MyPCHell.com - Resurrecting PCs One At A Time

Latest posts of: amin30b

My PC Hell Forum

November 23, 2008, 09:50:44 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Moving to New Location Soon! Watch out for notification. 14th Dec 2007.

Home

Help

Search

Calendar

Login

Register

Show Posts
Pages: [1]

1	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 18, 2008, 04:59:18 PM
Yes , I would, but without unusual reboot action

2	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 18, 2008, 04:55:08 PM
Not really , avast antivirus doesn`t load in startup but it seems that it is active on pc because I couldn`t run some exe files like keygen files . Yes system is normal after new manually reboot but still with the box .

3	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 18, 2008, 04:26:20 PM
Wow , this time there is an unusual treatment between Combo-Fix and my PC . When combo fix starts it would create log file before reboot system and after loading log.txt file on screen ,suddenly my PC will reboot abnormally ! While when Windows is loading again , it asks me to check hard drives and fix them , also in startup appears this message : The system has recovered from a serious error . I prefer reinstall Windows on my PC , what do you offer Essexboy ?

4	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 06:01:50 PM
This is my fix.reg file : http://www.savefile.com/files/1510582 Is it true ?

5	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 05:58:17 PM
Oh , I forgot run fix.reg again and html loading problem was solved only via vbs file ! Again I can`t run fix.reg file and I receive same error

6	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 05:45:49 PM
Excellent ! HTML files loading is omitted Now the only bad problem is startup tiny window : Is there any solution for it ?

7	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 10:39:06 AM
Continue of ComboFix : Code: - 2001-08-23 13:00:00 57,398 ----a-w C:\WINDOWS\system32\dllcache\imjpdadm.exe + 2001-08-23 12:00:00 57,398 ----a-w C:\WINDOWS\system32\dllcache\imjpdadm.exe - 2007-09-20 05:35:32 81,976 ----a-w C:\WINDOWS\system32\dllcache\imjpdct.dll + 2007-09-20 04:35:32 81,976 ----a-w C:\WINDOWS\system32\dllcache\imjpdct.dll - 2004-08-03 22:31:54 307,257 ----a-w C:\WINDOWS\system32\dllcache\imjpdct.exe + 2004-08-03 21:31:54 307,257 ----a-w C:\WINDOWS\system32\dllcache\imjpdct.exe - 2007-09-20 05:35:32 155,705 ----a-w C:\WINDOWS\system32\dllcache\imjpdsvr.exe + 2007-09-20 04:35:32 155,705 ----a-w C:\WINDOWS\system32\dllcache\imjpdsvr.exe - 2007-09-20 05:35:32 196,665 ----a-w C:\WINDOWS\system32\dllcache\imjpinst.exe + 2007-09-20 04:35:32 196,665 ----a-w C:\WINDOWS\system32\dllcache\imjpinst.exe - 2007-09-20 05:35:32 208,952 ----a-w C:\WINDOWS\system32\dllcache\imjpmig.exe + 2007-09-20 04:35:32 208,952 ----a-w C:\WINDOWS\system32\dllcache\imjpmig.exe - 2007-09-20 05:35:32 233,527 ----a-w C:\WINDOWS\system32\dllcache\imjprw.exe + 2007-09-20 04:35:32 233,527 ----a-w C:\WINDOWS\system32\dllcache\imjprw.exe - 2001-08-23 13:00:00 45,109 ----a-w C:\WINDOWS\system32\dllcache\imjpuex.exe + 2001-08-23 12:00:00 45,109 ----a-w C:\WINDOWS\system32\dllcache\imjpuex.exe - 2007-09-20 05:35:34 262,200 ----a-w C:\WINDOWS\system32\dllcache\imjputy.exe + 2007-09-20 04:35:34 262,200 ----a-w C:\WINDOWS\system32\dllcache\imjputy.exe - 2007-09-20 05:35:34 274,489 ----a-w C:\WINDOWS\system32\dllcache\imjputyc.dll + 2007-09-20 04:35:34 274,489 ----a-w C:\WINDOWS\system32\dllcache\imjputyc.dll - 2001-08-23 13:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\imkrinst.exe + 2001-08-23 12:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\imkrinst.exe - 2004-08-03 22:32:28 102,456 ----a-w C:\WINDOWS\system32\dllcache\imlang.dll + 2004-08-03 21:32:28 102,456 ----a-w C:\WINDOWS\system32\dllcache\imlang.dll - 2004-08-03 22:31:50 59,392 ----a-w C:\WINDOWS\system32\dllcache\imscinst.exe + 2004-08-03 21:31:50 59,392 ----a-w C:\WINDOWS\system32\dllcache\imscinst.exe - 2001-08-23 13:00:00 471,102 ----a-w C:\WINDOWS\system32\dllcache\imskdic.dll + 2001-08-23 12:00:00 471,102 ----a-w C:\WINDOWS\system32\dllcache\imskdic.dll - 2001-08-23 13:00:00 315,452 ----a-w C:\WINDOWS\system32\dllcache\imskf.dll + 2001-08-23 12:00:00 315,452 ----a-w C:\WINDOWS\system32\dllcache\imskf.dll - 2007-09-20 05:33:22 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2001-08-23 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101.dll - 2001-08-23 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101a.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101a.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101b.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd101c.dll + 2001-08-17 11:25:56 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbd103.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd106.dll - 2001-08-23 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd106n.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbd106n.dll - 2001-08-23 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdax2.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdax2.dll - 2001-08-23 13:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\kbdibm02.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\kbdibm02.dll + 2001-08-17 19:06:18 8,704 ----a-w C:\WINDOWS\system32\dllcache\kbdjpn.dll + 2001-08-17 19:06:18 8,192 ----a-w C:\WINDOWS\system32\dllcache\kbdkor.dll - 2001-08-23 13:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\kbdlk41a.dll + 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\kbdlk41a.dll - 2001-08-23 13:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdlk41j.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdlk41j.dll - 2001-08-23 13:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\kbdnec95.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\kbdnec95.dll - 2001-08-23 13:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\kbdnecat.dll + 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\kbdnecat.dll - 2001-08-23 13:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\kbdnecnt.dll + 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\kbdnecnt.dll - 2001-08-23 13:00:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\korwbrkr.dll + 2001-08-23 12:00:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\korwbrkr.dll - 2004-08-03 18:30:58 181,248 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys + 2007-12-18 09:51:36 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys - 2001-08-23 13:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\msir3jp.dll + 2001-08-23 12:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\msir3jp.dll - 2001-08-23 13:00:00 229,439 ----a-w C:\WINDOWS\system32\dllcache\multibox.dll + 2001-08-23 12:00:00 229,439 ----a-w C:\WINDOWS\system32\dllcache\multibox.dll - 2004-08-03 22:32:12 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll + 2004-08-03 21:32:12 15,872 ----a-w C:\WINDOWS\system32\dllcache\padrs404.dll - 2001-08-23 13:00:00 36,927 ----a-w C:\WINDOWS\system32\dllcache\padrs411.dll + 2001-08-23 12:00:00 36,927 ----a-w C:\WINDOWS\system32\dllcache\padrs411.dll - 2001-08-23 13:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\padrs412.dll + 2001-08-23 12:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\padrs412.dll - 2004-08-03 22:31:50 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll + 2004-08-03 21:31:50 15,360 ----a-w C:\WINDOWS\system32\dllcache\padrs804.dll - 2004-08-03 22:31:50 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll + 2004-08-03 21:31:50 175,104 ----a-w C:\WINDOWS\system32\dllcache\pintlcsa.dll - 2004-08-03 22:31:50 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll + 2004-08-03 21:31:50 53,760 ----a-w C:\WINDOWS\system32\dllcache\pintlcsd.dll - 2004-08-03 22:31:50 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe + 2004-08-03 21:31:50 70,144 ----a-w C:\WINDOWS\system32\dllcache\pintlphr.exe - 2004-08-03 22:31:50 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll + 2004-08-03 21:31:50 67,584 ----a-w C:\WINDOWS\system32\dllcache\pmigrate.dll - 2007-09-20 05:34:38 582,656 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll + 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll - 2001-08-23 13:00:00 143,422 ----a-w C:\WINDOWS\system32\dllcache\softkey.dll + 2001-08-23 12:00:00 143,422 ----a-w C:\WINDOWS\system32\dllcache\softkey.dll - 2007-09-20 01:05:00 360,704 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2004-08-03 22:32:16 44,032 ----a-w C:\WINDOWS\system32\dllcache\tintlphr.exe + 2004-08-03 21:32:16 44,032 ----a-w C:\WINDOWS\system32\dllcache\tintlphr.exe - 2004-08-03 22:32:16 455,168 ----a-w C:\WINDOWS\system32\dllcache\tintsetp.exe + 2004-08-03 21:32:16 455,168 ----a-w C:\WINDOWS\system32\dllcache\tintsetp.exe - 2004-08-03 22:32:14 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll + 2004-08-03 21:32:14 10,240 ----a-w