Solve : Virus of sum sort????

1.	Solve : Virus of sum sort????
Answer» 2007-05-01 12:12d--------C:\Documents and Settings\Administrator\Shared 2007-05-01 12:12d--------C:\Documents and Settings\Administrator\Incomplete 2007-05-01 12:12d--------C:\DOCUME~1\ADMINI~1\Shared 2007-05-01 12:12d--------C:\DOCUME~1\ADMINI~1\Incomplete 2007-04-30 22:32d--hs----C:\RECYCLER 2007-04-30 22:06d--------C:\Program Files\LimeWire 2007-04-30 22:06d--------C:\Documents and Settings\Administrator\.limewire 2007-04-30 22:06d--------C:\DOCUME~1\ADMINI~1\.limewire 2007-04-30 21:53d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield 2007-04-30 21:4625,600--a------C:\WINDOWS\system32\drivers\usbser.sys 2007-04-30 21:46d--------C:\Program Files\Avanquest update 2007-04-30 21:45d--------C:\Program Files\Motorola Phone Tools 2007-04-30 21:45d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software 2007-04-30 21:4424,192--a------C:\WINDOWS\system32\drivers\usbsermptxp.sys 2007-04-30 21:4424,192--a------C:\Documents and Settings\Administrator\usbsermptxp.sys 2007-04-30 21:4424,192--a------C:\DOCUME~1\ADMINI~1\usbsermptxp.sys 2007-04-30 21:4422,768--a------C:\Documents and Settings\Administrator\usbsermpt.sys 2007-04-30 21:4422,768--a------C:\DOCUME~1\ADMINI~1\usbsermpt.sys 2007-04-30 20:22262,144--a------C:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-04-30 20:19d--------C:\Program Files\MSXML 4.0 2007-04-30 19:1357,472--a------C:\WINDOWS\system32\drivers\redbook.sys 2007-04-30 19:133,072--a------C:\WINDOWS\system32\drivers\audstub.sys 2007-04-30 19:12870,784--a------C:\WINDOWS\system32\ati3d1ag.dll 2007-04-30 19:1274,240--a------C:\WINDOWS\system32\usbui.dll 2007-04-30 19:12516,768--a------C:\WINDOWS\system32\ativvaxx.dll 2007-04-30 19:1242,240--a------C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-04-30 19:1227,165--a------C:\WINDOWS\system32\drivers\fetnd5.sys 2007-04-30 19:12229,376--a------C:\WINDOWS\system32\ati2cqag.dll 2007-04-30 19:12201,728--a------C:\WINDOWS\system32\ati2dvag.dll 2007-04-30 19:121,888,992--a------C:\WINDOWS\system32\ati3duag.dll 2007-04-30 19:121,540,608--a------C:\WINDOWS\system32\drivers\ati2mtag.sys 2007-04-30 19:118,192-ra------C:\WINDOWS\system32\kbdhept.dll 2007-04-30 19:116,656-ra------C:\WINDOWS\system32\kbdhela3.dll 2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdtuq.dll 2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdtuf.dll 2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdhela2.dll 2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdgkl.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdmon.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdkyr.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe319.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe220.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe.dll 2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdazel.dll 2007-04-30 19:11dr-------C:\Program Files 2007-04-30 19:11d--hs----C:\WINDOWS\Installer 2007-04-30 19:11d--------C:\Program Files\Common Files\SpeechEngines 2007-04-30 19:11d--------C:\Program Files\Common Files\ODBC 2007-04-30 19:109,936--a------C:\WINDOWS\system\LZEXPAND.DLL 2007-04-30 19:109,008--a------C:\WINDOWS\system\VER.DLL 2007-04-30 19:1085,020--a------C:\WINDOWS\system32\dgsetup.dll 2007-04-30 19:1082,944--a------C:\WINDOWS\system\OLECLI.DLL 2007-04-30 19:108,704--a------C:\WINDOWS\system32\batt.dll 2007-04-30 19:1074,752--a------C:\WINDOWS\system32\storprop.dll 2007-04-30 19:107,168-ra------C:\WINDOWS\system32\kbdcz.dll 2007-04-30 19:1069,584--a------C:\WINDOWS\system\AVICAP.DLL 2007-04-30 19:1069,120--a------C:\WINDOWS\NOTEPAD.EXE 2007-04-30 19:1068,768--a------C:\WINDOWS\system\MMSYSTEM.DLL 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdycl.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdsl1.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdsl.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdpl.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdhu.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcz2.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcz1.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcr.dll 2007-04-30 19:106,656-ra------C:\WINDOWS\system32\KBDAL.DLL 2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdlv1.dll 2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdlv.dll 2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdest.dll 2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdro.dll 2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdpl1.dll 2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdlt1.dll 2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdlt.dll 2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdhu1.dll 2007-04-30 19:105,120--a------C:\WINDOWS\system\SHELL.DLL 2007-04-30 19:1032,816--a------C:\WINDOWS\system\COMMDLG.DLL 2007-04-30 19:1024,661--a------C:\WINDOWS\system32\spxcoins.dll 2007-04-30 19:1024,064--a------C:\WINDOWS\system\OLESVR.DLL 2007-04-30 19:1019,200--a------C:\WINDOWS\system\TAPI.DLL 2 of ..... 2007-04-30 19:10176,157--a------C:\WINDOWS\system32\dgrpsetu.dll 2007-04-30 19:1015,360--a------C:\WINDOWS\TASKMAN.EXE 2007-04-30 19:1013,312--a------C:\WINDOWS\system32\irclass.dll 2007-04-30 19:10126,912--a------C:\WINDOWS\system\MSVIDEO.DLL 2007-04-30 19:1011,264--a------C:\WINDOWS\system32\drivers\irenum.sys 2007-04-30 19:10109,456--a------C:\WINDOWS\system\AVIFILE.DLL 2007-04-30 19:10103,424--a------C:\WINDOWS\system32\EqnClass.Dll 2007-04-30 19:10dr-------C:\DOCUME~1\ALLUSE~1\Documents 2007-04-30 19:08d--hs----C:\System Volume Information 2007-04-30 19:08d--------C:\WINDOWS\system32\CatRoot23 of........ 2007-04-30 19:08d--------C:\WINDOWS\system32\CatRoot 2007-04-30 19:08d--------C:\Documents and Settings 2007-04-30 19:03dr-hsc---C:\WINDOWS\system32\dllcache 2007-04-30 19:03dr--s----C:\WINDOWS\Fonts 2007-04-30 19:03dr-------C:\WINDOWS\Web 2007-04-30 19:03d--h-----C:\WINDOWS\inf 2007-04-30 19:03d--------C:\WINDOWS\WinSxS 2007-04-30 19:03d--------C:\WINDOWS\twain_32 2007-04-30 19:03d--------C:\WINDOWS\system32\wins 2007-04-30 19:03d--------C:\WINDOWS\system32\wbem 2007-04-30 19:03d--------C:\WINDOWS\system32\usmt 2007-04-30 19:03d--------C:\WINDOWS\system32\spool 2007-04-30 19:03d--------C:\WINDOWS\system32\ShellExt 2007-04-30 19:03d--------C:\WINDOWS\system32\Setup 2007-04-30 19:03d--------C:\WINDOWS\system32\ras 2007-04-30 19:03d--------C:\WINDOWS\system32\oobe 2007-04-30 19:03d--------C:\WINDOWS\system32\npp 2007-04-30 19:03d--------C:\WINDOWS\system32\mui 2007-04-30 19:03d--------C:\WINDOWS\system32\inetsrv 2007-04-30 19:03d--------C:\WINDOWS\system32\IME 2007-04-30 19:03d--------C:\WINDOWS\system32\icsxml 2007-04-30 19:03d--------C:\WINDOWS\system32\ias 2007-04-30 19:03d--------C:\WINDOWS\system32\export 2007-04-30 19:03d--------C:\WINDOWS\system32\drivers\etc 2007-04-30 19:03d--------C:\WINDOWS\system32\drivers\disdn 2007-04-30 19:03d--------C:\WINDOWS\system32\drivers 2007-04-30 19:03d--------C:\WINDOWS\system32\dhcp 2007-04-30 19:03d--------C:\WINDOWS\system32\config 2007-04-30 19:03d--------C:\WINDOWS\system32\3com_dmi 2007-04-30 19:03d--------C:\WINDOWS\system32\3076 2007-04-30 19:03d--------C:\WINDOWS\system32\2052 2007-04-30 19:03d--------C:\WINDOWS\system32\1054 