Microsoft Visual C++ Runtime Library: Buffer Overrun detected!

**zoojaff** · 24-05-2007

Hi there,

I found this message board while roaming Google in hope of finding a solution for the problem message I have been receiving entitled in the Threads title. The program that the buffer overrun is occuring in is explorer.exe. I have AVG 7.5 free edition, Adaware SE Pro and Spybot Search and Destroy but none of them have picked anything up. I also ran a Hijackthis scan and the results are below:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:23:42 p.m., on 24/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\TIMNEWTJ\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1EB53F98-7276-43E3-A32E-DEA0935FBA88} - C:\WINDOWS\system32\jkkjkjh.dll
O2 - BHO: (no name) - {281C8E66-7571-4D47-BB70-66E567930805} - C:\WINDOWS\system32\kpamrdos.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7DBDFCFC-6D87-417A-84FB-05F042D34006} - C:\WINDOWS\system32\vtutu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\saepyqvj.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178076567921
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178272585218
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.2.cab
O20 - Winlogon Notify: jkkjkjh - C:\WINDOWS\SYSTEM32\jkkjkjh.dll
O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10234 bytes

I do not know what any of this means as I am pretty much useless when it comes to anything of this sort. Any suggestions or help you would be able to provide me with will be very much appreciated! Thanks in advace.

**VopThis** · 25-05-2007

Please uninstall the BETA version of HijackThis and install the version as per instructions found here:

http://www.d-a-l.com/help/showthread.php?t=32403

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**zoojaff** · 25-05-2007

Okay, I have installed version 1.99 of Hijackthis and ran combofix and here are the results:

"user" - 2007-05-25 11

20 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Documents and Settings\user\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))

C:\WINDOWS\system32\saepyqvj.dll
C:\WINDOWS\system32\ufgcswdl.dll
C:\WINDOWS\system32\mljghge.dll
C:\WINDOWS\system32\jvqypeas.ini
C:\WINDOWS\system32\ldwscgfu.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.bak1
C:\WINDOWS\system32\ututv.bak2
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\jkkjkjh.dll
C:\WINDOWS\system32\vtutu.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\WINDOWS\updtask.txt"
"C:\WINDOWS\updtask1.txt"
"C:\WINDOWS\system32\drivers\sfsync02.sys"

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_SFSYNC02
-------\sfsync02

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))