C:\WINDOWS\system32\dllcache\tmigrate.dll - 2004-08-03 23:04:12 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll + 2004-08-03 22:04:12 76,288 ----a-w C:\WINDOWS\system32\dllcache\uniime.dll - 2007-09-20 05:35:34 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll + 2007-09-20 04:35:34 426,041 ----a-w C:\WINDOWS\system32\dllcache\voicepad.dll - 2007-09-20 05:35:34 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll + 2007-09-20 04:35:34 86,073 ----a-w C:\WINDOWS\system32\dllcache\voicesub.dll - 2004-08-03 18:30:58 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys + 2007-12-18 09:51:36 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys - 2007-09-20 01:04:42 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys + 2007-11-13 10:25:54 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys - 2007-09-20 01:05:00 360,704 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\f3ahvoas.dll - 2008-04-15 15:43:24 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-04-16 15:46:36 177,056 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2001-07-06 12:41:30 569,344 ----a-r C:\WINDOWS\system32\imagr5.dll + 2001-07-06 10:44:46 544,768 ----a-r C:\WINDOWS\system32\imagx5.dll + 2001-07-06 16:24:18 283,920 ----a-r C:\WINDOWS\system32\ImagXpr5.dll + 2004-08-03 21:31:54 198,656 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTIME.DLL + 2004-08-03 21:31:56 480,256 ----a-w C:\WINDOWS\system32\IME\CINTLGNT\CINTSETP.EXE + 2004-08-03 21:31:50 59,392 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE + 2004-08-03 21:31:50 70,144 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PINTLPHR.EXE + 2004-08-03 21:31:50 67,584 ----a-w C:\WINDOWS\system32\IME\PINTLGNT\PMIGRATE.DLL + 2004-08-03 21:32:16 44,032 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTLPHR.EXE + 2004-08-03 21:32:16 455,168 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE + 2004-08-03 21:32:14 10,240 ----a-w C:\WINDOWS\system32\IME\TINTLGNT\TMIGRATE.DLL + 2007-09-20 04:35:30 811,064 ----a-w C:\WINDOWS\system32\imjp81k.dll - 2007-09-20 05:33:22 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd101.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd101a.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\kbd101b.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\kbd101c.dll + 2001-08-17 11:25:56 5,632 ----a-w C:\WINDOWS\system32\kbd103.dll + 2001-08-17 11:25:56 6,144 ----a-w C:\WINDOWS\system32\kbd106.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbd106n.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdax2.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\kbdibm02.dll + 2001-08-17 19:06:18 8,704 ----a-w C:\WINDOWS\system32\kbdjpn.dll + 2001-08-17 19:06:18 8,192 ----a-w C:\WINDOWS\system32\kbdkor.dll + 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\kbdlk41a.dll + 2001-08-23 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdlk41j.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\kbdnec95.dll + 2001-08-23 12:00:00 9,216 ----a-w C:\WINDOWS\system32\kbdnecAT.dll + 2001-08-23 12:00:00 7,680 ----a-w C:\WINDOWS\system32\kbdnecNT.dll + 2001-08-23 12:00:00 70,656 ----a-w C:\WINDOWS\system32\korwbrkr.dll + 2007-05-31 02:42:06 1,531,904 ----a-w C:\WINDOWS\system32\libmysql.dll + 2001-08-23 12:00:00 98,304 ----a-w C:\WINDOWS\system32\msir3jp.dll + 2002-01-05 01:08:36 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll + 2002-01-05 01:10:18 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll + 2002-01-05 01:07:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll + 2001-07-09 09:50:42 155,648 ----a-r C:\WINDOWS\system32\NeroCheck.exe + 2001-06-26 06:15:46 38,912 ----a-r C:\WINDOWS\system32\picn20.dll - 2007-09-20 01:04:38 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll + 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll - 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\system32\spmsg.dll + 2006-06-20 04:40:00 13,933 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\SNAGITD8.DLL + 2004-08-03 21:26:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL + 2004-08-03 21:26:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL + 2004-08-03 21:26:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL + 2005-12-20 18:01:00 79,360 ----a-w C:\WINDOWS\system32\swfinfo.dll + 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2004-08-03 22:04:12 76,288 ----a-w C:\WINDOWS\system32\uniime.dll + 1998-12-02 05:41:02 143,360 ----a-w C:\WINDOWS\system32\vbuzip10.dll - 2008-04-15 19:11:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_3e8.dat + 2008-04-17 14:26:02 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_3e8.dat + 2008-04-16 17:57:00 451,072 ----a-w C:\WINDOWS\TrayLayout\uninstall.exe + 2006-06-05 10:44:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 10:44:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 10:44:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [04/15/2008 10:30 PM 2663480] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [02/16/2005 04:15 PM 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [02/16/2005 04:15 PM 81920] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [09/20/2007 08:05 AM 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 01:01 AM 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 01:02 AM 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 01:02 AM 455168] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 01:20 PM 155648] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/03/2004 11:56 PM 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="regsvr32 /s /n /i:u shell32" [] C:\Documents and Settings\Manam\Start Menu\Programs\Startup\ TrayLayout.lnk - C:\Program Files\TrayLayout\TrayLayout.exe [2006-02-03 12:55:47 221184] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872] SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 08:10:00 5976064] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "LegalNoticeCaption"="[Antichrist]" "LegalNoticeText"="[Day of judgment]" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\AppServ\\Apache2.2\\bin\\httpd.exe"= "C:\\Program Files\\Macromedia\\Fireworks MX\\Fireworks.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [03/29/2008 10:01 PM] R2 Apache2.2;Apache2.2;"C:\AppServ\Apache2.2\bin\httpd.exe" -k runservice [] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [03/29/2008 10:05 PM] . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-17 17:56:22 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql] "ImagePath"="C:\AppServ\MySQL\bin\mysqld-nt --defaults-file=C:\AppServ\MySQL\my.ini mysql" . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\APPSERV\MYSQL\BIN\MYSQLD-NT.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAM FILES\TECHSMITH\SNAGIT 8\TSCHELP.EXE . ************************************************************************ . Completion time: 04/17/2008 17:57:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-17 14:27:46 ComboFix2.txt 2008-04-16 00:13:28 Pre-Run: 9,739,591,680 bytes free Post-Run: 9,729,843,200 bytes free . 2008-04-17 00:22:40 --- E O F ---

8	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 10:37:25 AM
ComboFix : Code: ComboFix 08-04-15.1 - Manam 04/17/2008 17:53:29.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.472 [GMT 3.5:30] Running from: C:\Combo-Fix.exe Command switches used :: C:\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\help\HLPS.EXE C:\WINDOWS\media\WINDOWS XP RINGIN.WAV C:\WINDOWS\media\WMA.EXE C:\WINDOWS\SHELL.EXE C:\WINDOWS\system32\BLANK.HTM C:\WINDOWS\system32\OEMINFO.INI C:\WINDOWS\system32\OEMLOGO.BMP C:\WINDOWS\system32\SYS.EXE C:\WINDOWS\VXDS.EXE . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\media\WINDOWS XP RINGIN.WAV C:\WINDOWS\system32\BLANK.HTM C:\WINDOWS\system32\OEMINFO.INI C:\WINDOWS\system32\OEMLOGO.BMP . ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-17 14:14 --------- d-----w C:\Program Files\ERUNT 2008-04-17 06:18 --------- d-----w C:\Documents and Settings\Manam\Application Data\Ahead 2008-04-17 06:16 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-17 06:16 --------- d-----w C:\Program Files\Ahead 2008-04-16 23:59 791,393 ----a-w C:\erunt-setup.exe 2008-04-16 19:18 --------- d-----w C:\Program Files\TechSmith 2008-04-16 19:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith 2008-04-16 19:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-16 19:06 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-16 19:06 --------- d-----w C:\Program Files\Macromedia 2008-04-16 19:06 --------- d-----w C:\Program Files\Common Files\Macromedia 2008-04-16 17:57 --------- d-----w C:\Program Files\TrayLayout 2008-04-16 11:21 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-16 11:21 --------- d-----w C:\Documents and Settings\Manam\Application Data\AdobeUM 2008-04-16 08:38 686,630 ----a-w C:\dss.exe 2008-04-16 01:04 --------- d-----w C:\Program Files\Common Files\InstallShield Shared 2008-04-16 01:04 --------- d-----w C:\Program Files\Articulate 2008-04-16 00:16 --------- d-----w C:\Program Files\Trend Micro 2008-04-16 00:09 499,568 ----a-w C:\hijackthis_v2.0.2.zip 2008-04-15 23:55 1,770,165 ------w C:\Combo-Fix.exe 2008-04-15 22:11 --------- d-----w C:\Program Files\eMule 2008-04-15 22:11 --------- d-----w C:\Documents and Settings\Manam\Application Data\eMule 2008-04-15 22:09 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-15 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-04-15 22:07 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-04-15 18:59 --------- d-----w C:\Program Files\Babylon 2008-04-15 18:59 --------- d-----w C:\Documents and Settings\Manam\Application Data\Babylon 2008-04-15 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon 2008-04-15 18:56 --------- d-----w C:\Program Files\FastStone Capture 2008-04-15 18:56 --------- d-----w C:\Documents and Settings\Manam\Application Data\FastStone 2008-04-15 16:24 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-15 16:17 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-15 15:47 --------- d-----w C:\Program Files\Alwil Software 2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 18:35 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-03-29 18:31 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys 2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll . ((((((((((((((((((((((((((((( snapshot@Wed 04-16-2008_ 3.43.15.17 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-13 11:02:46 60,416 ------w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe + 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe + 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll + 2007-11-13 10:25:54 20,480 ------w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys + 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe + 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll + 2007-12-18 09:39:00 179,712 ------w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys + 2007-03-06 01:22:34 14,048 ------w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe + 2007-03-06 01:22:32 22,752 ------w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll + 2007-03-06 01:22:56 716,000 ------w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll + 2007-09-20 01:04:38 582,656 ------w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll + 2007-09-20 05:33:22 683,520 ------w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll + 2007-09-20 01:05:00 360,704 ------w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll + 2007-09-20 01:04:42 163,644 ------w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll + 2004-08-03 18:30:58 181,248 ------w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys + 2007-03-06 01:22:40 213,216 ------w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe + 2007-03-06 01:23:48 371,424 ------w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll + 2007-09-20 01:18:54 282,112 ------w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll + 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe + 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll - 2008-04-15 19:11:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-17 14:25:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 08:32:28 163,328 ----a-w C:\WINDOWS\erdnt\2008-04-17\ERDNT.EXE + 2008-04-17 14:16:36 237,568 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-04-17 14:16:38 8,192 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000002\UsrClass.dat + 2008-04-17 14:16:38 237,568 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-04-17 14:16:38 8,192 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000004\UsrClass.dat + 2008-04-17 14:16:38 1,970,176 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-04-17 14:16:38 8,192 ----a-w C:\WINDOWS\erdnt\2008-04-17\Users\[u]0[/u]0000006\UsrClass.dat + 2004-08-03 21:31:50 175,104 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSA.DLL + 2004-08-03 21:31:50 53,760 ----a-w C:\WINDOWS\ime\chsime\applets\PINTLCSD.DLL + 2004-08-03 21:31:52 97,792 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTMBX.DLL + 2004-08-03 21:31:54 56,320 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKDIC.DLL + 2004-08-03 21:31:54 173,568 ----a-w C:\WINDOWS\ime\CHTIME\Applets\CHTSKF.DLL + 2001-08-23 12:00:00 10,096,640 ----a-w C:\WINDOWS\ime\CHTIME\Applets\HWXCHT.DLL + 2001-08-23 12:00:00 13,463,552 ----a-w C:\WINDOWS\ime\imjp8_1\applets\hwxjpn.dll + 2001-08-23 12:00:00 471,102 ----a-w C:\WINDOWS\ime\imjp8_1\applets\imskdic.dll + 2001-08-23 12:00:00 315,452 ----a-w C:\WINDOWS\ime\imjp8_1\applets\imskf.dll + 2001-08-23 12:00:00 229,439 ----a-w C:\WINDOWS\ime\imjp8_1\applets\multibox.dll + 2001-08-23 12:00:00 143,422 ----a-w C:\WINDOWS\ime\imjp8_1\applets\softkey.dll + 2007-09-20 04:35:34 426,041 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicepad.dll + 2007-09-20 04:35:34 86,073 ----a-w C:\WINDOWS\ime\imjp8_1\applets\voicesub.dll + 2007-09-20 04:35:30 57,399 ----a-w C:\WINDOWS\ime\imjp8_1\cplexe.exe + 2007-09-20 04:35:32 368,696 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcic.dll + 2007-09-20 04:35:32 716,856 ----a-w C:\WINDOWS\ime\imjp8_1\imjpcus.dll + 2001-08-23 12:00:00 57,398 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdadm.exe + 2007-09-20 04:35:32 81,976 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.dll + 2004-08-03 21:31:54 307,257 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdct.exe + 2007-09-20 04:35:32 155,705 ----a-w C:\WINDOWS\ime\imjp8_1\imjpdsvr.exe + 2007-09-20 04:35:32 196,665 ----a-w C:\WINDOWS\ime\imjp8_1\imjpinst.exe + 2007-09-20 04:35:32 208,952 ----a-w C:\WINDOWS\ime\imjp8_1\imjpmig.exe + 2007-09-20 04:35:32 233,527 ----a-w C:\WINDOWS\ime\imjp8_1\imjprw.exe + 2001-08-23 12:00:00 45,109 ----a-w C:\WINDOWS\ime\imjp8_1\imjpuex.exe + 2007-09-20 04:35:34 262,200 ----a-w C:\WINDOWS\ime\imjp8_1\imjputy.exe + 2007-09-20 04:35:34 274,489 ----a-w C:\WINDOWS\ime\imjp8_1\imjputyc.dll + 2001-08-23 12:00:00 10,129,408 ----a-w C:\WINDOWS\ime\imkr6_1\applets\hwxkor.dll + 2004-08-03 22:04:34 86,016 ----a-w C:\WINDOWS\ime\imkr6_1\applets\imekrmbx.dll + 2001-08-23 12:00:00 36,864 ----a-w C:\WINDOWS\ime\imkr6_1\dicts\hanjadic.dll + 2004-08-03 22:04:38 106,496 ----a-w C:\WINDOWS\ime\imkr6_1\imekrcic.dll + 2001-08-23 12:00:00 44,032 ----a-w C:\WINDOWS\ime\imkr6_1\imekrmig.exe + 2001-08-23 12:00:00 59,904 ----a-w C:\WINDOWS\ime\imkr6_1\imkrinst.exe + 2001-08-23 12:00:00 102,463 ----a-w C:\WINDOWS\ime\shared\imepadsm.dll + 2001-08-23 12:00:00 311,359 ----a-w C:\WINDOWS\ime\shared\imepadsv.exe + 2004-08-03 21:32:28 102,456 ----a-w C:\WINDOWS\ime\shared\imlang.dll + 2004-08-03 21:32:12 15,872 ----a-w C:\WINDOWS\ime\shared\res\PADRS404.DLL + 2001-08-23 12:00:00 36,927 ----a-w C:\WINDOWS\ime\shared\res\padrs411.dll + 2001-08-23 12:00:00 14,336 ----a-w C:\WINDOWS\ime\shared\res\padrs412.dll + 2004-08-03 21:31:50 15,360 ----a-w C:\WINDOWS\ime\shared\res\padrs804.dll + 2008-04-16 19:18:42 112,128 ----a-r C:\WINDOWS\Installer\{524228C9-826F-4B58-9E47-4F2E5C7E9F45}\Icon55367664.exe + 2008-04-16 15:17:56 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A80000000002}\SC_Reader.exe + 2008-04-16 01:04:40 22,486 ----a-r C:\WINDOWS\Installer\{CA9291F3-8F12-40B7-BB1A-C64E5F86F4FC}\ARPPRODUCTICON.exe + 2008-04-16 01:04:40 65,536 ----a-r C:\WINDOWS\Installer\{CA9291F3-8F12-40B7-BB1A-C64E5F86F4FC}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0404.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0411.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0412.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0804.dll + 2002-09-06 09:25:08 290,304 ----a-w C:\WINDOWS\system32\artEMFLib.dll + 2001-08-23 12:00:00 218,112 ----a-w C:\WINDOWS\system32\c_g18030.dll + 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\c_is2022.dll + 1998-11-23 12:40:06 90,112 ----a-w C:\WINDOWS\system32\ccrpTmr6.dll + 2001-08-23 12:00:00 1,677,824 ----a-w C:\WINDOWS\system32\chsbrkr.dll + 2001-08-23 12:00:00 838,144 ----a-w C:\WINDOWS\system32\chtbrkr.dll - 2001-08-23 13:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0404.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0404.dll - 2001-08-23 13:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0411.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0411.dll - 2001-08-23 13:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0412.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0412.dll - 2001-08-23 13:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0804.dll + 2001-08-23 12:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\agt0804.dll - 2001-08-23 13:00:00 218,112 ----a-w C:\WINDOWS\system32\dllcache\c_g18030.dll + 2001-08-23 12:00:00 218,112 ----a-w C:\WINDOWS\system32\dllcache\c_g18030.dll - 2001-08-23 13:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\c_is2022.dll + 2001-08-23 12:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\c_is2022.dll - 2001-08-23 13:00:00 1,677,824 ----a-w C:\WINDOWS\system32\dllcache\chsbrkr.dll + 2001-08-23 12:00:00 1,677,824 ----a-w C:\WINDOWS\system32\dllcache\chsbrkr.dll - 2001-08-23 13:00:00 838,144 ----a-w C:\WINDOWS\system32\dllcache\chtbrkr.dll + 2001-08-23 12:00:00 838,144 ----a-w C:\WINDOWS\system32\dllcache\chtbrkr.dll - 2004-08-03 22:31:52 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll + 2004-08-03 21:31:52 97,792 ----a-w C:\WINDOWS\system32\dllcache\chtmbx.dll - 2004-08-03 22:31:54 56,320 ----a-w C:\WINDOWS\system32\dllcache\chtskdic.dll + 2004-08-03 21:31:54 56,320 ----a-w C:\WINDOWS\system32\dllcache\chtskdic.dll - 2004-08-03 22:31:54 173,568 ----a-w C:\WINDOWS\system32\dllcache\chtskf.dll + 2004-08-03 21:31:54 173,568 ----a-w C:\WINDOWS\system32\dllcache\chtskf.dll - 2004-08-03 22:31:54 198,656 ----a-w C:\WINDOWS\system32\dllcache\cintime.dll + 2004-08-03 21:31:54 198,656 ----a-w C:\WINDOWS\system32\dllcache\cintime.dll - 2004-08-03 22:31:56 480,256 ----a-w C:\WINDOWS\system32\dllcache\cintsetp.exe + 2004-08-03 21:31:56 480,256 ----a-w C:\WINDOWS\system32\dllcache\cintsetp.exe - 2007-09-20 05:35:30 57,399 ----a-w C:\WINDOWS\system32\dllcache\cplexe.exe + 2007-09-20 04:35:30 57,399 ----a-w C:\WINDOWS\system32\dllcache\cplexe.exe - 2001-08-23 13:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\f3ahvoas.dll + 2001-08-23 12:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\f3ahvoas.dll - 2001-08-23 13:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\hanjadic.dll + 2001-08-23 12:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\hanjadic.dll - 2001-08-23 13:00:00 10,096,640 ----a-w C:\WINDOWS\system32\dllcache\hwxcht.dll + 2001-08-23 12:00:00 10,096,640 ----a-w C:\WINDOWS\system32\dllcache\hwxcht.dll - 2001-08-23 13:00:00 13,463,552 ----a-w C:\WINDOWS\system32\dllcache\hwxjpn.dll + 2001-08-23 12:00:00 13,463,552 ----a-w C:\WINDOWS\system32\dllcache\hwxjpn.dll - 2001-08-23 13:00:00 10,129,408 ----a-w C:\WINDOWS\system32\dllcache\hwxkor.dll + 2001-08-23 12:00:00 10,129,408 ----a-w C:\WINDOWS\system32\dllcache\hwxkor.dll - 2004-08-03 23:04:38 106,496 ----a-w C:\WINDOWS\system32\dllcache\imekrcic.dll + 2004-08-03 22:04:38 106,496 ----a-w C:\WINDOWS\system32\dllcache\imekrcic.dll - 2004-08-03 23:04:34 86,016 ----a-w C:\WINDOWS\system32\dllcache\imekrmbx.dll + 2004-08-03 22:04:34 86,016 ----a-w C:\WINDOWS\system32\dllcache\imekrmbx.dll - 2001-08-23 13:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\imekrmig.exe + 2001-08-23 12:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\imekrmig.exe - 2001-08-23 13:00:00 102,463 ----a-w C:\WINDOWS\system32\dllcache\imepadsm.dll + 2001-08-23 12:00:00 102,463 ----a-w C:\WINDOWS\system32\dllcache\imepadsm.dll - 2001-08-23 13:00:00 311,359 ----a-w C:\WINDOWS\system32\dllcache\imepadsv.exe + 2001-08-23 12:00:00 311,359 ----a-w C:\WINDOWS\system32\dllcache\imepadsv.exe - 2007-09-20 05:35:30 811,064 ----a-w C:\WINDOWS\system32\dllcache\imjp81k.dll + 2007-09-20 04:35:30 811,064 ----a-w C:\WINDOWS\system32\dllcache\imjp81k.dll - 2007-09-20 05:35:32 368,696 ----a-w C:\WINDOWS\system32\dllcache\imjpcic.dll + 2007-09-20 04:35:32 368,696 ----a-w C:\WINDOWS\system32\dllcache\imjpcic.dll - 2007-09-20 05:35:32 716,856 ----a-w C:\WINDOWS\system32\dllcache\imjpcus.dll + 2007-09-20 04:35:32 716,856 ----a-w C:\WINDOWS\system32\dllcache\imjpcus.dll

9	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 17, 2008, 10:34:54 AM
Sorry , I got error for running fix.reg : But I did other steps and these are reports : Code: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:59:32 ?.?, on 2008/04/17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\AppServ\Apache2.2\bin\httpd.exe C:\AppServ\MySQL\bin\mysqld-nt.exe C:\AppServ\Apache2.2\bin\httpd.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Program Files\TrayLayout\TrayLayout.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: TrayLayout.lnk = C:\Program Files\TrayLayout\TrayLayout.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\AppServ\Apache2.2\bin\httpd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: mysql - Unknown owner - C:\AppServ\MySQL\bin\mysqld-nt.exe -- End of file - 5626 bytes

10	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 16, 2008, 05:35:00 AM
extra.txt : Code: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 2.00GHz Percentage of Memory in Use: 31% Physical Memory (total/avail): 767.48 MiB / 524.39 MiB Pagefile Memory (total/avail): 1878.62 MiB / 1656.55 MiB Virtual Memory (total/avail): 2047.88 MiB / 1925.97 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 14.49 GiB total, 10.25 GiB free. D: is Fixed (FAT32) - 11.99 GiB total, 0.42 GiB free. E: is Fixed (FAT32) - 5.99 GiB total, 0.55 GiB free. F: is Fixed (FAT32) - 19.91 GiB total, 2.27 GiB free. G: is Fixed (FAT32) - 4.81 GiB total, 3.76 GiB free. H: is CDROM (CDFS) I: is CDROM (CDFS) J: is Removable (FAT32) \\.\PHYSICALDRIVE0 - Maxtor 4D060H3 - 57.25 GiB - 5 partitions \PARTITION0 (bootable) - Unknown - 14.5 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 42.75 GiB - D: - E: - F: - G: \\.\PHYSICALDRIVE1 - Generic USB Flash Disk USB Device - 980.53 MiB - 1 partition \PARTITION0 (bootable) - Unknown - 983.97 MiB - J: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AntivirusOverride is set. AV: avast! antivirus 4.8.1169 [VPS 080416-0] v4.8.1169 (ALWIL Software) [COLOR=RED]Disabled[/COLOR] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Manam\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DAILY-B0146F581 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Manam LOGONSERVER=\\DAILY-B0146F581 NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Manam\LOCALS~1\Temp TMP=C:\DOCUME~1\Manam\LOCALS~1\Temp USERDOMAIN=DAILY-B0146F581 USERNAME=Manam USERPROFILE=C:\Documents and Settings\Manam windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Manam [I](admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Articulate Presenter 5 Professional --> MsiExec.exe /I{CA9291F3-8F12-40B7-BB1A-C64E5F86F4FC} avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe eMule --> "C:\Program Files\eMule\Uninstall.exe" FastStone Capture 5.3 --> C:\Program Files\FastStone Capture\uninst.exe HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type39 / Warning Event Submitted/Written: 04/16/2008 01:37:25 AM Event ID/Source: 5603 / WinMgmt Event Description: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type38 / Warning Event Submitted/Written: 04/16/2008 01:37:25 AM Event ID/Source: 5603 / WinMgmt Event Description: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type18 / Warning Event Submitted/Written: 04/15/2008 06:53:14 PM Event ID/Source: 5603 / WinMgmt Event Description: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type17 / Warning Event Submitted/Written: 04/15/2008 06:53:14 PM Event ID/Source: 5603 / WinMgmt Event Description: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality. Event Record #/Type13 / Warning Event Submitted/Written: 04/15/2008 06:49:19 PM Event ID/Source: 63 / WinMgmt Event Description: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type167 / Warning Event Submitted/Written: 04/16/2008 01:37:54 AM Event ID/Source: 20 / Print Event Description: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll. Event Record #/Type9 / Error Event Submitted/Written: 04/15/2008 06:59:50 PM Event ID/Source: 27287 / Setup Event Description: Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. -- End of Deckard's System Scanner: finished at 2008-04-16 12:45:45 ------------

11	Windows XP Assistance / Security-Virus/Spyware / Re: [Antichrist] [Day of judgment]-I really need help	on: April 16, 2008, 05:32:54 AM
continue of main.txt : Code: 2008-04-15 22:29:05 0 d-------- C:\Program Files\Babylon 2008-04-15 22:29:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-04-15 22:28:58 0 d-------- C:\Documents and Settings\Manam\Application Data\Babylon 2008-04-15 22:26:42 0 d-------- C:\Documents and Settings\Manam\Application Data\FastStone 2008-04-15 22:26:38 0 d-------- C:\Program Files\FastStone Capture 2008-04-15 21:56:03 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-15 21:55:59 0 d-------- C:\Documents and Settings\Manam\Application Data\Mozilla 2008-04-15 20:00:51 0 d--hs---- C:\System Volume Information 2008-04-15 20:00:49 0 d-------- C:\WINDOWS\Prefetch 2008-04-15 20:00:48 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-04-15 20:00:47 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2008-04-15 20:00:47 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-04-15 20:00:47 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-04-15 20:00:47 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-04-15 20:00:37 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-04-15 20:00:37 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-04-15 20:00:37 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-04-15 20:00:37 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-04-15 19:54:26 0 d-------- C:\WINDOWS\system32\xircom 2008-04-15 19:54:26 0 d-------- C:\Program Files\microsoft frontpage 2008-04-15 19:54:07 237568 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-04-15 19:53:56 0 -rahs---- C:\MSDOS.SYS 2008-04-15 19:53:56 0 -rahs---- C:\IO.SYS 2008-04-15 19:53:56 0 --a------ C:\CONFIG.SYS 2008-04-15 19:53:56 0 --a------ C:\AUTOEXEC.BAT 2008-04-15 19:52:26 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-04-15 19:51:57 0 d--h----- C:\Program Files\WindowsUpdate 2008-04-15 19:51:34 0 d-------- C:\WINDOWS\system32\DirectX 2008-04-15 19:50:56 0 d---s---- C:\WINDOWS\Tasks 2008-04-15 19:50:53 0 d-------- C:\Program Files\Common Files\MSSoap 2008-04-15 19:50:48 0 d-------- C:\WINDOWS\srchasst 2008-04-15 19:50:33 0 d-------- C:\Program Files\Movie Maker 2008-04-15 19:50:15 0 d-------- C:\WINDOWS\system32\Restore 2008-04-15 19:48:50 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-04-15 19:48:21 0 d-------- C:\WINDOWS\Registration 2008-04-15 19:48:12 0 d-------- C:\Program Files\Online Services 2008-04-15 19:48:01 0 d-------- C:\WINDOWS\Offline Web Pages 2008-04-15 19:48:00 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-04-15 19:47:49 0 d-------- C:\Program Files\Windows Media Connect 2 2008-04-1