2007-04-30 19:03d--------C:\WINDOWS\system32\1042 2007-04-30 19:03d--------C:\WINDOWS\system32\1041 2007-04-30 19:03d--------C:\WINDOWS\system32\1037 2007-04-30 19:03d--------C:\WINDOWS\system32\1033 2007-04-30 19:03d--------C:\WINDOWS\system32\1031 2007-04-30 19:03d--------C:\WINDOWS\system32\1028 2007-04-30 19:03d--------C:\WINDOWS\system32\1025 2007-04-30 19:03d--------C:\WINDOWS\system32 2007-04-30 19:03d--------C:\WINDOWS\system 2007-04-30 19:03d--------C:\WINDOWS\security 2007-04-30 19:03d--------C:\WINDOWS\Resources 2007-04-30 19:03d--------C:\WINDOWS\repair 2007-04-30 19:03d--------C:\WINDOWS\Provisioning 2007-04-30 19:03d--------C:\WINDOWS\PeerNet 2007-04-30 19:03d--------C:\WINDOWS\pchealth 2007-04-30 19:03d--------C:\WINDOWS\mui 2007-04-30 19:03d--------C:\WINDOWS\msapps 2007-04-30 19:03d--------C:\WINDOWS\msagent 2007-04-30 19:03d--------C:\WINDOWS\Media 2007-04-30 19:03d--------C:\WINDOWS\ime 2007-04-30 19:03d--------C:\WINDOWS\Help 2007-04-30 19:03d--------C:\WINDOWS\ehome 2007-04-30 19:03d--------C:\WINDOWS\Driver Cache 2007-04-30 19:03d--------C:\WINDOWS\Debug 2007-04-30 19:03d--------C:\WINDOWS\Cursors 2007-04-30 19:03d--------C:\WINDOWS\Connection Wizard 2007-04-30 19:03d--------C:\WINDOWS\Config 2007-04-30 19:03d--------C:\WINDOWS\AppPatch 2007-04-30 19:03d--------C:\WINDOWS\addins 2007-04-30 19:03d--------C:\WINDOWS 2007-04-30 15:023,840--a------C:\WINDOWS\system32\drivers\BANTExt.sys 2007-04-30 15:02d--------C:\Program Files\Belarc 2007-04-30 13:24d--------C:\1cda015c0c09cfaf43b0a11ba5 2007-04-30 12:04d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet 2007-04-30 10:58d--------C:\Program Files\PowerISO 2007-04-30 10:4832,592--a------C:\WINDOWS\system32\msonpmon.dll 2007-04-30 10:47d--------C:\Program Files\Microsoft Works 2007-04-30 10:46d--------C:\Program Files\MSBuild 2007-04-30 10:41d--------C:\WINDOWS\SHELLNEW 2007-04-30 10:39dr-h-----C:\MSOCache 2007-04-30 10:39d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help 2007-04-30 10:37d--------C:\Program Files\DAEMON Tools 2007-04-30 10:29d--h-----C:\WINDOWS\$hf_mig$ 2007-04-30 10:29d--------C:\WINDOWS\system32\PreInstall 2007-04-30 09:51d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead 2007-04-30 09:49d--------C:\Program Files\Nero 2007-04-30 09:49d--------C:\Program Files\Common Files\Ahead 2007-04-30 09:49d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero 2007-04-30 09:47d--------C:\Program Files\Windows Media Connect 2 2007-04-30 09:44682,232--a------C:\WINDOWS\system32\drivers\sptd.sys 2007-04-30 09:4423,856--a------C:\WINDOWS\system32\spupdsvc.exe 2007-04-30 09:44d--------C:\WINDOWS\system32\LogFiles 2007-04-30 09:44d--------C:\WINDOWS\system32\drivers\UMDF 2007-04-30 09:43d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent 2007-04-30 09:40d--------C:\Documents and Settings\Administrator\Contacts 2007-04-30 09:40d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-04-30 09:40d--------C:\DOCUME~1\ADMINI~1\Contacts 2007-04-30 09:39d----c---C:\WINDOWS\system32\DRVSTORE 2007-04-30 09:39d--------C:\Program Files\MSN Messenger 2007-04-30 09:3882,944--a------C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-30 09:386,400--a------C:\WINDOWS\system32\drivers\splitter.sys 2007-04-30 09:3854,272--a------C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-30 09:3852,864--a------C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-30 09:3827,904--a------C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2007-04-30 09:38172,416--a------C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-30 09:38142,464--a------C:\WINDOWS\system32\drivers\aec.sys 2007-04-30 09:38d--------C:\WINDOWS\system32\ReinstallBackups 2007-04-30 09:37864---------C:\WINDOWS\system32\drivers\alcxinit.dat 2007-04-30 09:37765,952--a------C:\WINDOWS\system\crlds3d.dll 2007-04-30 09:37720,896--a------C:\WINDOWS\system32\Audio3D.dll 2007-04-30 09:37720,896--a------C:\WINDOWS\system32\a3d.dll 2007-04-30 09:377,552--a------C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-30 09:3760,800--a------C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-30 09:3760,288--a------C:\WINDOWS\system32\drivers\drmk.sys 2007-04-30 09:3755,296--a------C:\WINDOWS\SOUNDMAN.EXE 2007-04-30 09:375,376--a------C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-30 09:37461,312--a------C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2007-04-30 09:37403,968--a------C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2007-04-30 09:374,992--a------C:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-30 09:374,096--a------C:\WINDOWS\system32\ksuser.dll 2007-04-30 09:37306,688--a------C:\WINDOWS\IsUninst.exe 2007-04-30 09:37208,896---------C:\WINDOWS\alcupd.exe 2007-04-30 09:372,944--a------C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-30 09:37145,792--a------C:\WINDOWS\system32\drivers\portcls.sys 2007-04-30 09:37139,264---------C:\WINDOWS\alcrmv.exe 2007-04-30 09:37d--h-----C:\Program Files\InstallShield Installation Information 2007-04-30 09:37d--------C:\Program Files\Common Files\InstallShield 2007-04-30 09:37d--------C:\Documents and Settings\Administrator\WINDOWS 2007-04-30 09:37d--------C:\DOCUME~1\ADMINI~1\WINDOWS 2007-04-30 09:36d--------C:\WINDOWS\system32\SoftwareDistribution 2007-04-30 09:323,670,016--ah-----C:\Documents and Settings\Administrator\NTUSER.DAT 2007-04-30 09:323,670,016--ah-----C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-30 09:29262,144--ah-----C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-30 09:29262,144--ah-----C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-30 09:29d--------C:\WINDOWS\SoftwareDistribution 2007-04-30 09:29d--------C:\WINDOWS\Prefetch 2007-04-30 09:25d--------C:\WINDOWS\system32\xircom 2007-04-30 09:25d--------C:\Program Files\microsoft frontpage 2007-04-30 09:24262,144--ah-----C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-30 09:24112,128--a------C:\WINDOWS\system32\mapi32.dll 2007-04-30 09:240-rahs----C:\MSDOS.SYS 2007-04-30 09:240-rahs----C:\IO.SYS 2007-04-30 09:240--a------C:\CONFIG.SYS4 of..... 2007-04-30 09:240--a------C:\AUTOEXEC.BAT 2007-04-30 09:23dr-------C:\WINDOWS\Offline Web Pages 2007-04-30 09:23d--hs----C:\DOCUME~1\ALLUSE~1\DRM 2007-04-30 09:23d--h-----C:\Program Files\WindowsUpdate 2007-04-30 09:23d---s----C:\WINDOWS\Downloaded Program Files 2007-04-30 09:2264,512--a------C:\WINDOWS\system32\acctres.dll 2007-04-30 09:2212,288--a------C:\WINDOWS\system32\nmevtmsg.dll 2007-04-30 09:2211,264--a------C:\WINDOWS\system32\atrace.dll 2007-04-30 09:22d--------C:\WINDOWS\system32\DirectX 2007-04-30 09:2181,920--a------C:\WINDOWS\system32\isign32.dll 2007-04-30 09:2181,920--a------C:\WINDOWS\system32\ils.dll 2007-04-30 09:218,192--a------C:\WINDOWS\system32\bitsprx2.dll 2007-04-30 09:2173,728--a------C:\WINDOWS\system32\icwdial.dll 2007-04-30 09:2173,472--a------C:\WINDOWS\system32\drivers\sr.sys 2007-04-30 09:217,168--a------C:\WINDOWS\system32\bitsprx3.dll 2007-04-30 09:2169,632--a------C:\WINDOWS\system32\msconf.dll 2007-04-30 09:21679,424--a------C:\WINDOWS\system32\inetcomm.dll 2007-04-30 09:2167,584--a------C:\WINDOWS\system32\srclient.dll 2007-04-30 09:2165,536--a------C:\WINDOWS\system32\icwphbk.dll 2007-04-30 