktop
[color=\"#FF0000\"]fsbl.exe[/color] (http://\"https://europe.f-secure.com/exclude/blacklight/fsbl.exe\")
(F-Secure Blacklight)
Double click to run fsbl.exe
    * Accept the user agreement.
    * Click Scan.
    * After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
Can you post this log
Title: Computer Restarting
Post by: Synthetic on May 02, 2007, 12:07:17 AM
Oh sorry haha, the computer already had its setting checked off on the auto restart. and if it is over heating, what would be the solution? another fan or a new PU? well heres the log. and it seems to power off when its idle sometimes.

05/01/07 21:59:54 [Info]: BlackLight Engine 1.0.61 initialized
05/01/07 21:59:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/07 21:59:54 [Note]: 7019 4
05/01/07 21:59:54 [Note]: 7005 0
05/01/07 22:00:05 [Note]: 7006 0
05/01/07 22:00:05 [Note]: 7011 300
05/01/07 22:00:05 [Note]: 7026 0
05/01/07 22:00:06 [Note]: 7026 0
05/01/07 22:00:07 [Note]: FSRAW library version 1.7.1021
05/01/07 22:03:33 [Note]: 7007 0
Title: Computer Restarting
Post by: Synthetic on May 02, 2007, 08:19:03 AM
I left it on last night to see if maybe you were right with the over heating thing. Well, it turned itself off as I expected, then it  waited about an hour to turn itself on and its been on since then. I'm just confused, im not going to get upset about it. I wish to go through this however long it takes D: silly computer. It also makes noises like its doing something but its obviously sitting there being idle. so I dunno
Title: Computer Restarting
Post by: Synthetic on May 02, 2007, 04:14:59 PM
Like I said before in the first few posts, it is fairly new. It doesn't seem to be very old at all, and its nice and spotless. Its a customized computer, and all the wiring and stuff is neatly out of the way and not in a jumble like my other pc. I'll check if some connections are loose and whatnot. I really do appreciate your help guestolo, even if it this pc never gets repaired and is still loopy. You're like a pc god lol. I really do appreciate your help on this matter. /happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
Title: Computer Restarting
Post by: guestolo on May 06, 2007, 11:02:04 AM
Hello again Synethic, can you try running the computer with the side cover off for a bit and see if it shutsdown

Also, can you run a fresh scan with Combofix.exe and post the fresh log
Title: Computer Restarting
Post by: Synthetic on May 07, 2007, 05:53:22 PM
I actually corrected the problem, and everything is running fine. thanks to you of course /happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> I will post a new log when I return from the work place.
Title: Computer Restarting
Post by: guestolo on May 07, 2007, 10:27:54 PM
[quote name=\'Synthetic\' post=\'323177\' date=\'May 7 2007, 03:53 PM\']I actually corrected the problem, and everything is running fine. thanks to you of course /happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> I will post a new log when I return from the work place.[/quote]

How did you resolve the problem???
Title: Computer Restarting
Post by: Synthetic on May 23, 2007, 03:41:30 PM
It was very simple and odd, all I did was turn the automatic updates off for the computer itself. The problem stopped and the computer returned to its regular functioning place in my house lol My apologies for the elongated wait for a response  /happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
Title: Computer Restarting
Post by: guestolo on May 23, 2007, 09:00:42 PM
If your talking about Windows Automatic updates
Microsoft has posted possible fixes that were causing blue screens and shutdowns

http://support.microsoft.com/?scid=kb%3Ben...p;x=13&y=12 (http://\"http://support.microsoft.com/?scid=kb%3Ben-us%3B932494&x=13&y=12\")

I would apply the hotfix
Also, reenable Auto updates and see if your problems are resolved

NOTE: If you reneable Autoupdates and manually visit Windows Updates
You can install this update with the Express>>High Priorities also
Or Automatic updates will also install it if enabled
Title: Computer Restarting
Post by: Synthetic on June 06, 2007, 10:50:30 PM
oh, ok! Thank you so much!