2007-05-25 11:57 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-05-23 18:46 <DIR> d-------- C:\Program Files\Absolute Poker
2007-05-23 18:46 <DIR> d-------- C:\Program Files\_uninstallation_info
2007-05-21 14:49 <DIR> d-------- C:\Program Files\Real
2007-05-21 14:49 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-05-21 14:35 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-05-21 14:35 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-05-21 14:35 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-05-21 14:35 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-05-21 14:35 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-05-21 14:35 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-05-21 11:23 <DIR> d-------- C:\Program Files\Common Files\Real
2007-05-21 11:22 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Real
2007-05-21 11:19 <DIR> d-------- C:\My Downloads
2007-05-18 18:58 298,496 --a------ C:\WINDOWS\uninst.exe
2007-05-18 18:47 <DIR> d-------- C:\DOCUME~1\user\WINDOWS
2007-05-18 11:37 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-05-16 00:43 89,288 --a------ C:\DOCUME~1\user\APPLIC~1\errorsafefreeinstallw[1].exe
2007-05-15 19:52 <DIR> d-------- C:\Program Files\PKR
2007-05-15 01:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-15 01:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-05-15 00:55 1,048,576 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 00:13 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-05-14 23:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-14 22:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-14 22:42 <DIR> d-------- C:\DOCUME~1\user\.housecall6.6
2007-05-14 16:29 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Download Manager
2007-05-14 15:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-14 15:43 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Lavasoft
2007-05-13 17:50 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-05-13 17:50 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-05-13 17:50 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-13 17:50 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-05-13 17:50 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-05-13 17:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-05-13 17:50 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-05-13 17:50 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2007-05-13 17:50 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2007-05-13 17:50 <DIR> d-------- C:\Program Files\AVSMedia
2007-05-13 16:35 <DIR> d-------- C:\Program Files\Common Files\BitCtrl
2007-05-13 16:33 <DIR> d-------- C:\DECCHECK
2007-05-13 16:18 <DIR> d-------- C:\WINDOWS\system32\BWKDLogs
2007-05-13 16:18 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-05-13 16:17 <DIR> d-------- C:\Program Files\Kodak
2007-05-13 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak
2007-05-13 16:10 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-05-13 16:10 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-05-13 16:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-13 15:41 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\SlySoft
2007-05-13 15:39 <DIR> d-------- C:\Program Files\SlySoft
2007-05-13 15:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-05-13 15:31 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-05-12 09:36 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-11 21:05 <DIR> d-------- C:\games
2007-05-11 20:55 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-05-11 20:55 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-05-11 20:55 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-05-11 20:55 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-05-11 20:55 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-05-11 20:26 <DIR> d-------- C:\Program Files\Ubisoft
2007-05-11 18:31 <DIR> d-------- C:\Program Files\CarbonPoker
2007-05-09 14:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-05-09 14:03 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-05-09 13:39 <DIR> d-------- C:\Program Files\Sierra
2007-05-08 22:42 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-05-08 14:30 <DIR> d-------- C:\WINDOWS\NV12883136.TMP
2007-05-08 14:30 <DIR> d-------- C:\NVIDIA
2007-05-08 11:38 <DIR> d-------- C:\Program Files\Dreamcatcher
2007-05-05 17:28 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-05 09:54 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-05-04 21:51 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-05-04 21:50 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-04 21:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-05-04 21:40 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-05-04 11:42 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\DivX
2007-05-04 11:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-05-04 11:41 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-05-04 11:41 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-05-04 11:41 <DIR> d-------- C:\Program Files\DivX
2007-05-04 11:11 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-05-04 11:11 171,008 --a------ C:\WINDOWS\system32\LXADSUI.DLL
2007-05-03 16:05 <DIR> d-------- C:\DOCUME~1\user\Contacts
2007-05-03 16:04 <DIR> d-------- C:\Program Files\MSN Messenger
2007-05-03 09:50 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-03 09:50 <DIR> d-------- C:\Fraps
2007-05-03 09:03 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-03 08:21 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-05-03 08:21 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-05-03 08:20 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2007-05-03 08:20 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2007-05-03 08:20 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-05-03 08:20 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-05-03 08:18 <DIR> d-------- C:\Program Files\Futuremark
2007-05-03 06:04 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-03 06:04 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-05-03 06:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-05-03 06:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-05-03 06:02 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-05-03 06:02 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-05-03 06:02 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-05-03 06:02 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-05-03 06:02 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-05-03 06:02 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-05-03 06:02 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-05-03 06:02 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-05-03 06:01 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-03 06:01 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-03 06:01 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-03 06:01 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-02 23:01 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-02 23:01 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-02 23:01 606,684 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2007-05-02 23:01 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-02 23:01 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-02 23:01 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-02 23:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-02 23:01 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2007-05-02 23:00 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-02 23:00 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-02 23:00 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-02 23:00 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-02 23:00 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-02 23:00 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-02 23:00 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-02 23:00 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-02 23:00 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-02 23:00 69,120 --a------ C:\WINDOWS\notepad.exe
2007-05-02 23:00 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-02 23:00 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-02 23:00 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-02 23:00 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-02 23:00 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-02 23:00 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-02 23:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-02 23:00 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-02 23:00 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-02 23:00 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-02 23:00 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-02 23:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-02 23:00 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-02 23:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-02 23:00 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-02 23:00 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-02 23:00 <DIR> dr------- C:\Program Files
2007-05-02 23:00 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-02 23:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-02 23:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-02 23:00 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-02 23:00 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-02 22:59 <DIR> d-------- C:\Documents and Settings
2007-05-02 22:56 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-02 22:56 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-02 22:56 <DIR> dr------- C:\WINDOWS\Web
2007-05-02 22:56 <DIR> d--h----- C:\WINDOWS\inf
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system32
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\system