09:216,656--a------C:\WINDOWS\system32\wuauserv.dll 2007-04-30 09:2148,128--a------C:\WINDOWS\system32\inetres.dll 2007-04-30 09:21465,176--a------C:\WINDOWS\system32\wuapi.dll 2007-04-30 09:2145,568--a------C:\WINDOWS\system32\safrslv.dll 2007-04-30 09:2143,520--a------C:\WINDOWS\system32\safrcdlg.dll 2007-04-30 09:2143,520--a------C:\WINDOWS\system32\racpldlg.dll 2007-04-30 09:2141,240--a------C:\WINDOWS\system32\wups.dll 2007-04-30 09:21382,464--a------C:\WINDOWS\system32\qmgr.dll 2007-04-30 09:2134,560--a------C:\WINDOWS\system32\mnmdd.dll 2007-04-30 09:2132,768--a------C:\WINDOWS\system32\mnmsrvc.exe 2007-04-30 09:2132,768--a------C:\WINDOWS\system32\isrdbg32.dll 2007-04-30 09:2129,696--a------C:\WINDOWS\system32\safrdm.dll 2007-04-30 09:2128,672--a------C:\WINDOWS\system32\nmmkcert.dll 2007-04-30 09:21274,944--a------C:\WINDOWS\system32\mstask.dll 2007-04-30 09:21274,432--a------C:\WINDOWS\system32\inetcfg.dll 2007-04-30 09:21252,928--a------C:\WINDOWS\system32\msoeacct.dll 2007-04-30 09:21239,104--a------C:\WINDOWS\system32\srrstr.dll 2007-04-30 09:2123,040--a------C:\WINDOWS\system32\fltmc.exe 2007-04-30 09:21194,328--a------C:\WINDOWS\system32\wuaueng1.dll 2007-04-30 09:21190,976--a------C:\WINDOWS\system32\schedsvc.dll 2007-04-30 09:2118,944--a------C:\WINDOWS\system32\qmgrprxy.dll 2007-04-30 09:21173,536--a------C:\WINDOWS\system32\wuweb.dll 2007-04-30 09:21172,312--a------C:\WINDOWS\system32\wuauclt1.exe 2007-04-30 09:21170,496--a------C:\WINDOWS\system32\srsvc.dll 2007-04-30 09:2116,896--a------C:\WINDOWS\system32\fltlib.dll 2007-04-30 09:2116,384--a------C:\WINDOWS\system32\icfgnt5.dll 2007-04-30 09:21128,896--a------C:\WINDOWS\system32\drivers\fltmgr.sys 2007-04-30 09:21127,256--a------C:\WINDOWS\system32\wucltui.dll 2007-04-30 09:21124,184--a------C:\WINDOWS\system32\wuauclt.exe 2007-04-30 09:2112,288--a------C:\WINDOWS\system32\mstinit.exe 2007-04-30 09:21105,984--a------C:\WINDOWS\system32\msoert2.dll 2007-04-30 09:211,343,768--a------C:\WINDOWS\system32\wuaueng.dll 2007-04-30 09:21d---s----C:\WINDOWS\Tasks 2007-04-30 09:21d--------C:\WINDOWS\system32\Restore 2007-04-30 09:21d--------C:\WINDOWS\system32\Macromed 2007-04-30 09:21d--------C:\WINDOWS\srchasst 2007-04-30 09:21d--------C:\Program Files\Movie Maker 2007-04-30 09:21d--------C:\Program Files\Common Files\MSSoap 2007-04-30 09:2073,216--a------C:\WINDOWS\system32\avwav.dll 2007-04-30 09:205,632--a------C:\WINDOWS\system32\write.exe 2007-04-30 09:2044,544--a------C:\WINDOWS\system32\hticons.dll 2007-04-30 09:2035,328--a------C:\WINDOWS\system32\winchat.exe 2007-04-30 09:20227,840--a------C:\WINDOWS\system32\avtapi.dll 2007-04-30 09:2021,640--a------C:\WINDOWS\system32\emptyregdb.dat 2007-04-30 09:2016,384--a------C:\WINDOWS\system32\avmeter.dll 2007-04-30 09:20138,752--a------C:\WINDOWS\system32\sndvol32.exe 2007-04-30 09:20d--------C:\WINDOWS\Registration 2007-04-30 09:20d--------C:\Program Files\Online Services 2007-04-30 09:20d--------C:\Program Files\MSN Gaming Zone 2007-04-30 09:20d--------C:\Program Files\Messenger 2007-04-30 09:1997,792--a------C:\WINDOWS\system32\comrepl.dll 2007-04-30 09:19956,416--a------C:\WINDOWS\system32\msdtctm.dll 2007-04-30 09:1993,696--a------C:\WINDOWS\system32\tscfgwmi.dll 2007-04-30 09:1991,136--a------C:\WINDOWS\system32\mtxoci.dll 2007-04-30 09:199,728--a------C:\WINDOWS\system32\reset.exe 2007-04-30 09:1987,176--a------C:\WINDOWS\system32\rdpwsx.dll 2007-04-30 09:1985,504--a------C:\WINDOWS\system32\catsrvps.dll 2007-04-30 09:1980,384--a------C:\WINDOWS\system32\charmap.exe 2007-04-30 09:1967,072--a------C:\WINDOWS\system32\rdshost.exe 2007-04-30 09:19655,360--a------C:\WINDOWS\system32\mstscax.dll 2007-04-30 09:19625,152--a------C:\WINDOWS\system32\catsrvut.dll 2007-04-30 09:1962,464--a------C:\WINDOWS\system32\rdpclip.exe 2007-04-30 09:19605,696--a------C:\WINDOWS\system32\getuname.dll 2007-04-30 09:1960,416--a------C:\WINDOWS\system32\remotepg.dll 2007-04-30 09:1960,416--a------C:\WINDOWS\system32\colbact.dll 2007-04-30 09:196,144--a------C:\WINDOWS\system32\msdtc.exe 2007-04-30 09:1958,880--a------C:\WINDOWS\system32\msdtclog.dll 2007-04-30 09:1958,880--a------C:\WINDOWS\system32\licwmi.dll 2007-04-30 09:1956,832--a------C:\WINDOWS\system32\sol.exe 2007-04-30 09:1956,320--a------C:\WINDOWS\system32\servdeps.dll 2007-04-30 09:1955,296--a------C:\WINDOWS\system32\freecell.exe 2007-04-30 09:19540,160--a------C:\WINDOWS\system32\comuid.dll 2007-04-30 09:1954,272--a------C:\WINDOWS\system32\stclient.dll 2007-04-30 09:19538,624--a------C:\WINDOWS\system32\spider.exe 2007-04-30 09:195,120--a------C:\WINDOWS\system32\dcomcnfg.exe 2007-04-30 09:19498,688--a------C:\WINDOWS\system32\clbcatq.dll 2007-04-30 09:1944,544--a------C:\WINDOWS\system32\tscupgrd.exe 2007-04-30 09:19426,496--a------C:\WINDOWS\system32\msdtcprx.dll 2007-04-30 09:19407,552--a------C:\WINDOWS\system32\mstsc.exe 2007-04-30 09:1940,840--a------C:\WINDOWS\system32\drivers\termdd.sys 2007-04-30 09:194,096--a------C:\WINDOWS\system32\rdpcfgex.dll 2007-04-30 09:194,096--a------C:\WINDOWS\system32\mtxex.dll 2007-04-30 09:1938,912--a------C:\WINDOWS\system32\cfgbkend.dll 2007-04-30 09:19347,136--a------C:\WINDOWS\system32\hypertrm.dll 2007-04-30 09:19343,040--a------C:\WINDOWS\system32\mspaint.exe 2007-04-30 09:1933,792--a------C:\WINDOWS\system32\regini.exe 2007-04-30 09:19295,424--a------C:\WINDOWS\system32\termsrv.dll 2007-04-30 09:1925,600--a------C:\WINDOWS\system32\comaddin.dll 2007-04-30 09:1925,088--a------C:\WINDOWS\system32\mtxlegih.dll 2007-04-30 09:19225,792--a------C:\WINDOWS\system32\catsrv.dll 2007-04-30 09:1922,016--a------C:\WINDOWS\system32\qwinsta.exe 2007-04-30 09:1921,896--a------C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-30 09:1920,992--a------C:\WINDOWS\system32\msg.exe 5 of........ 2007-04-30 09:1920,480--a------C:\WINDOWS\system32\qprocess.exe 2007-04-30 09:1920,480--a------C:\WINDOWS\system32\mtxdm.dll 2007-04-30 09:19196,864--a------C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-30 09:1919,968--a------C:\WINDOWS\system32\rdpsnd.dll 2007-04-30 09:19185,344--a------C:\WINDOWS\system32\cmprops.dll 2007-04-30 09:19183,808--a------C:\WINDOWS\system32\accwiz.exe 2007-04-30 09:1917,408--a------C:\WINDOWS\system32\mmfutil.dll 2007-04-30 09:19161,280--a------C:\WINDOWS\system32\msdtcuiu.dll 2007-04-30 09:1916,896--a------C:\WINDOWS\system32\tsshutdn.exe 2007-04-30 09:1916,896--a------C:\WINDOWS\system32\qappsrv.exe 2007-04-30 09:1916,384--a------C:\WINDOWS\system32\tskill.exe 2007-04-30 09:1915,872--a------C:\WINDOWS\system32\rwinsta.exe 2007-04-30 09:1915,872--a------C:\WINDOWS\system32\cdmodem.dll 2007-04-30 09:1915,360--a------C:\WINDOWS\system32\logoff.exe 2007-04-30 09:19147,968--a------C:\WINDOWS\system32\rdchost.dll 2007-04-30 09:19147,456--a------C:\WINDOWS\system32\comsnap.dll 2007-04-30 09:19140,800--a------C:\WINDOWS\system32\sessmgr.exe 2007-04-30 09:1914,848--a------C:\WINDOWS\system32\tsdiscon.exe 2007-04-30 09:1914,848--a------C:\WINDOWS\system32\tscon.exe 2007-04-30 09:1914,848--a------C:\WINDOWS\system32\shadow.exe 2007-04-30 09:19139,528--a------C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-30 09:19131,584--a------C:\WINDOWS\system32\sndrec32.exe 2007-04-30 09:1913,824--a------C:\WINDOWS\system32\rdsaddin.exe 