screen turns blue when start game

**dicez** · 29-12-2006

i just refomat my co puter 2days ago. however when i tried to play game today, the whole screen turned blue and the computer hang.

this is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:50:08 PM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\DOCUME~1\Candice\taskmgr.exe
C:\DOCUME~1\Jasper\taskmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Candice\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: WUSB54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe (file missing)

**Neal** · 29-12-2006

Scan with AVG anti-spyware and post the log, quarantine everything found.

Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..

**dicez** · 29-12-2006

when i did a AVG anti-spyware scan, there were no infections.

however, this is the log from bitdefender:

BitDefender Online Scanner
Scan report generated at: Sat, Dec 30, 2006 - 03:41:26
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;

Statistics
Time
00:24:03
Files
193992
Folders
2880
Boot Sectors
2
Archives
6595
Packed Files
20951

Results
Identified Viruses
1
Infected Files
42
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
41

Engines Info
Virus Definitions
363376
Engine build
AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes

Scanned File
Status

C:\WINDOWS\Screen Task.scr
Infected with: Trojan.Ciador.VB.A

C:\WINDOWS\Screen Task.scr
Disinfection failed

C:\WINDOWS\Screen Task.scr
Deleted

C:\Documents and Settings\Candice\Local Settings\Temp\Kill Brontok.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Candice\Local Settings\Temp\Kill Brontok.exe
Disinfection failed

C:\Documents and Settings\Candice\Local Settings\Temp\Kill Brontok.exe
Deleted

C:\Documents and Settings\Candice\taskmgr.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Candice\taskmgr.exe
Disinfection failed

C:\Documents and Settings\Candice\taskmgr.exe
Delete failed

C:\Documents and Settings\Jasper\Local Settings\Temp\Kill Brontok.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Jasper\Local Settings\Temp\Kill Brontok.exe
Disinfection failed

C:\Documents and Settings\Jasper\Local Settings\Temp\Kill Brontok.exe
Deleted

C:\Documents and Settings\Jasper\taskmgr.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Jasper\taskmgr.exe
Disinfection failed

C:\Documents and Settings\Jasper\taskmgr.exe
Deleted

C:\Documents and Settings\Marilynne\Local Settings\Temp\Kill Brontok.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Marilynne\Local Settings\Temp\Kill Brontok.exe
Disinfection failed

C:\Documents and Settings\Marilynne\Local Settings\Temp\Kill Brontok.exe
Deleted

C:\Documents and Settings\Marilynne\taskmgr.exe
Infected with: Trojan.Ciador.VB.A

C:\Documents and Settings\Marilynne\taskmgr.exe
Disinfection failed

C:\Documents and Settings\Marilynne\taskmgr.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001416.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001416.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001416.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001425.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001425.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001425.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001426.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001426.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001426.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001434.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001434.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001434.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001435.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001435.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001435.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001488.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001488.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001488.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001489.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001489.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP29\A0001489.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001511.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001511.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001511.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001512.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001512.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP30\A0001512.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001965.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001965.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001965.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001966.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001966.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001966.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001978.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001978.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001978.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001979.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001979.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001979.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001994.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001994.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001994.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001995.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001995.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0001995.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002009.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002009.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002009.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002010.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002010.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0002010.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003007.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003007.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003007.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003008.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003008.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0003008.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004009.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004009.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004009.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004010.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004010.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0004010.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005009.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005009.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005009.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005010.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005010.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0005010.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006009.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006009.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006009.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006010.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006010.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0006010.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007010.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007010.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007010.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007011.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007011.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0007011.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008009.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008009.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008009.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008010.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008010.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP32\A0008010.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008151.scr
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008151.scr
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008151.scr
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008152.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008152.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008152.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008153.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008153.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008153.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008154.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008154.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008154.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008155.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008155.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008155.exe
Deleted

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008156.exe
Infected with: Trojan.Ciador.VB.A

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008156.exe
Disinfection failed

C:\System Volume Information\_restore{537C4D31-D613-4D85-9A6A-E62B316183EA}\RP34\A0008156.exe
Deleted

**dicez** · 29-12-2006

this is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:43:26 AM, on 12/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\DOCUME~1\Candice\taskmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
D:\Utility\InfoMyCa.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\fscagent.exe
C:\WINDOWS\system32\grdmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Candice\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [MPS] C:\ACER\PSM.EXE
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPSON Stylus CX1500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3V 1.EXE /P26 "EPSON Stylus CX1500 Series" /O6 "USB001" /M "Stylus CX1500"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

**Neal** · 30-12-2006

Please download the Killbox by Option^Explicit.