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\security
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Resources
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\repair
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\mui
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\msapps
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\msagent
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Media
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\ime
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Help
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Debug
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\Config
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS\addins
2007-05-02 22:56 <DIR> d-------- C:\WINDOWS
2007-05-02 21:47 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Google
2007-05-02 21:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-02 21:45 <DIR> d-------- C:\Program Files\Google
2007-05-02 21:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-02 20:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-05-02 19:07 <DIR> d--hs---- C:\RECYCLER
2007-05-02 18:51 <DIR> d-------- C:\Program Files\iTunes
2007-05-02 18:51 <DIR> d-------- C:\Program Files\iPod
2007-05-02 18:51 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Apple Computer
2007-05-02 18:50 <DIR> d-------- C:\Program Files\QuickTime
2007-05-02 18:50 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-02 18:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-02 18:36 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-02 18:35 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-02 18:35 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-02 18:35 <DIR> d-------- C:\52b1a258ba498bd5fd3e70
2007-05-02 18:02 <DIR> d-------- C:\Program Files\Steam
2007-05-02 18:02 <DIR> d-------- C:\DOCUME~1\user\APPLIC~1\Logitech
2007-05-02 18:01 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-05-02 18:01 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2007-05-02 18:01 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2007-05-02 18:01 28,176 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2007-05-02 18:01 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-05-02 18:01 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-05-02 18:01 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-05-02 18:01 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-05-02 18:01 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-05-02 18:01 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2007-05-02 18:01 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-05-02 18:01 <DIR> d-------- C:\Program Files\Logitech
2007-05-02 18:01 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-05-02 18:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-02 17:55 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-05-02 17:55 <DIR> d-------- C:\Program Files\Codemasters
2007-05-02 17:45 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-05-02 17:45 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-05-02 16:40 <DIR> d-------- C:\Program Files\MadOnion.com
2007-05-02 16:37 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-02 16:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-02 16:25 <DIR> d-------- C:\WINDOWS\provisioning
2007-05-02 16:25 <DIR> d-------- C:\WINDOWS\peernet
2007-05-02 16:22 <DIR> d-------- C:\WINDOWS\EHome
2007-05-02 16:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-05-02 16:20 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-05-02 16:01 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-02 15:47 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-05-02 15:47 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-05-02 15:47 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-05-02 15:47 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-05-02 15:47 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-05-02 15:47 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-05-02 15:47 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-05-02 15:47 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-05-02 15:47 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-05-02 15:47 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-05-02 15:47 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-05-02 15:47 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-05-02 15:47 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-05-02 15:47 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-05-02 15:47 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-05-02 15:47 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-05-02 15:47 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-05-02 15:47 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-05-02 15:47 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-05-02 15:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-05-02 15:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-05-02 15:46 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-05-02 15:42 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-05-02 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-02 15:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-02 15:35 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-02 15:35 <DIR> d-------- C:\WINDOWS\system32\bits
2007-05-02 15:34 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-05-02 15:34 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-05-02 15:34 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-02 15:34 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-02 15:31 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-02 15:31 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-05-02 15:31 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-02 15:31 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-05-02 15:31 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-02 15:31 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-02 15:29 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-05-02 15:29 <DIR> d--hs---- C:\DOCUME~1\user\UserData
2007-05-02 15:29 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-02 15:29 <DIR> d-------- C:\WINDOWS\nview
2007-05-02 15:28 5,306 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-05-02 15:28 <DIR> d-------- C:\Program Files\Vtune
2007-05-02 15:18 93,824 -ra------ C:\WINDOWS\system32\drivers\aeaudio.sys
2007-05-02 15:18 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-02 15:18 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-05-02 15:18 65,536 -ra------ C:\WINDOWS\system32\a3d.dll
2007-05-02 15:18 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-02 15:18 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-02 15:18 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-02 15:18 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-02 15:18 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-05-02 15:18 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-02 15:18 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-02 15:18 392,960 -ra------ C:\WINDOWS\system32\drivers\senfilt.sys
2007-05-02 15:18 247,296 -ra------ C:\WINDOWS\system32\drivers\ADIHdAud.sys
2007-05-02 15:18 24,064 -ra------ C:\WINDOWS\system32\PostProc.dll
2007-05-02 15:18 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-02 15:18 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-02 15:18 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-02 15:18 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-02 15:17 53,248 --------- C:\WINDOWS\system32\wdmioctl.dll
2007-05-02 15:17 49,152 --a------ C:\WINDOWS\system32\DSndUp.exe
2007-05-02 15:17 45,056 --------- C:\WINDOWS\system32\CleanUp.exe
2007-05-02 15:17 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-02 15:17 1,285,632 --------- C:\WINDOWS\system32\SMMedia.dll
2007-05-02 15:17 <DIR> d-------- C:\Program Files\Analog Devices
2007-05-02 15:13 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2007-05-02 15:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-02 15:10 57,856 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-05-02 15:10 486,400 -ra------ C:\WINDOWS\system32\AsusSetup.exe
2007-05-02 15:10 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-05-02 15:10 363,008 -ra------ C:\WINDOWS\system32\idecoiins.dll
2007-05-02 15:10 363,008 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-05-02 15:10 35,840 -ra------ C:\WINDOWS\system32\nvconrm.dll
2007-05-02 15:10 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2007-05-02 15:10 261,632 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-05-02 15:10 208,896 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-05-02 15:10 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-05-02 15:10 208,896 --------- C:\WINDOWS\system32\nvuide.exe
2007-05-02 15:10 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2007-05-02 15:10 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll
2007-05-02 15:10 20,480 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-05-02 15:10 110,592 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-05-02 15:10 11,264 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2007-05-02 15:10 11,264 -ra------ C:\WINDOWS\system32\bdco1.dll
2007-05-02 15:10 105,344 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2007-05-02 15:10 1,160,448 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-05-02 15:10 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-02 15:10 <DIR> d-------- C:\WINDOWS\NV18721876.TMP
2007-05-02 15:10 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-05-02 15:10 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-02 15:09 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-05-02 15:09 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-05-02 15:08 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-02 15:08 3,670,016 --ah----- C:\DOCUME~1\user\NTUSER.DAT