2007-04-30 09:19126,976--a------C:\WINDOWS\system32\mshearts.exe 2007-04-30 09:19123,392--a------C:\WINDOWS\system32\mplay32.exe 2007-04-30 09:1912,040--a------C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-30 09:19119,808--a------C:\WINDOWS\system32\winmine.exe 2007-04-30 09:19114,688--a------C:\WINDOWS\system32\calc.exe 2007-04-30 09:19110,080--a------C:\WINDOWS\system32\clbcatex.dll 2007-04-30 09:1911,776--a------C:\WINDOWS\system32\xolehlp.dll 2007-04-30 09:1911,264--a------C:\WINDOWS\system32\icaapi.dll 2007-04-30 09:19102,912--a------C:\WINDOWS\system32\clipbrd.exe 2007-04-30 09:191,267,200--a------C:\WINDOWS\system32\comsvcs.dll 2007-04-30 09:191,161--a------C:\WINDOWS\system32\usrlogon.cmd 2007-04-30 09:19d--------C:\WINDOWS\system32\MsDtc 2007-04-30 09:19d--------C:\WINDOWS\system32\Com 2007-04-30 09:19d--------C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-18 16:12:232,854,400----a-wC:\WINDOWS\system32\msi.dll 2007-04-09 12:27:0731,548----a-wC:\WINDOWS\system32\drivers\scdemu.sys 2007-03-17 13:43:01292,864----a-wC:\WINDOWS\system32\winsrv.dll 2007-03-14 09:27:58972,336----a-wC:\WINDOWS\UNRecode.exe 2007-03-14 09:19:5695,864----a-wC:\WINDOWS\system32\NeroCo.dll 2007-03-14 09:19:26972,336----a-wC:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 03:51:08972,336----a-wC:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28577,536----a-wC:\WINDOWS\system32\user32.dll 2007-03-08 15:36:2840,960----a-wC:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28281,600----a-wC:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:481,843,584----a-wC:\WINDOWS\system32\win32k.sys 2007-02-28 10:53:50972,336----a-wC:\WINDOWS\UNNeroVision.exe 2007-02-28 05:41:02972,336----a-wC:\WINDOWS\UNNeroShowTime.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {0F06680B-F18E-4EC3-8D73-FD6D8230B244}=C:\WINDOWS\system32\ddabb.dll [] {72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-29 03:48] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09] "AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 20:28] "CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 16:33] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25] "NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 19:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoClose"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxxu] efcbxxu.dll Contents of the 'Scheduled Tasks' folder 2007-05-20 05:40:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job ****************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-29 23:38:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************** Completion time: 2007-05-29 23:39:45 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-05-29 23:39 --- E O FFirst, I'd like for you to download ERUNT and use it to backup your registry. This is very important! I have attached a .zip file to this post. Save the file and extract it to your desktop. There are two files within it: remove.reg and remove.bat. Run/execute both files. This will only take a couple of seconds. Once you have done that, go to Start > Run and type in regedit** and click OK. I don't know how familiar you are with Regedit, so I'll try to make this simple. You will be faced with the following directories... HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG Navigate to the following directory... HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer In the right panel, there will be a set of registry keys. Locate the one named NoClose, right-click on it, and click on Modify. Under the Value Data, change the 1 to a 0. This should restore your Shut Down button. If you encounter any problems, use your ERUNT backup to restore your registry. Update AVG and scan with it in Safe Mode again. Let it clean whatever it wants. Restart and post back with a new log and an update on how things are going. [cleaning up - attachment deleted by admin]ok done all that exept the scan atm. so does the shutdown button come up straight away or do i have to reboot? cause i havnt rebooted yet and it still hasnt shown up Dude you are a legend just rebooted and now i have my shut down button back thanks sooooo much. now how do i get rid of the rebooing problem?I'm glad I could get that working for you. Now let's try to figure out your rebooting problem. Before you run your anti-virus scan, I want you to download AVG Anti-Rootkit and scan with that also (not at the same time). Its scan won't take as long as the anti-virus. Also... QUOTE from: imanidiot on May 29, 2007, 04:00:56 AM im running avg 7 and adaware se and avg keep coming up with unwanted files so far here is wat follows C;\WIndows\system32\csifmoml.ddl ddyhokyt.dll max1d1641.exe protector.exe ntio256.sys all in the system32 file. and then there are more in my temp folder Do these files still show up in your scans or were they removed? You may want to give SDFix a try. Download it and save it to your desktop. Then... 1. Open the extracted SDFix folder and double click RunThis.bat to start the script. 2. Type Y to begin the cleanup process. 3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. 4. Press any Key and it will restart the PC. 5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to END the script and load your desktop icons. 6. Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Post back with this log along with the results of your scans.no those files have been removed and i did that new avg thing and it came up with no problems found. here is the sdfix log file. SDFix: Version 1.85 Run by Administrator - Wed 30/05/2007 - 21:39:58.92 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\-59809~1 - Deleted Removing Temp Files... ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: REMAINING Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe::Enabled:BearShare" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\backup\Downloads\Epic.Movie.DVDSCR.XviD-NEPTUNE.[www.torrentfive.com]\Sample\Thumbs.db C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\backup\back up stuff\Installs\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage)\MSDE2000\SQLRESLD.DLL C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont censored* It Up!!)\Downloads & Install Files\Messenger Plus! - Setup.exe C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont censored It Up!!)\Downloads & Install Files\setup msn 6.1.exe C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont censored It Up!!)\Downloads & Install Files\vnc-4.0-x86_win32.exe C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp C:\WINDOWS\system32\config\default.tmp.LOG C:\WINDOWS\system32\config\SAM.tmp.LOG C:\WINDOWS\system32\config\SECURITY.tmp.LOG C:\WINDOWS\system32\config\software.tmp.LOG C:\WINDOWS\system32\config\system.tmp.LOG Finished i will let you know if it rebbots again. thanks so much for your help. ur a legend!!!!!!!!!!!!!!!!!!! I'm glad I could be of some help. I'll keep my fingers crossed and hope the reboots have STOPPED. After all of this work, you should be clean now, so if the reboots persist, it might be related to a hardware issue.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged. If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Answer»