Note:In the event you already have Killbox, this is a new version that I need you to download.

Save it to your desktop.
Please double-click Killbox.exe to run it.
Select
- "Delete on Reboot
- Then click on either the "All Files" button if there is more than 1 item to Delete.
Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\Documents and Settings\Candice\taskmgr.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

**dicez** · 30-12-2006

here's the log from combofix:

Candice - 06-12-31 2:15:20.40 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Candice\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-31 to 2006-12-31 ))))))))))))))))))))))))))))))))))

2006-12-31 02:13 22,987 -r-hs---- C:\Documents and Settings\Candice\taskmgr.exe
2006-12-30 17:25 <DIR> d-------- C:\!KillBox
2006-12-30 09:17 22,987 --a------ C:\WINDOWS\Screen Task.scr
2006-12-30 03:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-30 00:10 <DIR> d-------- C:\WINDOWS\system32\crc
2006-12-29 23:30 61,440 --a------ C:\WINDOWS\system32\nod.dll
2006-12-29 23:23 52,778 --a------ C:\WINDOWS\system32\ClubboxUninstall.exe
2006-12-29 23:18 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-12-29 19:25 <DIR> d--hs---- C:\FOUND.001
2006-12-29 19:25 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-29 19:19 <DIR> d--hs---- C:\FOUND.000
2006-12-29 02:12 <DIR> d-------- C:\Program Files\SpywareGuard
2006-12-29 02:08 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Lavasoft
2006-12-29 02:07 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-29 01:53 <DIR> d---s---- C:\Documents and Settings\Candice\UserData
2006-12-29 01:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-12-29 01:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-29 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-29 01:28 <DIR> d-------- C:\Program Files\Real Alternative
2006-12-29 01:28 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Real
2006-12-29 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Real
2006-12-29 00:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-12-29 00:28 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-12-28 22:50 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-12-28 22:49 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Macromedia
2006-12-28 16:27 <DIR> d-------- C:\Program Files\WinRAR
2006-12-28 14:57 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2006-12-28 14:06 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-28 14:05 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-12-28 14:05 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2006-12-28 14:05 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-28 14:05 <DIR> d-------- C:\e2a596663c48ef7ade5b5d
2006-12-28 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-28 13:56 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2006-12-28 13:56 <DIR> d-------- C:\Program Files\MSN Messenger
2006-12-28 13:56 <DIR> d-------- C:\Documents and Settings\Candice\Contacts
2006-12-28 13:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-28 13:55 <DIR> d-------- C:\Program Files\Grisoft
2006-12-28 13:49 <DIR> d--hs---- C:\Config.Msi
2006-12-28 12:52 <DIR> d-------- C:\WINDOWS\Options
2006-12-28 04:38 <DIR> d-------- C:\Program Files\WIZET
2006-12-28 04:27 <DIR> d-------- C:\WINDOWS\EPSON CardMonitor Essential
2006-12-28 04:26 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2006-12-28 04:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2006-12-28 04:25 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-28 04:24 98,304 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2006-12-28 04:24 79,654 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2006-12-28 04:24 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2006-12-28 04:24 24,576 -r------- C:\WINDOWS\system32\RSRC32.DLL
2006-12-28 04:24 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-12-28 04:24 1,312 -r------- C:\WINDOWS\system32\RSRC16.DLL
2006-12-28 04:24 <DIR> d-------- C:\WINDOWS\system32\EPScan6
2006-12-28 04:24 <DIR> d-------- C:\Program Files\EPSON
2006-12-28 04:24 <DIR> d-------- C:\Program Files\EPScan6
2006-12-28 02:19 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-12-28 02:19 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-12-28 02:19 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-12-28 02:19 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-12-28 02:19 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-12-28 02:19 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-12-28 02:19 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-12-28 02:19 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-12-28 02:19 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-12-28 02:19 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-12-28 02:19 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-12-28 02:19 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-12-28 02:19 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-12-28 02:19 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-12-28 02:19 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-12-28 02:19 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-12-28 02:19 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-12-28 02:19 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-12-28 02:18 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-12-28 02:18 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-12-28 02:18 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-12-28 02:18 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-12-28 02:18 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-12-28 02:18 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-12-28 02:11 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-12-28 02:04 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-12-28 02:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2006-12-28 01:58 <DIR> d-------- C:\WINDOWS\ShellNew
2006-12-28 01:58 <DIR> d-------- C:\Program Files\Microsoft Office
2006-12-28 01:58 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-12-28 01:58 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-12-28 01:44 79,616 -ra------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2006-12-28 01:32 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2006-12-28 01:32 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2006-12-28 01:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-28 01:27 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\AdobeUM
2006-12-28 01:27 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Adobe
2006-12-28 01:17 <DIR> d-------- C:\WINDOWS\system32\Lang
2006-12-28 01:15 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-28 01:15 200,704 --a------ C:\WINDOWS\system32\TVIcon.exe
2006-12-28 01:15 <DIR> dr-h----- C:\Documents and Settings\Candice\SendTo
2006-12-28 01:15 <DIR> dr-h----- C:\Documents and Settings\Candice\Recent
2006-12-28 01:15 <DIR> dr-h----- C:\Documents and Settings\Candice\Application Data\.
2006-12-28 01:15 <DIR> dr-h----- C:\Documents and Settings\Candice\Application Data
2006-12-28 01:15 <DIR> dr------- C:\Documents and Settings\Candice\Start Menu
2006-12-28 01:15 <DIR> dr------- C:\Documents and Settings\Candice\My Documents
2006-12-28 01:15 <DIR> dr------- C:\Documents and Settings\Candice\Favorites
2006-12-28 01:15 <DIR> d--h----- C:\Documents and Settings\Candice\Templates
2006-12-28 01:15 <DIR> d--h----- C:\Documents and Settings\Candice\PrintHood
2006-12-28 01:15 <DIR> d--h----- C:\Documents and Settings\Candice\NetHood
2006-12-28 01:15 <DIR> d--h----- C:\Documents and Settings\Candice\Local Settings
2006-12-28 01:15 <DIR> d---s---- C:\Documents and Settings\Candice\Cookies
2006-12-28 01:15 <DIR> d---s---- C:\Documents and Settings\Candice\Application Data\Microsoft
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\Desktop
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Symantec
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Sun
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\Identities
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\Application Data\..
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\..
2006-12-28 01:15 <DIR> d-------- C:\Documents and Settings\Candice\.
2006-12-28 01:10 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-12-28 01:08 <DIR> d--hs---- C:\Recycled
2006-12-28 01:03 241,664 --a------ C:\WINDOWS\system32\CreMan.exe
2006-12-28 01:03 <DIR> d-------- C:\Acer
2006-12-28 01:02 435,712 --a------ C:\WINDOWS\system32\creLink.exe
2006-12-28 00:58 9,728 --------- C:\WINDOWS\system\regsvr32.exe
2006-12-28 00:58 6,912 --a------ C:\WINDOWS\system32\drivers\NTIDrvr.sys
2006-12-28 00:58 1,024 -r-h----- C:\WINDOWS\system32\NTIMPEG2.dll
2006-12-28 00:58 1,024 -r-h----- C:\WINDOWS\system32\ntiembed.dll
2006-12-28 00:58 1,024 -r-h----- C:\WINDOWS\system32\NTICDMK32.dll
2006-12-28 00:58 <DIR> d-------- C:\WINDOWS\Vbox
2006-12-28 00:58 <DIR> d-------- C:\WINDOWS\system32\Iosubsys
2006-12-28 00:58 <DIR> d-------- C:\Program Files\NewTech Infosystems
2006-12-28 00:55 <DIR> d-------- C:\Program Files\Symantec
2006-12-28 00:55 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-28 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-12-28 00:53 <DIR> d-------- C:\Program Files\CyberLink
2006-12-28 00:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-28 00:52 <DIR> d-------- C:\Program Files\Java
2006-12-28 00:52 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-28 00:51 9,684,480 --a------ C:\WINDOWS\RTLCPL.EXE
2006-12-28 00:51 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-28 00:51 8,376,832 --------- C:\WINDOWS\RTHDCPL.exe
2006-12-28 00:51 77,824 --------- C:\WINDOWS\SoundMan.exe
2006-12-28 00:51 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-12-28 00:51 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-28 00:51 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-28 00:51 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-12-28 00:51 57,344 --a------ C:\WINDOWS\ALCMTR.EXE
2006-12-28 00:51 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-12-28 00:51 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-28 00:51 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-12-28 00:51 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-12-28 00:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-28 00:51 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-28 00:51 2,552,320 --------- C:\WINDOWS\ALCWZRD.EXE
2006-12-28 00:51 2,241,280 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2006-12-28 00:51 192,512 --a------ C:\WINDOWS\system32\RTCOMDLL.dll
2006-12-28 00:51 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-12-28 00:51 156,160 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2006-12-28 00:51 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-12-28 00:51 <DIR> d-------- C:\Program Files\Realtek
2006-12-28 00:50 <DIR> d-------- C:\Program Files\Intel
2006-12-28 00:49 <DIR> d--hs---- C:\System Volume Information
2006-12-28 00:49 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-12-28 00:49 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-28 00:49 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-12-28 00:49 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-28 00:49 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-28 00:49 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-28 00:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-28 00:46 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-12-28 00:46 <DIR> d-------- C:\Program Files\xerox
2006-12-28 00:46 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-28 00:45 0 -rahs---- C:\MSDOS.SYS
2006-12-28 00:45 0 -rahs---- C:\IO.SYS
2006-12-28 00:45 0 --a------ C:\CONFIG.SYS
2006-12-28 00:45 0 --a------ C:\AUTOEXEC.BAT
2006-12-28 00:45 <DIR> d-------- C:\WINDOWS\Cache
2006-12-28 00:45 <DIR> d-------- C:\Program Files\Adobe
2006-12-28 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-28 00:44 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-12-28 00:44 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-28 00:44 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-12-28 00:44 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-28 00:44 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-12-28 00:43 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-28 00:43 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-12-28 00:43 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-12-28 00:43 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-28 00:43 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-28 00:43 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-12-28 00:43 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-28 00:43 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-28 00:43 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-28 00:43 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-28 00:43 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-12-28 00:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-28 00:43 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-28 00:43 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-28 00:43 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-28 00:43 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-28 00:43 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-28 00:43 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-12-28 00:43 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-28 00:43 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-28 00:43 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-28 00:43 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-28 00:43 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-28 00:43 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-28 00:43 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-28 00:43 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-28 00:43 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-28 00:43 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-28 00:43 23,040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-12-28 00:43 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-28 00:43 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-28 00:43 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-28 00:43 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-28 00:43 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-28 00:43 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-28 00:43 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-28 00:43 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-12-28 00:43 128,896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-12-28 00:43 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-28 00:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-28 00:43 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-12-28 00:43 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-28 00:43 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-12-28 00:43 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-28 00:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-28 00:43 <DIR> d---s---- C:\WINDOWS\Tasks
2006-12-28 00:43 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-12-28 00:43 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-12-28 00:43 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-12-28 00:43 <DIR> d-------- C:\WINDOWS\srchasst
2006-12-28 00:43 <DIR> d-------- C:\WINDOWS\Registration
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Outlook Express
2006-12-28 00:43 <DIR> d-------- C:\Program Files\NetMeeting
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Movie Maker
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Internet Explorer
2006-12-28 00:43 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Common Files\System
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Common Files\Services
2006-12-28 00:43 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-12-28 00:42 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-28 00:42 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-28 00:42 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-28 00:42 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-28 00:42 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-28 00:42 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-28 00:42 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-28 00:42 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-28 00:42 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll
2006-12-28 00:42 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-28 00:42 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2006-12-28 00:42 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-28 00:42 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-28 00:42 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-28 00:42 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-28 00:42 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-28 00:42 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-28 00:42 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-28 00:42 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2006-12-28 00:42 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-28 00:42 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-28 00:42 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-28 00:42 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2006-12-28 00:42 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-28 00:42 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-28 00:42 55,296 --a------ C:\WINDOWS\system32\fxsevent.dll
2006-12-28 00:42 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-28 00:42 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-28 00:42 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-12-28 00:42 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-28 00:42 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-28 00:42 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-28 00:42 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-28 00:42 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2006-12-28 00:42 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-28 00:42 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-28 00:42 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-28 00:42 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-28 00:42 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2006-12-28 00:42 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-12-28 00:42 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-12-28 00:42 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-12-28 00:42 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2006-12-28 00:42 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-28 00:42 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-28 00:42 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-28 00:42 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-28 00:42 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-28 00:42 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2006-12-28 00:42 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-28 00:42 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2006-12-28 00:42 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2006-12-28 00:42 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2006-12-28 00:42 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-12-28 00:42 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-12-28 00:42 246,272 --a------ C:\WINDOWS\system32\fxst30.dll
2006-12-28 00:42 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll
2006-12-28 00:42 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll
2006-12-28 00:42 229,376 --a------ C:\WINDOWS\system32\fxscover.exe
2006-12-28 00:42 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-28 00:42 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-28 00:42 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-28 00:42 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-28 00:42 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-28 00:42 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-28 00:42 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-12-28 00:42 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-28 00:42 192,512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2006-12-28 00:42 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-28 00:42 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-28 00:42 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-28 00:42 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-28 00:42 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-28 00:42 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-28 00:42 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-28 00:42 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-28 00:42 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-28 00:42 154,112 --a------ C:\WINDOWS\system32\fxsui.dll
2006-12-28 00:42 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-28 00:42 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-12-28 00:42 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-28 00:42 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-28 00:42 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-12-28 00:42 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2006-12-28 00:42 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-28 00:42 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-28 00:42 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-28 00:42 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-28 00:42 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-28 00:42 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-28 00:42 132,608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2006-12-28 00:42 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-28 00:42 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-28 00:42 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-28 00:42 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-28 00:42 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-28 00:42 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-28 00:42 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-28 00:42 111,104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2006-12-28 00:42 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-28 00:42 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-28 00:42 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-28 00:42 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2006-12-28 00:42 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-28 00:42 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-28 00:42 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-12-28 00:42 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-12-28 00:42 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2006-12-28 00:42 <DIR> d-------- C:\WINDOWS\system32\Com
2006-12-28 00:42 <DIR> d-------- C:\Program Files\Windows NT
2006-12-28 00:42 <DIR> d-------- C:\Program Files\Windows Media Player
2006-12-28 00:42 <DIR> d-------- C:\Program Files\Online Services
2006-12-28 00:42 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-12-28 00:42 <DIR> d-------- C:\Program Files\MSN
2006-12-28 00:42 <DIR> d-------- C:\Program Files\Messenger
2006-12-28 00:41 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-12-28 00:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-28 00:40 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-12-28 00:39 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-12-28 00:39 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-12-28 00:39 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-12-28 00:38 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-12-28 00:38 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-12-28 00:38 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-12-28 00:38 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-12-28 00:38 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-12-28 00:38 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-12-28 00:38 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-12-28 00:38 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-12-28 00:38 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-12-28 00:38 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-12-28 00:38 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-12-28 00:38 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-12-28 00:38 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-12-28 00:38 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-12-28 00:38 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-12-28 00:38 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-12-28 00:38 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-12-28 00:38 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-12-28 00:38 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-12-28 00:38 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-12-28 00:38 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-12-28 00:38 <DIR> dr------- C:\Program Files\Common Files\..
2006-12-28 00:38 <DIR> dr------- C:\Program Files\.
2006-12-28 00:38 <DIR> dr------- C:\Program Files
2006-12-28 00:38 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-12-28 00:38 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-12-28 00:38 <DIR> d--hs---- C:\WINDOWS\Installer
2006-12-28 00:38 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-12-28 00:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-12-28 00:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-12-28 00:38 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-12-28 00:38 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-12-28 00:38 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-28 00:38 <DIR> d-------- C:\Program Files\Common Files\.
2006-12-28 00:38 <DIR> d-------- C:\Program Files\Common Files
2006-12-28 00:38 <DIR> d-------- C:\Program Files\..
2006-12-28 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-12-28 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-12-28 00:37 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-12-28 00:37 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-12-28 00:37 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-12-28 00:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-12-28 00:37 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-12-28 00:37 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-12-28 00:37 <DIR> d-------- C:\Documents and Settings
2006-12-28 00:36 <DIR> d-------- C:\DRV
2006-12-28 00:34 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2006-12-28 00:34 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-12-28 00:34 <DIR> dr------- C:\WINDOWS\Web
2006-12-28 00:34 <DIR> d--h----- C:\WINDOWS\inf
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\WinSxS
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\twain_32
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Temp
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\wins
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\spool
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\ras
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\npp
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\mui
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\IME
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\ias
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\export
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\config
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\3076
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\2052
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1054
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1042
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1041
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1037
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1033
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1031
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1028
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\1025
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\..
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32\.
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system32
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system\..
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system\.
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\system
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\security
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Resources
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\repair
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Provisioning
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\PeerNet
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\pchealth
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\mui
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\msapps
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\msagent
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Media
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\java
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\ime
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Help
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Debug
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Cursors
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\Config
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\AppPatch
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\addins
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\..
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS\.
2006-12-28 00:34 <DIR> d-------- C:\WINDOWS
2006-12-22 01:14 1,220,608 --a------ C:\WINDOWS\system32\ClubBox.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.ex e"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"MPS"="C:\\ACER\\PSM.EXE"
"Alaunch"="C:\\Windows\\alaunch.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG .EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINT LGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT \\TINTSETP.EXE /IMEName"
"EPSON Stylus CX1500 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I3V1.EXE /P26 \"EPSON Stylus CX1500 Series\" /O6 \"USB001\" /M \"Stylus CX1500\""
"AGRSMMSG"="AGRSMMSG.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00 ,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00 ,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00 ,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]
"Task"="C:\\DOCUME~1\\Candice\\taskmgr.exe"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-12-31 2:15:50.84
C:\ComboFix3.txt ... 06-12-30 17:28
C:\ComboFix2.txt ... 06-12-30 17:31
C:\ComboFix.txt ... 06-12-31 02:15

**Neal** · 30-12-2006

How are things working now?

If still experienceing problems do the below:

Download, install and scan with the 15-day free trial of Sunbelt CounterSpy.
CounterSpy User Guide.
1. When Counterspy completes its scan, the "Scan Results" box will appear.
2. Click on "View Results".
3.Under (Recommended Action), using the drop down menu arrows at the side of each entry found, set EVERYTHING to "Remove".
4. Click on "Take Action".
5. Once everything has been removed, click on "View Details".
6. Copy and Paste the details into a text document and save it to your desktop.
7. Exit Counterspy and post the results in your next reply and a new hijackthis log.

Also i do not see a firewall or anti-virus program get those now also. AVG anti-spyware is not enough protection.

One of each: They are free

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Kerio
http://www.sunbelt-software.com/Kerio.cfm

Zone Labs Personal Firewall:
Zone Labs

post counterspy log please.

**dicez** · 31-12-2006

hmm... i now get a pop up asking me to look for C:\Documents and Settings\Candice\taskmgr.exe whenever i start up my com...

other than that... there isn't seems to be any problem...

**Neal** · 31-12-2006

Sounds fishy to me, taskmgr.exe should only occur in system32 folder not anywhere else. Does it popup all the time? Or just once.

Go ahead and do the counterspy thing suggested above, the program is very good at getting rid of junk in the registry and is easily uninstalled.

**dicez** · 01-01-2007

ok... i think that problem is solved... no more pop-ups of that...

howver... i'm not able to start my account... i have already post it in a new thread....

screen turns blue when start game

screen turns blue when start game

Similar Threads

I need URGENT HELP please! Windows won't start! =Blue Screen=

XP start up proplem blue screen

Blue error screen..XP won't start

Computer turns off and on off and on with no start screen

Game Crashes then Blue Screen error appears