2007-05-02 15:08 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-02 15:08 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-02 15:08 <DIR> d--hs---- C:\System Volume Information
2007-05-02 15:05 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-02 15:05 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-02 15:05 0 -rahs---- C:\MSDOS.SYS
2007-05-02 15:05 0 -rahs---- C:\IO.SYS
2007-05-02 15:05 0 --a------ C:\CONFIG.SYS
2007-05-02 15:05 0 --a------ C:\AUTOEXEC.BAT
2007-05-02 15:05 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-02 15:05 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-02 15:05 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-02 15:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-02 15:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-02 15:04 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-02 15:04 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-02 15:04 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-02 15:04 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-02 15:04 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-02 15:04 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-02 15:04 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-02 15:04 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-02 15:04 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-02 15:04 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-02 15:04 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-02 15:04 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-02 15:04 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-02 15:04 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-02 15:04 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-02 15:04 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-02 15:04 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-02 15:04 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-02 15:04 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-02 15:04 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-02 15:04 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-02 15:04 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-02 15:04 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-02 15:04 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-02 15:04 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-02 15:04 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-02 15:04 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-02 15:04 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-02 15:04 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-02 15:04 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-02 15:04 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-02 15:04 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-02 15:04 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-02 15:04 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-02 15:04 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-02 15:04 <DIR> d-------- C:\WINDOWS\PCHealth
2007-05-02 15:04 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-02 15:04 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-02 15:03 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-02 15:03 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-02 15:03 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-02 15:03 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-02 15:03 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-02 15:03 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-02 15:03 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-02 15:03 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-02 15:03 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-02 15:03 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-02 15:03 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-02 15:03 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-02 15:03 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-02 15:03 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-02 15:03 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-02 15:03 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-02 15:03 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-02 15:03 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-02 15:03 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-02 15:03 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-02 15:03 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-02 15:03 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-02 15:03 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-02 15:03 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-02 15:03 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-02 15:03 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-02 15:03 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-02 15:03 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-02 15:03 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-02 15:03 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-02 15:03 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-02 15:03 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-02 15:03 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-02 15:03 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-02 15:03 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-02 15:03 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-02 15:03 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-02 15:03 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-02 15:03 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-02 15:03 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-02 15:03 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-02 15:03 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-02 15:03 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-02 15:03 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-02 15:03 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-02 15:03 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-02 15:03 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-02 15:03 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-02 15:03 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-02 15:03 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-02 15:03 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-02 15:03 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-02 15:03 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-02 15:03 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-02 15:03 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-02 15:03 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-02 15:03 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-02 15:03 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-02 15:03 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-02 15:03 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-02 15:03 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-02 15:03 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-02 15:03 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-02 15:03 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-02 15:03 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-02 15:03 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-02 15:03 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-02 15:03 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-02 15:03 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-02 15:03 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-02 15:03 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-02 15:03 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-02 15:03 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-02 15:03 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-02 15:03 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-02 15:03 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-02 15:03 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-02 15:03 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-02 15:03 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-02 15:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-02 15:03 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-02 15:03 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-02 15:03 <DIR> d-------- C:\WINDOWS\Registration
2007-05-02 15:03 <DIR> d-------- C:\Program Files\Windows NT
2007-05-02 15:03 <DIR> d-------- C:\Program Files\Online Services
2007-05-02 15:03 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-02 15:03 <DIR> d-------- C:\Program Files\Messenger
2007-05-02 15:02 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-02 15:02 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-02 14:33 124,472 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-05-02 14:33 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2007-05-23 06:46:55 -------- d-----w C:\Program Files\_uninstallation_info
2007-05-11 09:05:47 11,973 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 05:27:14 40,960 ----a-w C:\WINDOWS\system32\frapsvid.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{281C8E66-7571-4D47-BB70-66E567930805}=C:\WINDOWS\system32\kpamrdos.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-07-20 17:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12]
"Gainward"="C:\Program Files\Vtune\TBPanel.exe" [2006-09-13 10:16]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2006-10-22 12:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-05-21 12:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-21 14:49]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 19:56]
"Steam"="c:\program files\steam\steam.exe" [2007-05-02 18:04]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wincqt32]
wincqt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

Contents of the 'Scheduled Tasks' folder
2007-05-18 00:46:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-05-13 04:13:21 C:\WINDOWS\tasks\EasyShare Registration Task.job

************************************************** ******************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 11:58:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ******************

Completion time: 2007-05-25 11:59:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-25 11:59

--- E O F ---

And here are the results of Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 12:15:46 p.m., on 25/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Vtune\TBPanel.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trademe.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {281C8E66-7571-4D47-BB70-66E567930805} - C:\WINDOWS\system32\kpamrdos.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\user\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1178076567921
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1178272585218
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.2.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**VopThis** · 25-05-2007

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to the words Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update successful message.
- Click on Scanner on the toolbar at top of this screen.
- Click on the Settings tab.
  - Under How to act?
    - Click on Recommended Action and choose Quarantine from the popup menu.
  - Under How to scan?
    - All checkboxes should be ticked.
  - Under Possibly unwanted software:
    - All checkboxes should be ticked.
  - Under Reports:
    - Select Automatically generate report after every scan and uncheck Only if threats were found.
  - Under What to scan?
    - Select Scan every file.
- Close AVG Anti-Spyware without running yet.

Now disable (turn off AVG Anti-Spyware)

Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update AVG Anti-Spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Note: If AVG Anti-Spyware screen does not fit your monitor screen Hold down the Alt button on keyboard then tap spacebar, menu should pop up then choose maximize. AVG Anti-Spyware screen should now fit to the screen a lot better.

Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.

IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button.(3)

When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop. I will need you to post this in your next reply.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.

Tell us how your PC is now doing.

**zoojaff** · 25-05-2007

Heya, the error message has not appeared since I ran ComboFix. Here is the log from AVG Ant-Spyware:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:24:31 p.m. 25/05/2007

+ Scan result:

C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP173\A0010235.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP179\A0011166.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\jkkjkjh.dl l.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\mljghge.dl l.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP180\A0011286.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP180\A0011291.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP165\A0009658.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{83C3FBE7-72FA-419B-9E90-7CFBA65DBAAB}\RP162\A0009445.exe -> Downloader.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Application Data\errorsafefreeinstallw[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@nba.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\user\Cookies\user@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@4.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\user\Cookies\user@gde.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\user\Cookies\user@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\user\Cookies\user@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\user\Cookies\user@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\user\Cookies\user@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@e-2dj6wfkiamc5okp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\user\Cookies\user@e-2dj6wjmioidpago.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\user\Cookies\user@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\user\Cookies\user@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\user\Cookies\user@www.paypal[1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\user\Cookies\user@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\user\Cookies\user@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\user\Cookies\user@real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\user\Cookies\user@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\user\Cookies\user@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\user\Cookies\user@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\user\Cookies\user@toplist[1].txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user\Cookies\user@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\user\Cookies\user@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\user\Desktop\IGN\CloneCD v5.3.0.0\crack\Patch.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).

::Report end

So far everythings looking great =D

Microsoft Visual C++ Runtime Library: Buffer Overrun detected!

Microsoft Visual C++ Runtime Library: Buffer Overrun detected!

Similar Threads

Runtime Library Microsoft Visual C++. Runtime Error Program (RESOLVED)

Microsoft Visual C++ Runtime Library Runtime Error. Please Help!

Microsoft Visual c++ runtime library

Microsoft Visual C++ Runtime Library : Runtime Error (Resolved)

Microsoft Visual Runtime Library Buffer Overrun