2007-05-01 12:12d--------C:\Documents and Settings\Administrator\Shared
2007-05-01 12:12d--------C:\Documents and Settings\Administrator\Incomplete
2007-05-01 12:12d--------C:\DOCUME~1\ADMINI~1\Shared
2007-05-01 12:12d--------C:\DOCUME~1\ADMINI~1\Incomplete
2007-04-30 22:32d--hs----C:\RECYCLER
2007-04-30 22:06d--------C:\Program Files\LimeWire
2007-04-30 22:06d--------C:\Documents and Settings\Administrator\.limewire
2007-04-30 22:06d--------C:\DOCUME~1\ADMINI~1\.limewire
2007-04-30 21:53d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-04-30 21:4625,600--a------C:\WINDOWS\system32\drivers\usbser.sys
2007-04-30 21:46d--------C:\Program Files\Avanquest update
2007-04-30 21:45d--------C:\Program Files\Motorola Phone Tools
2007-04-30 21:45d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-04-30 21:4424,192--a------C:\WINDOWS\system32\drivers\usbsermptxp.sys
2007-04-30 21:4424,192--a------C:\Documents and Settings\Administrator\usbsermptxp.sys
2007-04-30 21:4424,192--a------C:\DOCUME~1\ADMINI~1\usbsermptxp.sys
2007-04-30 21:4422,768--a------C:\Documents and Settings\Administrator\usbsermpt.sys
2007-04-30 21:4422,768--a------C:\DOCUME~1\ADMINI~1\usbsermpt.sys
2007-04-30 20:22262,144--a------C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-30 20:19d--------C:\Program Files\MSXML 4.0
2007-04-30 19:1357,472--a------C:\WINDOWS\system32\drivers\redbook.sys
2007-04-30 19:133,072--a------C:\WINDOWS\system32\drivers\audstub.sys
2007-04-30 19:12870,784--a------C:\WINDOWS\system32\ati3d1ag.dll
2007-04-30 19:1274,240--a------C:\WINDOWS\system32\usbui.dll
2007-04-30 19:12516,768--a------C:\WINDOWS\system32\ativvaxx.dll
2007-04-30 19:1242,240--a------C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-04-30 19:1227,165--a------C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-30 19:12229,376--a------C:\WINDOWS\system32\ati2cqag.dll
2007-04-30 19:12201,728--a------C:\WINDOWS\system32\ati2dvag.dll
2007-04-30 19:121,888,992--a------C:\WINDOWS\system32\ati3duag.dll
2007-04-30 19:121,540,608--a------C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-30 19:118,192-ra------C:\WINDOWS\system32\kbdhept.dll
2007-04-30 19:116,656-ra------C:\WINDOWS\system32\kbdhela3.dll
2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdtuq.dll
2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdtuf.dll
2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdhela2.dll
2007-04-30 19:116,144-ra------C:\WINDOWS\system32\kbdgkl.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdmon.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdkyr.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe319.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe220.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdhe.dll
2007-04-30 19:115,632-ra------C:\WINDOWS\system32\kbdazel.dll
2007-04-30 19:11dr-------C:\Program Files
2007-04-30 19:11d--hs----C:\WINDOWS\Installer
2007-04-30 19:11d--------C:\Program Files\Common Files\SpeechEngines
2007-04-30 19:11d--------C:\Program Files\Common Files\ODBC
2007-04-30 19:109,936--a------C:\WINDOWS\system\LZEXPAND.DLL
2007-04-30 19:109,008--a------C:\WINDOWS\system\VER.DLL
2007-04-30 19:1085,020--a------C:\WINDOWS\system32\dgsetup.dll
2007-04-30 19:1082,944--a------C:\WINDOWS\system\OLECLI.DLL
2007-04-30 19:108,704--a------C:\WINDOWS\system32\batt.dll
2007-04-30 19:1074,752--a------C:\WINDOWS\system32\storprop.dll
2007-04-30 19:107,168-ra------C:\WINDOWS\system32\kbdcz.dll
2007-04-30 19:1069,584--a------C:\WINDOWS\system\AVICAP.DLL
2007-04-30 19:1069,120--a------C:\WINDOWS\NOTEPAD.EXE
2007-04-30 19:1068,768--a------C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdycl.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdsl1.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdsl.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdpl.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdhu.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcz2.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcz1.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\kbdcr.dll
2007-04-30 19:106,656-ra------C:\WINDOWS\system32\KBDAL.DLL
2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdlv1.dll
2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdlv.dll
2007-04-30 19:106,144-ra------C:\WINDOWS\system32\kbdest.dll
2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdro.dll
2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdpl1.dll
2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdlt1.dll
2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdlt.dll
2007-04-30 19:105,632-ra------C:\WINDOWS\system32\kbdhu1.dll
2007-04-30 19:105,120--a------C:\WINDOWS\system\SHELL.DLL
2007-04-30 19:1032,816--a------C:\WINDOWS\system\COMMDLG.DLL
2007-04-30 19:1024,661--a------C:\WINDOWS\system32\spxcoins.dll
2007-04-30 19:1024,064--a------C:\WINDOWS\system\OLESVR.DLL
2007-04-30 19:1019,200--a------C:\WINDOWS\system\TAPI.DLL
2 of .....

2007-04-30 19:10176,157--a------C:\WINDOWS\system32\dgrpsetu.dll
2007-04-30 19:1015,360--a------C:\WINDOWS\TASKMAN.EXE
2007-04-30 19:1013,312--a------C:\WINDOWS\system32\irclass.dll
2007-04-30 19:10126,912--a------C:\WINDOWS\system\MSVIDEO.DLL
2007-04-30 19:1011,264--a------C:\WINDOWS\system32\drivers\irenum.sys
2007-04-30 19:10109,456--a------C:\WINDOWS\system\AVIFILE.DLL
2007-04-30 19:10103,424--a------C:\WINDOWS\system32\EqnClass.Dll
2007-04-30 19:10dr-------C:\DOCUME~1\ALLUSE~1\Documents
2007-04-30 19:08d--hs----C:\System Volume Information
2007-04-30 19:08d--------C:\WINDOWS\system32\CatRoot23 of........

2007-04-30 19:08d--------C:\WINDOWS\system32\CatRoot
2007-04-30 19:08d--------C:\Documents and Settings
2007-04-30 19:03dr-hsc---C:\WINDOWS\system32\dllcache
2007-04-30 19:03dr--s----C:\WINDOWS\Fonts
2007-04-30 19:03dr-------C:\WINDOWS\Web
2007-04-30 19:03d--h-----C:\WINDOWS\inf
2007-04-30 19:03d--------C:\WINDOWS\WinSxS
2007-04-30 19:03d--------C:\WINDOWS\twain_32
2007-04-30 19:03d--------C:\WINDOWS\system32\wins
2007-04-30 19:03d--------C:\WINDOWS\system32\wbem
2007-04-30 19:03d--------C:\WINDOWS\system32\usmt
2007-04-30 19:03d--------C:\WINDOWS\system32\spool
2007-04-30 19:03d--------C:\WINDOWS\system32\ShellExt
2007-04-30 19:03d--------C:\WINDOWS\system32\Setup
2007-04-30 19:03d--------C:\WINDOWS\system32\ras
2007-04-30 19:03d--------C:\WINDOWS\system32\oobe
2007-04-30 19:03d--------C:\WINDOWS\system32\npp
2007-04-30 19:03d--------C:\WINDOWS\system32\mui
2007-04-30 19:03d--------C:\WINDOWS\system32\inetsrv
2007-04-30 19:03d--------C:\WINDOWS\system32\IME
2007-04-30 19:03d--------C:\WINDOWS\system32\icsxml
2007-04-30 19:03d--------C:\WINDOWS\system32\ias
2007-04-30 19:03d--------C:\WINDOWS\system32\export
2007-04-30 19:03d--------C:\WINDOWS\system32\drivers\etc
2007-04-30 19:03d--------C:\WINDOWS\system32\drivers\disdn
2007-04-30 19:03d--------C:\WINDOWS\system32\drivers
2007-04-30 19:03d--------C:\WINDOWS\system32\dhcp
2007-04-30 19:03d--------C:\WINDOWS\system32\config
2007-04-30 19:03d--------C:\WINDOWS\system32\3com_dmi
2007-04-30 19:03d--------C:\WINDOWS\system32\3076
2007-04-30 19:03d--------C:\WINDOWS\system32\2052
2007-04-30 19:03d--------C:\WINDOWS\system32\1054
2007-04-30 19:03d--------C:\WINDOWS\system32\1042
2007-04-30 19:03d--------C:\WINDOWS\system32\1041
2007-04-30 19:03d--------C:\WINDOWS\system32\1037
2007-04-30 19:03d--------C:\WINDOWS\system32\1033
2007-04-30 19:03d--------C:\WINDOWS\system32\1031
2007-04-30 19:03d--------C:\WINDOWS\system32\1028
2007-04-30 19:03d--------C:\WINDOWS\system32\1025
2007-04-30 19:03d--------C:\WINDOWS\system32
2007-04-30 19:03d--------C:\WINDOWS\system
2007-04-30 19:03d--------C:\WINDOWS\security
2007-04-30 19:03d--------C:\WINDOWS\Resources
2007-04-30 19:03d--------C:\WINDOWS\repair
2007-04-30 19:03d--------C:\WINDOWS\Provisioning
2007-04-30 19:03d--------C:\WINDOWS\PeerNet
2007-04-30 19:03d--------C:\WINDOWS\pchealth
2007-04-30 19:03d--------C:\WINDOWS\mui
2007-04-30 19:03d--------C:\WINDOWS\msapps
2007-04-30 19:03d--------C:\WINDOWS\msagent
2007-04-30 19:03d--------C:\WINDOWS\Media
2007-04-30 19:03d--------C:\WINDOWS\ime
2007-04-30 19:03d--------C:\WINDOWS\Help
2007-04-30 19:03d--------C:\WINDOWS\ehome
2007-04-30 19:03d--------C:\WINDOWS\Driver Cache
2007-04-30 19:03d--------C:\WINDOWS\Debug
2007-04-30 19:03d--------C:\WINDOWS\Cursors
2007-04-30 19:03d--------C:\WINDOWS\Connection Wizard
2007-04-30 19:03d--------C:\WINDOWS\Config
2007-04-30 19:03d--------C:\WINDOWS\AppPatch
2007-04-30 19:03d--------C:\WINDOWS\addins
2007-04-30 19:03d--------C:\WINDOWS
2007-04-30 15:023,840--a------C:\WINDOWS\system32\drivers\BANTExt.sys
2007-04-30 15:02d--------C:\Program Files\Belarc
2007-04-30 13:24d--------C:\1cda015c0c09cfaf43b0a11ba5
2007-04-30 12:04d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-04-30 10:58d--------C:\Program Files\PowerISO
2007-04-30 10:4832,592--a------C:\WINDOWS\system32\msonpmon.dll
2007-04-30 10:47d--------C:\Program Files\Microsoft Works
2007-04-30 10:46d--------C:\Program Files\MSBuild
2007-04-30 10:41d--------C:\WINDOWS\SHELLNEW
2007-04-30 10:39dr-h-----C:\MSOCache
2007-04-30 10:39d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-04-30 10:37d--------C:\Program Files\DAEMON Tools
2007-04-30 10:29d--h-----C:\WINDOWS\$hf_mig$
2007-04-30 10:29d--------C:\WINDOWS\system32\PreInstall
2007-04-30 09:51d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-04-30 09:49d--------C:\Program Files\Nero
2007-04-30 09:49d--------C:\Program Files\Common Files\Ahead
2007-04-30 09:49d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-30 09:47d--------C:\Program Files\Windows Media Connect 2
2007-04-30 09:44682,232--a------C:\WINDOWS\system32\drivers\sptd.sys
2007-04-30 09:4423,856--a------C:\WINDOWS\system32\spupdsvc.exe
2007-04-30 09:44d--------C:\WINDOWS\system32\LogFiles
2007-04-30 09:44d--------C:\WINDOWS\system32\drivers\UMDF
2007-04-30 09:43d--------C:\DOCUME~1\ADMINI~1\APPLIC~1\uTorrent
2007-04-30 09:40d--------C:\Documents and Settings\Administrator\Contacts
2007-04-30 09:40d--------C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-30 09:40d--------C:\DOCUME~1\ADMINI~1\Contacts
2007-04-30 09:39d----c---C:\WINDOWS\system32\DRVSTORE
2007-04-30 09:39d--------C:\Program Files\MSN Messenger
2007-04-30 09:3882,944--a------C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-30 09:386,400--a------C:\WINDOWS\system32\drivers\splitter.sys
2007-04-30 09:3854,272--a------C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-30 09:3852,864--a------C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-30 09:3827,904--a------C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2007-04-30 09:38172,416--a------C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-30 09:38142,464--a------C:\WINDOWS\system32\drivers\aec.sys
2007-04-30 09:38d--------C:\WINDOWS\system32\ReinstallBackups
2007-04-30 09:37864---------C:\WINDOWS\system32\drivers\alcxinit.dat
2007-04-30 09:37765,952--a------C:\WINDOWS\system\crlds3d.dll
2007-04-30 09:37720,896--a------C:\WINDOWS\system32\Audio3D.dll
2007-04-30 09:37720,896--a------C:\WINDOWS\system32\a3d.dll
2007-04-30 09:377,552--a------C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-30 09:3760,800--a------C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-30 09:3760,288--a------C:\WINDOWS\system32\drivers\drmk.sys
2007-04-30 09:3755,296--a------C:\WINDOWS\SOUNDMAN.EXE
2007-04-30 09:375,376--a------C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-30 09:37461,312--a------C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-30 09:37403,968--a------C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-30 09:374,992--a------C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-30 09:374,096--a------C:\WINDOWS\system32\ksuser.dll
2007-04-30 09:37306,688--a------C:\WINDOWS\IsUninst.exe
2007-04-30 09:37208,896---------C:\WINDOWS\alcupd.exe
2007-04-30 09:372,944--a------C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-30 09:37145,792--a------C:\WINDOWS\system32\drivers\portcls.sys
2007-04-30 09:37139,264---------C:\WINDOWS\alcrmv.exe
2007-04-30 09:37d--h-----C:\Program Files\InstallShield Installation Information
2007-04-30 09:37d--------C:\Program Files\Common Files\InstallShield
2007-04-30 09:37d--------C:\Documents and Settings\Administrator\WINDOWS
2007-04-30 09:37d--------C:\DOCUME~1\ADMINI~1\WINDOWS
2007-04-30 09:36d--------C:\WINDOWS\system32\SoftwareDistribution
2007-04-30 09:323,670,016--ah-----C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-30 09:323,670,016--ah-----C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-30 09:29262,144--ah-----C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-30 09:29262,144--ah-----C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-30 09:29d--------C:\WINDOWS\SoftwareDistribution
2007-04-30 09:29d--------C:\WINDOWS\Prefetch
2007-04-30 09:25d--------C:\WINDOWS\system32\xircom
2007-04-30 09:25d--------C:\Program Files\microsoft frontpage
2007-04-30 09:24262,144--ah-----C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-30 09:24112,128--a------C:\WINDOWS\system32\mapi32.dll
2007-04-30 09:240-rahs----C:\MSDOS.SYS
2007-04-30 09:240-rahs----C:\IO.SYS
2007-04-30 09:240--a------C:\CONFIG.SYS4 of.....

2007-04-30 09:240--a------C:\AUTOEXEC.BAT
2007-04-30 09:23dr-------C:\WINDOWS\Offline Web Pages
2007-04-30 09:23d--hs----C:\DOCUME~1\ALLUSE~1\DRM
2007-04-30 09:23d--h-----C:\Program Files\WindowsUpdate
2007-04-30 09:23d---s----C:\WINDOWS\Downloaded Program Files
2007-04-30 09:2264,512--a------C:\WINDOWS\system32\acctres.dll
2007-04-30 09:2212,288--a------C:\WINDOWS\system32\nmevtmsg.dll
2007-04-30 09:2211,264--a------C:\WINDOWS\system32\atrace.dll
2007-04-30 09:22d--------C:\WINDOWS\system32\DirectX
2007-04-30 09:2181,920--a------C:\WINDOWS\system32\isign32.dll
2007-04-30 09:2181,920--a------C:\WINDOWS\system32\ils.dll
2007-04-30 09:218,192--a------C:\WINDOWS\system32\bitsprx2.dll
2007-04-30 09:2173,728--a------C:\WINDOWS\system32\icwdial.dll
2007-04-30 09:2173,472--a------C:\WINDOWS\system32\drivers\sr.sys
2007-04-30 09:217,168--a------C:\WINDOWS\system32\bitsprx3.dll
2007-04-30 09:2169,632--a------C:\WINDOWS\system32\msconf.dll
2007-04-30 09:21679,424--a------C:\WINDOWS\system32\inetcomm.dll
2007-04-30 09:2167,584--a------C:\WINDOWS\system32\srclient.dll
2007-04-30 09:2165,536--a------C:\WINDOWS\system32\icwphbk.dll
2007-04-30 09:216,656--a------C:\WINDOWS\system32\wuauserv.dll
2007-04-30 09:2148,128--a------C:\WINDOWS\system32\inetres.dll
2007-04-30 09:21465,176--a------C:\WINDOWS\system32\wuapi.dll
2007-04-30 09:2145,568--a------C:\WINDOWS\system32\safrslv.dll
2007-04-30 09:2143,520--a------C:\WINDOWS\system32\safrcdlg.dll
2007-04-30 09:2143,520--a------C:\WINDOWS\system32\racpldlg.dll
2007-04-30 09:2141,240--a------C:\WINDOWS\system32\wups.dll
2007-04-30 09:21382,464--a------C:\WINDOWS\system32\qmgr.dll
2007-04-30 09:2134,560--a------C:\WINDOWS\system32\mnmdd.dll
2007-04-30 09:2132,768--a------C:\WINDOWS\system32\mnmsrvc.exe
2007-04-30 09:2132,768--a------C:\WINDOWS\system32\isrdbg32.dll
2007-04-30 09:2129,696--a------C:\WINDOWS\system32\safrdm.dll
2007-04-30 09:2128,672--a------C:\WINDOWS\system32\nmmkcert.dll
2007-04-30 09:21274,944--a------C:\WINDOWS\system32\mstask.dll
2007-04-30 09:21274,432--a------C:\WINDOWS\system32\inetcfg.dll
2007-04-30 09:21252,928--a------C:\WINDOWS\system32\msoeacct.dll
2007-04-30 09:21239,104--a------C:\WINDOWS\system32\srrstr.dll
2007-04-30 09:2123,040--a------C:\WINDOWS\system32\fltmc.exe
2007-04-30 09:21194,328--a------C:\WINDOWS\system32\wuaueng1.dll
2007-04-30 09:21190,976--a------C:\WINDOWS\system32\schedsvc.dll
2007-04-30 09:2118,944--a------C:\WINDOWS\system32\qmgrprxy.dll
2007-04-30 09:21173,536--a------C:\WINDOWS\system32\wuweb.dll
2007-04-30 09:21172,312--a------C:\WINDOWS\system32\wuauclt1.exe
2007-04-30 09:21170,496--a------C:\WINDOWS\system32\srsvc.dll
2007-04-30 09:2116,896--a------C:\WINDOWS\system32\fltlib.dll
2007-04-30 09:2116,384--a------C:\WINDOWS\system32\icfgnt5.dll
2007-04-30 09:21128,896--a------C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-30 09:21127,256--a------C:\WINDOWS\system32\wucltui.dll
2007-04-30 09:21124,184--a------C:\WINDOWS\system32\wuauclt.exe
2007-04-30 09:2112,288--a------C:\WINDOWS\system32\mstinit.exe
2007-04-30 09:21105,984--a------C:\WINDOWS\system32\msoert2.dll
2007-04-30 09:211,343,768--a------C:\WINDOWS\system32\wuaueng.dll
2007-04-30 09:21d---s----C:\WINDOWS\Tasks
2007-04-30 09:21d--------C:\WINDOWS\system32\Restore
2007-04-30 09:21d--------C:\WINDOWS\system32\Macromed
2007-04-30 09:21d--------C:\WINDOWS\srchasst
2007-04-30 09:21d--------C:\Program Files\Movie Maker
2007-04-30 09:21d--------C:\Program Files\Common Files\MSSoap
2007-04-30 09:2073,216--a------C:\WINDOWS\system32\avwav.dll
2007-04-30 09:205,632--a------C:\WINDOWS\system32\write.exe
2007-04-30 09:2044,544--a------C:\WINDOWS\system32\hticons.dll
2007-04-30 09:2035,328--a------C:\WINDOWS\system32\winchat.exe
2007-04-30 09:20227,840--a------C:\WINDOWS\system32\avtapi.dll
2007-04-30 09:2021,640--a------C:\WINDOWS\system32\emptyregdb.dat
2007-04-30 09:2016,384--a------C:\WINDOWS\system32\avmeter.dll
2007-04-30 09:20138,752--a------C:\WINDOWS\system32\sndvol32.exe
2007-04-30 09:20d--------C:\WINDOWS\Registration
2007-04-30 09:20d--------C:\Program Files\Online Services
2007-04-30 09:20d--------C:\Program Files\MSN Gaming Zone
2007-04-30 09:20d--------C:\Program Files\Messenger
2007-04-30 09:1997,792--a------C:\WINDOWS\system32\comrepl.dll
2007-04-30 09:19956,416--a------C:\WINDOWS\system32\msdtctm.dll
2007-04-30 09:1993,696--a------C:\WINDOWS\system32\tscfgwmi.dll
2007-04-30 09:1991,136--a------C:\WINDOWS\system32\mtxoci.dll
2007-04-30 09:199,728--a------C:\WINDOWS\system32\reset.exe
2007-04-30 09:1987,176--a------C:\WINDOWS\system32\rdpwsx.dll
2007-04-30 09:1985,504--a------C:\WINDOWS\system32\catsrvps.dll
2007-04-30 09:1980,384--a------C:\WINDOWS\system32\charmap.exe
2007-04-30 09:1967,072--a------C:\WINDOWS\system32\rdshost.exe
2007-04-30 09:19655,360--a------C:\WINDOWS\system32\mstscax.dll
2007-04-30 09:19625,152--a------C:\WINDOWS\system32\catsrvut.dll
2007-04-30 09:1962,464--a------C:\WINDOWS\system32\rdpclip.exe
2007-04-30 09:19605,696--a------C:\WINDOWS\system32\getuname.dll
2007-04-30 09:1960,416--a------C:\WINDOWS\system32\remotepg.dll
2007-04-30 09:1960,416--a------C:\WINDOWS\system32\colbact.dll
2007-04-30 09:196,144--a------C:\WINDOWS\system32\msdtc.exe
2007-04-30 09:1958,880--a------C:\WINDOWS\system32\msdtclog.dll
2007-04-30 09:1958,880--a------C:\WINDOWS\system32\licwmi.dll
2007-04-30 09:1956,832--a------C:\WINDOWS\system32\sol.exe
2007-04-30 09:1956,320--a------C:\WINDOWS\system32\servdeps.dll
2007-04-30 09:1955,296--a------C:\WINDOWS\system32\freecell.exe
2007-04-30 09:19540,160--a------C:\WINDOWS\system32\comuid.dll
2007-04-30 09:1954,272--a------C:\WINDOWS\system32\stclient.dll
2007-04-30 09:19538,624--a------C:\WINDOWS\system32\spider.exe
2007-04-30 09:195,120--a------C:\WINDOWS\system32\dcomcnfg.exe
2007-04-30 09:19498,688--a------C:\WINDOWS\system32\clbcatq.dll
2007-04-30 09:1944,544--a------C:\WINDOWS\system32\tscupgrd.exe
2007-04-30 09:19426,496--a------C:\WINDOWS\system32\msdtcprx.dll
2007-04-30 09:19407,552--a------C:\WINDOWS\system32\mstsc.exe
2007-04-30 09:1940,840--a------C:\WINDOWS\system32\drivers\termdd.sys
2007-04-30 09:194,096--a------C:\WINDOWS\system32\rdpcfgex.dll
2007-04-30 09:194,096--a------C:\WINDOWS\system32\mtxex.dll
2007-04-30 09:1938,912--a------C:\WINDOWS\system32\cfgbkend.dll
2007-04-30 09:19347,136--a------C:\WINDOWS\system32\hypertrm.dll
2007-04-30 09:19343,040--a------C:\WINDOWS\system32\mspaint.exe
2007-04-30 09:1933,792--a------C:\WINDOWS\system32\regini.exe
2007-04-30 09:19295,424--a------C:\WINDOWS\system32\termsrv.dll
2007-04-30 09:1925,600--a------C:\WINDOWS\system32\comaddin.dll
2007-04-30 09:1925,088--a------C:\WINDOWS\system32\mtxlegih.dll
2007-04-30 09:19225,792--a------C:\WINDOWS\system32\catsrv.dll
2007-04-30 09:1922,016--a------C:\WINDOWS\system32\qwinsta.exe
2007-04-30 09:1921,896--a------C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-30 09:1920,992--a------C:\WINDOWS\system32\msg.exe

5 of........

2007-04-30 09:1920,480--a------C:\WINDOWS\system32\qprocess.exe
2007-04-30 09:1920,480--a------C:\WINDOWS\system32\mtxdm.dll
2007-04-30 09:19196,864--a------C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-30 09:1919,968--a------C:\WINDOWS\system32\rdpsnd.dll
2007-04-30 09:19185,344--a------C:\WINDOWS\system32\cmprops.dll
2007-04-30 09:19183,808--a------C:\WINDOWS\system32\accwiz.exe
2007-04-30 09:1917,408--a------C:\WINDOWS\system32\mmfutil.dll
2007-04-30 09:19161,280--a------C:\WINDOWS\system32\msdtcuiu.dll
2007-04-30 09:1916,896--a------C:\WINDOWS\system32\tsshutdn.exe
2007-04-30 09:1916,896--a------C:\WINDOWS\system32\qappsrv.exe
2007-04-30 09:1916,384--a------C:\WINDOWS\system32\tskill.exe
2007-04-30 09:1915,872--a------C:\WINDOWS\system32\rwinsta.exe
2007-04-30 09:1915,872--a------C:\WINDOWS\system32\cdmodem.dll
2007-04-30 09:1915,360--a------C:\WINDOWS\system32\logoff.exe
2007-04-30 09:19147,968--a------C:\WINDOWS\system32\rdchost.dll
2007-04-30 09:19147,456--a------C:\WINDOWS\system32\comsnap.dll
2007-04-30 09:19140,800--a------C:\WINDOWS\system32\sessmgr.exe
2007-04-30 09:1914,848--a------C:\WINDOWS\system32\tsdiscon.exe
2007-04-30 09:1914,848--a------C:\WINDOWS\system32\tscon.exe
2007-04-30 09:1914,848--a------C:\WINDOWS\system32\shadow.exe
2007-04-30 09:19139,528--a------C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-30 09:19131,584--a------C:\WINDOWS\system32\sndrec32.exe
2007-04-30 09:1913,824--a------C:\WINDOWS\system32\rdsaddin.exe
2007-04-30 09:19126,976--a------C:\WINDOWS\system32\mshearts.exe
2007-04-30 09:19123,392--a------C:\WINDOWS\system32\mplay32.exe
2007-04-30 09:1912,040--a------C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-30 09:19119,808--a------C:\WINDOWS\system32\winmine.exe
2007-04-30 09:19114,688--a------C:\WINDOWS\system32\calc.exe
2007-04-30 09:19110,080--a------C:\WINDOWS\system32\clbcatex.dll
2007-04-30 09:1911,776--a------C:\WINDOWS\system32\xolehlp.dll
2007-04-30 09:1911,264--a------C:\WINDOWS\system32\icaapi.dll
2007-04-30 09:19102,912--a------C:\WINDOWS\system32\clipbrd.exe
2007-04-30 09:191,267,200--a------C:\WINDOWS\system32\comsvcs.dll
2007-04-30 09:191,161--a------C:\WINDOWS\system32\usrlogon.cmd
2007-04-30 09:19d--------C:\WINDOWS\system32\MsDtc
2007-04-30 09:19d--------C:\WINDOWS\system32\Com
2007-04-30 09:19d--------C:\Program Files\Windows NT

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 16:12:232,854,400----a-wC:\WINDOWS\system32\msi.dll
2007-04-09 12:27:0731,548----a-wC:\WINDOWS\system32\drivers\scdemu.sys
2007-03-17 13:43:01292,864----a-wC:\WINDOWS\system32\winsrv.dll
2007-03-14 09:27:58972,336----a-wC:\WINDOWS\UNRecode.exe
2007-03-14 09:19:5695,864----a-wC:\WINDOWS\system32\NeroCo.dll
2007-03-14 09:19:26972,336----a-wC:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 03:51:08972,336----a-wC:\WINDOWS\UNNeroMediaHome.exe
2007-03-08 15:36:28577,536----a-wC:\WINDOWS\system32\user32.dll
2007-03-08 15:36:2840,960----a-wC:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28281,600----a-wC:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:481,843,584----a-wC:\WINDOWS\system32\win32k.sys
2007-02-28 10:53:50972,336----a-wC:\WINDOWS\UNNeroVision.exe
2007-02-28 05:41:02972,336----a-wC:\WINDOWS\UNNeroShowTime.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{0F06680B-F18E-4EC3-8D73-FD6D8230B244}=C:\WINDOWS\system32\ddabb.dll []
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [2006-07-29 03:48]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2006-09-05 20:28]
"CloneCDElbyCDFL"="C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 16:33]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 C:\WINDOWS\system32\nvmctray.dll]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-29 19:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbxxu]
efcbxxu.dll

Contents of the 'Scheduled Tasks' folder
2007-05-20 05:40:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-29 23:38:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-29 23:39:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-29 23:39

--- E O FFirst, I'd like for you to download ERUNT and use it to backup your registry. This is very important!

I have attached a .zip file to this post. Save the file and extract it to your desktop. There are two files within it: remove.reg and remove.bat. Run/execute both files. This will only take a couple of seconds.

Once you have done that, go to Start > Run and type in regedit and click OK. I don't know how familiar you are with Regedit, so I'll try to make this simple. You will be faced with the following directories...
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG

Navigate to the following directory...
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer

In the right panel, there will be a set of registry keys. Locate the one named NoClose, right-click on it, and click on Modify. Under the Value Data, change the 1 to a 0. This should restore your Shut Down button. If you encounter any problems, use your ERUNT backup to restore your registry.

Update AVG and scan with it in Safe Mode again. Let it clean whatever it wants. Restart and post back with a new log and an update on how things are going.

[cleaning up - attachment deleted by admin]ok done all that exept the scan atm. so does the shutdown button come up straight away or do i have to reboot?
cause i havnt rebooted yet and it still hasnt shown up Dude you are a legend just rebooted and now i have my shut down button back thanks sooooo much. now how do i get rid of the rebooing problem?I'm glad I could get that working for you. Now let's try to figure out your rebooting problem.

Before you run your anti-virus scan, I want you to download AVG Anti-Rootkit and scan with that also (not at the same time). Its scan won't take as long as the anti-virus.

Also...

QUOTE from: imanidiot on May 29, 2007, 04:00:56 AM

im running avg 7 and adaware se and avg keep coming up with unwanted files so far here is wat follows
C;\WIndows\system32\csifmoml.ddl
ddyhokyt.dll
max1d1641.exe
protector.exe
ntio256.sys
all in the system32 file.
and then there are more in my temp folder

Do these files still show up in your scans or were they removed?

You may want to give SDFix a try. Download it and save it to your desktop. Then...

1. Open the extracted SDFix folder and double click RunThis.bat to start the script.
2. Type Y to begin the cleanup process.
3. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
4. Press any Key and it will restart the PC.
5. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to END the script and load your desktop icons.
6. Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Post back with this log along with the results of your scans.no those files have been removed and i did that new avg thing and it came up with no problems found.
here is the sdfix log file.

SDFix: Version 1.85

Run by Administrator - Wed 30/05/2007 - 21:39:58.92

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\-59809~1 - Deleted

Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Final Check:

REMAINING Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\backup\Downloads\Epic.Movie.DVDSCR.XviD-NEPTUNE.[www.torrentfive.com]\Sample\Thumbs.db
C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\backup\back up stuff\Installs\Microsoft Office Xp Pro (Word, Excel, Powerpoint, Outlook, Access, Frontpage)\MSDE2000\SQLRESLD.DLL
C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont *censored* It Up!!)\Downloads & Install Files\Messenger Plus! - Setup.exe
C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont *censored* It Up!!)\Downloads & Install Files\setup msn 6.1.exe
C:\Documents and Settings\Administrator\Desktop\BACKUP!!!!!!!!!!!!!!\Everything & Anything I Have On My Computer (All Sorted So Dont *censored* It Up!!)\Downloads & Install Files\vnc-4.0-x86_win32.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished
i will let you know if it rebbots again. thanks so much for your help. ur a legend!!!!!!!!!!!!!!!!!!! I'm glad I could be of some help. I'll keep my fingers crossed and hope the reboots have STOPPED. After all of this work, you should be clean now, so if the reboots persist, it might be related to a hardware issue.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.

Solve : Virus of sum sort????

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment