I downloaded a WinZip file from Limewire and carelessly opened the .exe file. Started to see occasional popups. I ran a scan with BitDefender which found this:

C:\System Volume Information\_restore{F561161F-9CF0-4A5B-BD2A-6BCEC1178E07}\RP417\A0061518.EX=>(NSIS o)=>lzma_nsis0008=>(NSIS o)=>lzma_solid_ nsis0004

I deleted the file from the SVI folder in safe mode and assumed everything was good. Popups continue. I ran scans with AVG, Spybot, Registry Mechanic, Ad-aware, Microsoft Clean. I've uninstalled both Browser Optimizer Dcads and Browser Optimizer Superiorads. Popups still happen... I've read a few threads on Dcads and how to remove but I'm afraid to use the processes for someone elses PC, on my PC. I appreciate any help.

Here's my HiJackThis log. I've hi-lighted the only entry I can see with the word "dcads"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:09 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nsj3F.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8945 bytes

Welcome to the BleepingComputer HijackThis Logs and Analysis forum cichlidnut
My name is Richie and i'll be helping you to fix your problems.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.


If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Now download Combofix and save to your desktop:
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.

Thank you for the prompt reply.

I'm afraid I'm unsure what the "ComboFix-quarantined-files.txt" is. I assume it would be a file unto itself so I hope it's not contained within this. My apologies if it is.

ComboFix 07-12-21.4 - Mdg 2007-12-21 15:22:29.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1476 [GMT -5:00]
Running from: C:\Documents and Settings\Mdg\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mdg\Application Data\macromedia\Flash Player\#SharedObjects\Y4F6NA65\www.broadcaster.com
C:\Documents and Settings\Mdg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Mdg\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\nsj3F.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-21 15:17 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-21 15:16 . 2007-12-21 15:16 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-19 23:33 . 2007-12-19 23:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-19 23:33 . 2007-12-19 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-19 11:38 . 2007-12-19 11:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-19 00:14 . 2007-12-19 00:14 256 --a------ C:\WINDOWS\adaway.lic
2007-12-18 14:59 . 2007-12-18 14:59 <DIR> d--hs---- C:\FOUND.003
2007-12-17 23:51 . 2007-12-17 23:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-17 22:28 . 2007-12-17 22:28 8,704 --ahs---- C:\WINDOWS\system32\Thumbs.db
2007-12-17 16:28 . 2007-12-17 16:28 <DIR> d-------- C:\Program Files\Windows Live
2007-12-17 16:28 . 2007-12-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-17 16:28 . 2007-12-17 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller
2007-12-17 09:48 . 2007-12-21 15:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 09:48 . 2007-12-17 09:48 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-15 10:01 . 2007-12-15 10:01 232 --a------ C:\WINDOWS\PowerReg.dat
2007-12-15 09:59 . 2007-12-15 09:59 <DIR> d-------- C:\Program Files\Hasbro Interactive
2007-12-12 15:22 . 2007-12-12 15:22 <DIR> d-------- C:\Program Files\Sygate
2007-12-12 15:22 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-12-12 15:22 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-12-12 15:22 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-12-12 15:22 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\WG6N.sys
2007-12-12 15:22 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\WG5N.sys
2007-12-12 15:22 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\WG4N.sys
2007-12-12 15:22 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\WG3N.sys
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-10 08:54 . 2007-12-10 08:54 <DIR> dr-h----- C:\$VAULT$.AVG
2007-12-07 22:43 . 2007-12-07 22:43 <DIR> d-------- C:\Documents and Settings\Maureen\Application Data\AVG7
2007-11-30 16:57 . 2007-11-30 16:57 <DIR> d-------- C:\Documents and Settings\Alicia\Application Data\AVG7
2007-11-30 11:30 . 2007-11-30 11:30 <DIR> d-------- C:\Documents and Settings\Melissa\Application Data\AVG7
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\Mdg\Application Data\AVG7
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-30 10:22 . 2007-11-30 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-30 10:15 . 2007-11-30 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-28 15:50 . 2006-10-29 02:11 516,096 --a------ C:\WINDOWS\system32\rtl4.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 20:07 17,354 ----a-w C:\Documents and Settings\Mdg\Application Data\wklnhst.dat
2007-12-07 21:16 60,072 ----a-w C:\Documents and Settings\Mdg\Application Data\GDIPFONTCACHEV1.DAT
2007-11-15 05:32 --------- d-----w C:\Documents and Settings\Mdg\Application Data\MediaLife
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 01:41 --------- d-----w C:\Documents and Settings\Melissa\Application Data\Logitech
2007-11-08 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\MediaLife
2007-11-07 21:51 3,350 ----a-w C:\Documents and Settings\Alicia\Application Data\wklnhst.dat
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\QUARTZ.DLL
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-28 20:22 --------- d-----w C:\Documents and Settings\Mdg\Application Data\NFT
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\WMASF.DLL
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 17:21 --------- d-----w C:\Documents and Settings\Alicia\Application Data\NFT
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-23 02:26 1,184 ----a-w C:\Documents and Settings\Maureen\Application Data\wklnhst.dat
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-30 22:43 59,680 ----a-w C:\Documents and Settings\Alicia\Application Data\GDIPFONTCACHEV1.DAT
2007-09-28 17:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 17:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 17:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 17:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 17:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 17:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 17:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 17:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 17:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 17:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 17:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 17:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 17:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 17:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-27 16:07 2,293,712 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-05-26 01:11 922 ----a-w C:\Documents and Settings\Melissa\Application Data\wklnhst.dat
2007-02-26 03:43 19 ----a-w C:\Program Files\Answer.txt
2003-12-20 01:36 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]
"PowerBar"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 15:34 C:\WINDOWS\RTHDCPL.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"MediaLifeService"="C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" [2005-05-12 21:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:49]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-30 10:22]

C:\Documents and Settings\Alicia\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 10:19:14]

C:\Documents and Settings\Mdg\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk.disabled [2006-12-29 18:11:32]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-01-06 16:03:13]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-12-29 18:11:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegistryMechanic"=
"Alcmtr"=ALCMTR.EXE
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
"B'sCLiP"=C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

R0 BsStor;B.H.A Storage Helper Driver;C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 01:07]
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 17:44]
R4 BsUDF;B.H.A UDF Filesystem;C:\WINDOWS\system32\drivers\BsUDF.sys [2004-01-08 16:41]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-18 20:01:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-21 19:52:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 15:25:50
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????<?@?<?@?D?????A~??????????????A~<?@?<?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0????????????n????A~?????????????????(??????X???????<?@?<?@?????Q?B~????D?@?????<?@???@?<?@?3??s??????????????????????@?_??s??@???@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 15:26:34
.
2007-12-12 08:05:58 --- E O F ---


And my latest Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:33 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8798 bytes

First enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/tutorial62.html

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
Exit Hijackthis.

Find and delete:
C:\WINDOWS\adaway.lic

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Thank you again for all your help.

After following all your instructions and a four hour scan using SuperAntiSpywar, here is the log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2007 at 11:47 PM

Application Version : 3.9.1008

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type : Complete Scan
Total Scan Time : 03:28:22

Memory items scanned : 177
Memory threats detected : 0
Registry items scanned : 6304
Registry threats detected : 0
File items scanned : 57258
File threats detected : 1

Unclassified.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F561161F-9CF0-4A5B-BD2A-6BCEC1178E07}\RP433\A0062831.DLL

The latest Hijackthis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:58 PM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8677 bytes

I'll update you with a performance report after a few hours of normal use.

Five seconds after posting how great the computer was running... a popup!

Here's a screenshot... don't think it'll help but at least you can see I'm not crazy.

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.


Please run F-Secure Online Virus Scanner using Internet Explorer:
http://support.f-secure.com/enu/home/ols.shtml
In the opening page read:
1.General
2.System requirements
3.Start your scan,then click on 'Start scanning'.
The 'Internet Explorer-Security Warning' box will pop up,click on 'Install'
Read the Licence Agreement,then click on 'Accept'.
In the next window that opens click on 'Custom Scan'.
Under 'Virus Scan Options',make sure 'Scan whole system' is selected.
Under 'Other Scan Options',make sure the following are selected:
'Scan programs and documents'
'Scan all files'
'Scan whole system for rootkits'
'Scan whole system for spyware'
'Scan inside archives'
'Use advanced heuristics'
Then click on 'Start'.
The 'scanner components and databases' will then be downloaded,this will take some time.
The virus scan will then start automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the ‘I want to decide item by item’ button.
For each item found,Select ‘Disinfect’ and click ‘Next’.
Click the ‘Show Report’ button,then copy and paste the entire report into your next reply.

Results for CounterSpy

Scan History Details
Start Date: 12/22/2007 9:21:41 AM
End Date: 12/22/2007 12:02:44 PM
Total Time: 161 Min 3 Sec
Detected security risks

Bifrost Backdoor more information...
Details: Bifrost is an advanced remote administration tool that allows users to remotely control computers that are behind firewalls and routers.
Status: Deleted

Registry entries detected
HKEY_USERS\S-1-5-21-1981602296-893097559-3417532419-1003\SOFTWARE\WGET


After an EIGHT hour scan... F-Secure Online Scan found no Malware. I'm not sure if this is a good sign or not.

The log

Scanning Report
Saturday, December 22, 2007 13:45:45 - 20:37:34

Computer name: SLEEK
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 0 malware found
Statistics
Scanned:

* Files: 332051
* System: 5008
* Not scanned: 75

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* �.G
x
zAGEFILE.SYS C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\PHOTOALBUM\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\IMPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\EXPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SCENARIO.TDS
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\WALLS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\USEROBJECTS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SKINS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\FLOORS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\DOWNLOADS\_
* C:\PROGRAM FILES\B'S CLIP\WIN2K\GAA.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\RAMCHECK.DAT
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE1.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE2.BIN
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[2].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[3].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[4].RMB
* C:\DOCUMENTS AND SETTINGS\LOCALS~1.LOG
* C:\DOCUMENTS AND SETTINGS\NETWOR~1.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT
* C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-21-2007 - 23-48-18.SBU\{F8808D98-FC90-4BE9-8BF4-ED50966A8A6D}
* C:\DOCUMENTS AND SETTINGS\MDG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\THE ALL-AMERICAN REJECTS - DIRTY LITTLE SECRET.MP3
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\VIDEO\LOST 0X1.6138C0P-984T (null)EA-YOU'REDENYINGTHEREFINE,WORDLESSWONDER.RAR
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F37\T492.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F36\T491.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F35\T286.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DF57FC.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DFEE4.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CA�
�
L


* C:\PAGEFILE.SYS
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\PHOTOALBUM\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\IMPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\EXPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SCENARIO.TDS
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\WALLS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\USEROBJECTS\_
* C:\PROGRAM FILES\�ST
x
zx
zAMEDATA\SKINS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\FLOORS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\DOWNLOADS\_
* C:\PROGRAM FILES\B'S CLIP\WIN2K\GAA.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\RAMCHECK.DAT
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE1.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE2.BIN
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[2].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[3].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[4].RMB
* C:\DOCUMENTS AND SETTINGS\LOCALS~1.LOG
* C:\DOCUMENTS AND SETTINGS\NETWOR~1.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT
* C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-21-2007 - 23-48-18.SBU\{F8808D98-FC90-4BE9-8BF4-ED50966A8A6D}
* C:\DOCUMENTS AND SETTINGS\MDG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\THE ALL-AMERICAN REJECTS - DIRTY LITTLE SECRET.MP3
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\VIDEO\LOST 0X1.6138C0P-984T (null)EA-YOU'REDENYINGTHEREFINE,WORDLESSWONDER.RAR
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F37\T492.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F36\T491.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F35\T286.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DF57FC.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DFEE4.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_�
�
{


* C:\PAGEFILE.SYS
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\PHOTOALBUM\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\IMPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\USERDATA\EXPORT\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SCENARIO.TDS
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\WALLS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\USEROBJECTS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\SKINS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\GAMEDATA\FLOORS\_
* C:\PROGRAM FILES\MAXIS\THE SIMS\DOWNLOADS\_
* C:\PROGRAM FILES\B'S CLIP\WIN2K\GAA.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\RAMCHECK.DAT
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE1.BIN
* C:\PROGRAM FILES\B'S RECORDER GOLD7\SSECMODE2.BIN
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[1].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[2].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[3].RMB
* C:\PROGRAM FILES\REGISTRY MECHANIC\BACKUP\AUTOMATIC BACKUP[4].RMB
* C:\DOCUMENTS AND SETTINGS\LOCALS~1.LOG
* C:\DOCUMENTS AND SETTINGS\NETWOR~1.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT.LOG
* C:\DOCUMENTS AND SETTINGS\MDG\NTUSER.DAT
* C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 12-21-2007 - 23-48-18.SBU\{F8808D98-FC90-4BE9-8BF4-ED50966A8A6D}
* C:\DOCUMENTS AND SETTINGS\MDG\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\PARENT.LOCK
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\THE ALL-AMERICAN REJECTS - DIRTY LITTLE SECRET.MP3
* C:\DOCUMENTS AND SETTINGS\MDG\DESKTOP\MUSIC\VIDEO\LOST 0X1.6138C0P-984T (null)EA-YOU'REDENYINGTHEREFINE,WORDLESSWONDER.RAR
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F37\T492.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F36\T491.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\MY DOCUMENTS\MY PICTURES\IPOD PHOTO CACHE\F35\T286.ITHMB
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DF57FC.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\TEMP\~DFEE4.TMP
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\PPLICAT0�DT
x
zx
z\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(7)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(6)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(5)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(4)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(4)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(4)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2).TRASH\TRASH(2)\CACHE(2)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2).TRASH\TRASH(2)\CACHE(2)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(2).TRASH\TRASH(2)\CACHE(2)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(3)\_CACHE_001_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(3)\_CACHE_002_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\U9750LOM.DEFAULT\CACHE(3)\_CACHE_003_C:\DOCUMENTS AND SETTINGS\MDG\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOGC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DATC:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOGC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.regC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.regC:\WINDOWS\SYSTEM32\BIOS1.ROMC:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOGC:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOGC:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOGC:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-12-20
* F-Secure AVP: 7.0.171, 2007-12-21
* F-Secure Orion: 1.2.37, 2007-12-21
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-11-28
* F-Secure Pegasus: 1.19.0, 2007-11-18

Scanning options:

* Scan all files
* Scan inside archives
* Use Advanced heuristics

Just got another popup window, however it contained no ad, just the words...

"hash verification failed:"

Here's my latest Hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:19 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9225 bytes

Download\unzip to your desktop AVG Anti-Rootkit:
http://free.grisoft.com/softw/70free/setup...up-1.1.0.42.exe

Double click avgarkt-setup-1.1.0.42.exe to install,by default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit
Accept the license and follow the prompts to install.
You will be asked to reboot to finish the installation so click "Finish".
After rebooting,launch AVG by double clicking on the icon for AVG Anti-Rootkit on your desktop,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
You will see the progress bar moving from left to right.
The scan will take some time so be patient and let it finish.
When the scan has finished, a small window will open so you can view the results.
Right click over those results and select "Save Result To File".
By default the file will be saved with a .csv extension. (You can use Notepad to open the .cvs file)
Copy and paste those results into your next reply.
If anything was found, click "Remove selected items"
Note:
Close all open windows,programs,DO NOT USE the computer while scanning.
If the scan is performed while the computer is in use,false positives may appear in the scan results.


Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log.

AVG claims

No Rootkits found.

Log for Kaspersky


KASPERSKY ONLINE SCANNER REPORT
Sunday, December 23, 2007 12:28:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/12/2007
Kaspersky Anti-Virus database records: 460388
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 105213
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 02:28:21

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{077D7031-6202-44A7-9669-EA4216D23647}.crmlog Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{956CB4D8-F0E0-40EA-A7DA-888E3DB64850}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temp\~DFA524.tmp Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temp\~DF26C5.tmp Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temp\~WRS0004.tmp Object is locked skipped
C:\Documents and Settings\Mdg\Local Settings\Temp\~DFB79A.tmp Object is locked skipped
C:\Documents and Settings\Mdg\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Microsoft\Word\AutoRecovery save of Document1.asd Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Microsoft\Word\AutoRecovery save of Normal.as$ Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\history.dat Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\cert8.db Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\key3.db Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\parent.lock Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\Mozilla\Firefox\Profiles\u9750lom.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Mdg\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mdg\ntuser.dat Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\System Volume Information\_restore{F561161F-9CF0-4A5B-BD2A-6BCEC1178E07}\RP453\change.log Object is locked skipped
Scan process completed.


Latest Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:20 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9513 bytes

Your log looks clean,hows your pc running now.

So far, so good. The popups seemed to happen when I searched for something on google. I did a bunch of random searches and no popups have happened. I'll update back if another one occurs.

Thanks for your help, it's very much appreciated. A very Merry Christmas to you and your family!

Great,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.



Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/tutorial82.html

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Happy Holidays/Merry Christmas to you and yours too

Yikes... because of the nature of the ComboFix software and my kids, I deleted it.

Should I download it again? Or is there another procedure to follow?

If you deleted it thats all well and good,thats it we're done now,your good to go

Got another popup tonight.... it appears this thing is invincible.

Might be wise to just re-install the OS.

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.
Please Note:
Only do the following if you have connection problems after performing the above steps:
Go to Start>Control Panel,and choose 'Network Connections'.
Then right click on your default connection,usually 'Local Area Connection' or 'Dial-up Connection' if you are using Dial-up,then left click on 'Properties'.
Double-click on the 'Internet Protocol (TCP/IP)' item and select the radio button that says: 'Obtain DNS servers Automatically'.
Click OK twice,restart your computer.


Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

Fixwareout


Username "Mdg" - 12/24/2007 7:36:16 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"RTHDCPL"="RTHDCPL.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"MediaLifeService"="\"C:\\Program Files\\Logitech\\MediaLife\\MediaLifeService.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PowerBar"=""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~



Navipromo. This scan only took three or four minutes, hopefully it was done correctly.


Search Navipromo version 3.3.8 began on Mon 12/24/2007 at 7:45:25.14

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 11.12.2007 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : FAT32

Done in normal mode

*** Searching for installed Software ***




*** Search folders in C:\WINDOWS ***



*** Search folders in C:\Program Files ***



*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Search folders in "C:\Documents and Settings\Mdg\application data" ***


*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Mdg\local settings\application data" *



*** Search files ***




*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In C:\WINDOWS\system32 :


* In "C:\Documents and Settings\Mdg\local settings\application data" :


3)Certificates Search :

Egroup certificate not found !

4)Search known files :



*** Search completed on Mon 12/24/2007 at 7:49:38.60 ***

Just got another popup.

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Download HostsXpert 3.8:
http://www.funkytoad.com/download/HostsXpert.zip
1. Extract the zip file to your desktop or a permanent folder on your hard drive.
2. Open the folder and double-click on the Hoster.exe
3. Press "Restore Microsofts Original Hosts File"
4. Press "OK" and exit the program.

Enable the viewing of hidden files and folders,reverse the process once you've done below:
http://www.bleepingcomputer.com/tutorials/tutorial62.html

Go to:
C:\WINDOWS\System32\drivers\etc\HOSTS.
1) Right-click on the HOSTS file
2) Click Properties
3) You will see a window open,at the bottom of the window to the right of Attributes,check the box that says 'Read-only'.
4) Click Apply/OK.


Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.
Copy and paste the contents of that report in your next reply.

Activescan Report.


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\9mjgzatt.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Melissa\Application Data\Mozilla\Firefox\Profiles\9mjgzatt.default\COOKIES.TXT[.tribalfusion.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Navilog1\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Program Files\Navilog1\REBOOT.EXE
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\NIRCMD.EXE
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A

I've taken no action yet. Awaiting instruction.

No problems there.

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Messenger
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

Are you still experiencing popups or not.

Messenger startup type was already set to disabled.

Popups are pretty random, maybe only once or twice a day and only when I search for something on Google.

For instance, I type in "Mortgages" and once I click a provided site, a second window pops up with an add for a Mortgage company.

It's intermittent. I've just done a couple of random searches for various services, ie., Health Food, Laser Hair Removal, that sort of thing and no popups as of yet, but I've had long periods like this before and then suddenly one occurs.

Are you running out of options if another one does happen?

I have a friend visiting later in the week who is a computer wiz, I also have Windows Vista that I have yet to install. If there's nothing else we can do, I'll install the new OS and send Dcads to cyberhell!

Go spend some Christmas time with your family, I'll understand if you're not available over the next few days. I'll post back here if any more popups happen!

At this point in time i think the above is your best option,i'm all out of ideas now anyway

Got another one tonight... not even using Google.

An invincible piece of malware to be sure. Nothing gets rid of this.

Hello Windows Vista... goodbye Dcads.

I don't think the following will make any difference,try it anyway:

Find and delete:
C:\WINDOWS\system32\rtl4.dat

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktopand agree to merge the information into the registry,then restart your pc.

I appreciate your persistence. It's like a vendetta now.

I've done what you asked.

I'll keep doing random searches on Google for a bit and see how it goes.

Took one search for "Interior Lighting" to get a popup.

I just pick topics I know there'll be ads for.

Download WinPFind from the link below:
http://www.bleepingcomputer.com/files/oldtimer/winpfind.exe
Extract it to your C:\ folder.
This will create a folder called 'WinPFind' in the 'C:\' folder.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Open the C:\WinPFind folder and double-click on 'WinPFind.exe'.
Click on the 'Start Scan' button and wait for it to finish.
This program will scan large amounts of files on your computer for known patterns so please be patient while it works.
When it is done,the results of the scan will be displayed and it will create a log file at C:\WinPFind\WinPFind.txt.
Please copy and paste that log into your next reply.


Copy and paste the following bold text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: sys32.bat to your desktop.

Double click the sys32.bat file to run it.
A log will open in Notepad.
Please copy and paste that log into your next reply.

You'll almost certainly have to make more than one reply to post both logs.

Boy... you really don't give up!

Ok... give me some time to do the scan and I'll post the results, I assume it'll take a while.

I'm assuming you're in the UK(?), so go enjoy your Christmas dinner.... it should be ready soon.

Wow.... this is a big one!! Better grab a coffee!

WinPFind Log.



WinPFind logfile created on: 12/25/2007 10:41:42 AM
WinPFind by OldTimer - v2.0.3 Folder = C:\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5730.11

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

1.94 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 87.42% Memory free
2.45 Gb Paging File | 2.39 Gb Available in Paging File | 97.51% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 117.45 Gb Total Space | 31.88 Gb Free Space | 27.14% Space Free
Drive D: | 115.38 Gb Total Space | 59.58 Gb Free Space | 51.64% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: SLEEK
Current User Name: Mdg
Logged in as Administrator.
Cannot determine boot mode.

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\WinPFind\WinPFind.exe (OldTimer Tools)

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)

(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)

(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG7\avgemc.exe (GRISOFT, s.r.o.)

(CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Stopped]
= C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)

(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped]
= (File not found)

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

(SandraDataSrv) SiSoftware Database Agent Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe (SiSoftware)

(SandraTheSrv) SiSoftware Sandra Agent Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe (SiSoftware)

(SmcService) Sygate Personal Firewall [Win32_Own | Auto | Stopped]
= C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)

(WLSetupSvc) Windows Live Setup Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Windows Live\installer\WLSetupSvc.exe ()

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
AVG7_CC = C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MediaLifeService = C:\Program Files\Logitech\MediaLife\MediaLifeService.exe (Logitech Corp.)
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
RTHDCPL = C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
SmcService = C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
= C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
= C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ()

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
= C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)

< User Startup Folder = C:\Documents and Settings\Mdg\Start Menu\Programs\Startup >
C:\Documents and Settings\Mdg\Start Menu\Programs\Startup\Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

C:\Documents and Settings\Mdg\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
RegistryMechanic =
Alcmtr = C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
QuickTime Task = C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (File not found)
B'sCLiP = C:\Program Files\B's CLiP\Win2K\BsCLiP.exe ()
RemoteControl = C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<




>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
DllName = C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

>>>>> HOSTS File <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 698 bytes | Modified Date: 12/24/2007 10:18:16 AM)
127.0.0.1 localhost

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
Start Page = http://www.google.ca/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- AcroIEHlprObj Class ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) )

>>>>> HKLM Internet Explorer Bars <<<<<

>>>>> HKCU Internet Explorer Bars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{315108E4-E3AF-460F-B264-F2ACC9E1ACEB}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

>>>>> HKLM Internet Explorer ToolBars <<<<<

>>>>> HKCU Internet Explorer ToolBars <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar ( HKLM = C:\Program Files\Windows Live Toolbar\msntb.dll (File not found) )

>>>>> HKCU Internet Explorer CmdMapping <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8192 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8193

>>>>> HKCU Internet Explorer Menu Extensions <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Windows Live Search]
@ = C:\Program Files\Windows Live Toolbar\msntb.dll\search.htm (File not found)

>>>>> HKLM Internet Explorer Plugins Extensions <<<<<

>>>>> HKLM Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} = Shell Autoplay for Slideshow ( HKLM = Reg Data - Key not found (File not found) )
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = Taskbar and Start Menu ( HKLM = Reg Data - Key not found (File not found) )
{42071714-76d4-11d1-8b24-00a0c9068ff3} = Display Panning CPL Extension ( CLSID not found! )
{764BF0E1-F219-11ce-972D-00AA00A14F56} = Shell extensions for file compression ( CLSID not found! )
{7A9D77BD-5403-11d2-8785-2E0420524153} = User Accounts ( HKLM = Reg Data - Key not found (File not found) )
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} = Encryption Context Menu ( CLSID not found! )
{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal Icon Ext ( HKLM = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.) )
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG7 Shell Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} = AVG7 Find Extension Class ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Inc.) )
{E0D79304-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79305-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79306-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{E0D79307-84BE-11CE-9641-444553540000} = WinZip ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

>>>>> HKCU Approved Shell Extensions <<<<<

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\ShellExtension]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension]
@ = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ( HKLM = C:\Program Files\Grisoft\AVG7\avgse.dll (GRISOFT, s.r.o.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinZip]
@ = {E0D79304-84BE-11CE-9641-444553540000} ( HKLM = C:\Program Files\WinZip\WZSHLSTB.DLL (WinZip Computing, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveAutoRun = 67108863
NoDriveTypeAutoRun = 255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1
InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.mss (File not found)
InstallTheme = C:\WINDOWS\Resources\Themes\Royale.the (File not found)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Security Providers <<<<<

>>>>> Session Manager Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
BootExecute = autocheck autochk *;
ExcludeFromKnownDlls =


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
ComSpec = %SystemRoot%\system32\cmd.exe ( C:\WINDOWS\system32\cmd.exe (Microsoft Corporation) )
TEMP = %SystemRoot%\TEMP
TMP = %SystemRoot%\TEMP
windir = %SystemRoot%

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path]
%systemroot%\system32
%systemroot%
%systemroot%\system32\wbem
C:\Program Files\Common Files\Adobe\AGL
C:\Program Files\QuickTime\QTSystem"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT]
.COM
.EXE
.BAT
.CMD
.VBS
.VBE
.JS
.JSE
.WSF
.WSH

>>>>> WOW Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
cmdline = %SystemRoot%\system32\ntvdm.exe
wowcmdline = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

>>>>> SafeBoot Option Settings <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

>>>>> User Agent Post Platform <<<<<

>>>>> File Associations <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\]
.bat [@ = batfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.cmd [@ = cmdfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.com [@ = comfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.cpl [@ = cplfile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.exe [@ = exefile] -> PersistentHandler = {098f2470-bae0-11cd-b579-08002b30bfeb}
.hta [@ = htafile] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.html [@ = FirefoxHTML] -> PersistentHandler = {eec97550-47a9-11cf-b952-00aa0051fe20}
.inf [@ = inffile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.ini [@ = inifile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.url [@ = InternetShortcut] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.js [@ = JSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.jse [@ = JSEFile] -> PersistentHandler = Reg Data - Key not found
.pif [@ = piffile] -> PersistentHandler = Reg Data - Key not found
.reg [@ = regfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.scr [@ = scrfile] -> PersistentHandler = Reg Data - Key not found
.txt [@ = txtfile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.vbe [@ = VBEFile] -> PersistentHandler = Reg Data - Key not found
.vbs [@ = VBSFile] -> PersistentHandler = {5e941d80-bf96-11cd-b579-08002b30bfeb}
.wsf [@ = WSFFile] -> PersistentHandler = Reg Data - Key not found
.wsh [@ = WSHFile] -> PersistentHandler = Reg Data - Key not found

>>>>> Registry Shell Spawning <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -> "%1" %* (File not found)
batfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

cmdfile [edit] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -> "%1" %* (File not found)
cmdfile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -> "%1" %* (File not found)

cplfile [cplopen] -> rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)

exefile [open] -> "%1" %* (File not found)

htafile [open] -> C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -> "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -> rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -> C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -> %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -> %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -> rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -> "%1" %* (File not found)

regfile [edit] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -> regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -> Reg Data - Key not found
regfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

scrfile [config] -> "%1" (File not found)
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -> "%1" /S (File not found)

txtfile [edit] -> Reg Data - Key not found
txtfile [open] -> %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -> %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -> %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

vbsfile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wsffile [edit] -> %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -> %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)

wshfile [open] -> %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 (Microsoft Corporation)

Directory [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -> %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -> %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "%programfiles%\internet explorer\iexplore.exe" (File not found)

>>>>> ActiveX StubPath settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
StubPath =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
StubPath = C:\WINDOWS\system32\ieudinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}] ( Realtek RTL8139/810x Family Fast Ethernet NIC )
DefaultGateway = 192.168.2.1;
DhcpServer = 255.255.255.255
Domain =
EnableDHCP = 0
IPAddress = 192.168.2.2;
IPAutoconfigurationAddress = 0.0.0.0
NameServer = 192.168.2.1
SubnetMask = 255.255.255.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Default Protocols [HKLM] <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@ivt - 1 = Local intranet
file - 3 = Internet
ftp - 3 = Internet
http - 3 = Internet
https - 3 = Internet
shell - 0 = Computer

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc]
CLSID = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - ( HKLM = C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) )

>>>>> Protocol Filters <<<<<

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0742B9EF-8C83-41CA-BFBA-830A59E23533}\DownloadInformation]
CODEBASE = https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0B79F48A-E8D6-11DB-9283-E25056D89593}\DownloadInformation]
CODEBASE = http://support.f-secure.com/ols/fscax.cab
INF = C:\WINDOWS\Downloaded Program Files\fscax.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://download.microsoft.com/download/3/9...heckControl.cab
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation]
CODEBASE = http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
INF = C:\WINDOWS\Downloaded Program Files\MSNPupld.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}\DownloadInformation]
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab
INF = C:\WINDOWS\Downloaded Program Files\oscan8.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5ED80217-570B-4DA9-BF44-BE107C0EC166}\DownloadInformation]
CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
INF = C:\WINDOWS\Downloaded Program Files\wlscBase.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F8469B4-B055-49DD-83F7-62B522420ECC}\DownloadInformation]
CODEBASE = http://upload.facebook.com/controls/Facebo...otoUploader.cab
INF = C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation]
CODEBASE = http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
INF = C:\WINDOWS\Downloaded Program Files\erma.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

»»»»»»»»»»»»»»»»»»»» Files / Folders Created Within 30 Days »»»»»»»»»»»»»

C:\$VAULT$.AVG [Folder | Created Date = 12/10/2007 8:54:07 AM | Attr = RH ]
C:\FOUND.003 [Folder | Created Date = 12/18/2007 2:59:16 PM | Attr = HS]
C:\qoobox [Folder | Created Date = 12/21/2007 3:22:01 PM | Attr = ]
C:\ComboFix [Folder | Created Date = 12/21/2007 3:21:06 PM | Attr = ]
C:\fixwareout [Folder | Created Date = 12/24/2007 7:35:37 AM | Attr = ]
C:\WinPFind [Folder | Created Date = 12/25/2007 10:28:57 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Avg7 [Folder | Created Date = 11/30/2007 10:15:09 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Created Date = 11/30/2007 10:22:29 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WLInstaller [Folder | Created Date = 12/17/2007 4:28:26 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller [Folder | Created Date = 12/17/2007 4:28:40 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [Folder | Created Date = 12/21/2007 8:02:28 PM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\AVG7 [Folder | Created Date = 11/30/2007 10:22:55 AM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com [Folder | Created Date = 12/21/2007 8:01:29 PM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\Sunbelt Software [Folder | Created Date = 12/22/2007 9:13:51 AM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\virus fix.doc [Ver = | Size = 22016 bytes | Created Date = 12/21/2007 3:07:21 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Reboot your computer into SAFE MODE using the F8 method.doc [Ver = | Size = 22016 bytes | Created Date = 12/21/2007 8:05:46 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Scan History Details.doc [Ver = | Size = 58880 bytes | Created Date = 12/22/2007 12:51:18 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Reboot your computer into SAFE MODE.doc [Ver = | Size = 20992 bytes | Created Date = 12/25/2007 10:33:54 AM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\1990s fashion.doc [Ver = | Size = 24576 bytes | Created Date = 11/27/2007 10:06:04 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\On October 11.doc [Ver = | Size = 24064 bytes | Created Date = 11/30/2007 10:30:01 AM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Grid Results ALICIAS HOMEWORK.doc [Ver = | Size = 32768 bytes | Created Date = 12/6/2007 7:51:47 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\My Sharing Folders.lnk [Ver = | Size = 795 bytes | Created Date = 12/17/2007 4:32:13 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Flash Video MX.lnk [Ver = | Size = 656 bytes | Created Date = 11/28/2007 3:50:16 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Wheel of Fortune 2nd Edition.lnk [Ver = | Size = 886 bytes | Created Date = 12/15/2007 10:01:34 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk [Ver = | Size = 732 bytes | Created Date = 12/23/2007 7:56:13 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Scanner.lnk [Ver = | Size = 154 bytes | Created Date = 11/27/2007 9:41:51 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Shortcut to HiJackThis.exe.lnk [Ver = | Size = 643 bytes | Created Date = 12/19/2007 1:50:12 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Shortcut to CFT Episodes.lnk [Ver = | Size = 358 bytes | Created Date = 12/19/2007 10:32:11 PM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\fix.reg [Ver = | Size = 89 bytes | Created Date = 12/24/2007 10:00:14 PM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Created Date = 12/25/2007 10:28:20 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Created Date = 12/17/2007 11:51:43 PM | Attr = ]
C:\Program Files\Common Files\Java [Folder | Created Date = 12/21/2007 3:16:17 PM | Attr = ]
C:\WINDOWS\TEMP [Folder | Created Date = 12/21/2007 3:26:50 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Created Date = 12/17/2007 9:48:48 AM | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Created Date = 12/17/2007 9:48:48 AM | Attr = ]
C:\WINDOWS\$NtUninstallKB944653$ [Folder | Created Date = 12/12/2007 3:01:33 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB941568$ [Folder | Created Date = 12/12/2007 3:01:46 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB941569$ [Folder | Created Date = 12/12/2007 3:03:05 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB942763$ [Folder | Created Date = 12/12/2007 3:03:16 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB937894$ [Folder | Created Date = 12/12/2007 3:05:51 AM | Attr = H ]
C:\WINDOWS\PowerReg.dat [Ver = | Size = 232 bytes | Created Date = 12/15/2007 10:01:41 AM | Attr = ]
C:\WINDOWS\erdnt [Folder | Created Date = 12/21/2007 3:26:15 PM | Attr = ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/21/2007 3:17:04 PM | Attr = ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 12/21/2007 3:17:04 PM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 12/21/2007 3:17:04 PM | Attr = ]
C:\WINDOWS\System32\javacpl.cpl Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Created Date = 12/21/2007 3:17:04 PM | Attr = ]
C:\WINDOWS\System32\QuickTime.qts Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Created Date = 12/11/2007 10:57:06 AM | Attr = ]
C:\WINDOWS\System32\SBRC.dat [Ver = | Size = 0 bytes | Created Date = 12/22/2007 9:21:41 AM | Attr = ]
C:\WINDOWS\System32\SBFC.dat [Ver = | Size = 0 bytes | Created Date = 12/22/2007 9:21:41 AM | Attr = ]
C:\WINDOWS\System32\QuickTimeVR.qtx Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Created Date = 12/11/2007 10:57:06 AM | Attr = ]
C:\WINDOWS\System32\asuninst.exe Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/24/2007 10:25:00 AM | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Created Date = 12/24/2007 10:24:29 AM | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Created Date = 12/24/2007 10:24:29 AM | Attr = ]
C:\WINDOWS\System32\swxcacls.exe SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 12/21/2007 3:21:16 PM | Attr = ]
C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 12/21/2007 3:21:16 PM | Attr = ]
C:\WINDOWS\System32\VFind.exe [Ver = | Size = 49152 bytes | Created Date = 12/21/2007 3:21:16 PM | Attr = ]
C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Created Date = 12/21/2007 3:21:16 PM | Attr = ]
C:\WINDOWS\System32\Thumbs.db [Ver = | Size = 14848 bytes | Created Date = 12/17/2007 10:28:02 PM | Attr = HS]
C:\WINDOWS\System32\SSSensor.dll Sygate Technologies, Inc. [Ver = 5. 5. 0. 5 | Size = 83096 bytes | Created Date = 12/12/2007 3:22:48 PM | Attr = ]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 11/30/2007 10:22:32 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 11/30/2007 10:22:37 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 11/30/2007 10:22:39 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 11/30/2007 10:22:39 AM | Attr = ]
C:\WINDOWS\System32\drivers\wpsdrvnt.sys Sygate Technologies, Inc. [Ver = 1, 0, 0, 17 | Size = 21075 bytes | Created Date = 12/12/2007 3:22:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\Teefer.sys Sygate Technologies, Inc. [Ver = 1.60.1101 | Size = 60496 bytes | Created Date = 12/12/2007 3:22:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\WG3N.sys Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/12/2007 3:22:50 PM | Attr = ]
C:\WINDOWS\System32\drivers\WG6N.sys Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/12/2007 3:22:51 PM | Attr = ]
C:\WINDOWS\System32\drivers\WG4N.sys Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/12/2007 3:22:51 PM | Attr = ]
C:\WINDOWS\System32\drivers\WG5N.sys Sygate Technologies, Inc. [Ver = 1.01.1223 | Size = 14568 bytes | Created Date = 12/12/2007 3:22:51 PM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 11/30/2007 10:22:39 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 11/30/2007 10:22:39 AM | Attr = ]
C:\WINDOWS\System32\drivers\AvgArCln.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 12/23/2007 7:56:13 AM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.20071128-072305.backup [Ver = | Size = 183622 bytes | Created Date = 11/28/2007 7:23:05 AM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\hosts.20071211-093937.backup [Ver = | Size = 183622 bytes | Created Date = 12/11/2007 9:39:37 AM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\hosts.20071213-105518.backup [Ver = | Size = 183622 bytes | Created Date = 12/13/2007 10:55:18 AM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\hosts.20071214-114121.backup [Ver = | Size = 183622 bytes | Created Date = 12/14/2007 11:41:21 AM | Attr = R ]

»»»»»»»»»»»»»»»»»»»» Files / Folders Modified Within 30 Days »»»»»»»»»»»»»

C:\$VAULT$.AVG [Folder | Modified Date = 12/10/2007 8:54:08 AM | Attr = RH ]
C:\sqmnoopt11.sqm [Ver = | Size = 244 bytes | Modified Date = 12/7/2007 10:44:02 PM | Attr = H ]
C:\sqmdata11.sqm [Ver = | Size = 232 bytes | Modified Date = 12/7/2007 10:44:02 PM | Attr = H ]
C:\sqmnoopt12.sqm [Ver = | Size = 244 bytes | Modified Date = 12/10/2007 9:45:00 PM | Attr = H ]
C:\sqmdata12.sqm [Ver = | Size = 268 bytes | Modified Date = 12/10/2007 9:45:00 PM | Attr = H ]
C:\sqmnoopt13.sqm [Ver = | Size = 244 bytes | Modified Date = 12/13/2007 2:54:36 AM | Attr = H ]
C:\sqmdata13.sqm [Ver = | Size = 268 bytes | Modified Date = 12/13/2007 2:54:36 AM | Attr = H ]
C:\sqmnoopt14.sqm [Ver = | Size = 244 bytes | Modified Date = 12/16/2007 12:29:12 AM | Attr = H ]
C:\sqmdata14.sqm [Ver = | Size = 268 bytes | Modified Date = 12/16/2007 12:29:12 AM | Attr = H ]
C:\sqmnoopt15.sqm [Ver = | Size = 244 bytes | Modified Date = 12/17/2007 4:32:56 PM | Attr = H ]
C:\sqmdata15.sqm [Ver = | Size = 268 bytes | Modified Date = 12/17/2007 4:32:56 PM | Attr = H ]
C:\sqmnoopt16.sqm [Ver = | Size = 244 bytes | Modified Date = 12/17/2007 7:43:30 PM | Attr = H ]
C:\sqmdata16.sqm [Ver = | Size = 292 bytes | Modified Date = 12/17/2007 7:43:30 PM | Attr = H ]
C:\sqmnoopt17.sqm [Ver = | Size = 244 bytes | Modified Date = 12/18/2007 10:03:44 PM | Attr = H ]
C:\sqmdata17.sqm [Ver = | Size = 232 bytes | Modified Date = 12/18/2007 10:03:44 PM | Attr = H ]
C:\FOUND.003 [Folder | Modified Date = 12/18/2007 2:59:16 PM | Attr = HS]
C:\qoobox [Folder | Modified Date = 12/21/2007 3:22:02 PM | Attr = ]
C:\ComboFix [Folder | Modified Date = 12/21/2007 3:21:08 PM | Attr = ]
C:\fixwareout [Folder | Modified Date = 12/24/2007 7:35:38 AM | Attr = ]
C:\WinPFind [Folder | Modified Date = 12/25/2007 10:28:58 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Avg7 [Folder | Modified Date = 11/30/2007 10:15:10 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Grisoft [Folder | Modified Date = 11/30/2007 10:22:30 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WLInstaller [Folder | Modified Date = 12/17/2007 4:28:28 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller [Folder | Modified Date = 12/17/2007 4:28:42 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [Folder | Modified Date = 12/21/2007 8:02:30 PM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\wklnhst.dat [Ver = | Size = 17892 bytes | Modified Date = 12/25/2007 10:33:56 AM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 60072 bytes | Modified Date = 12/7/2007 4:16:34 PM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\AVG7 [Folder | Modified Date = 11/30/2007 10:22:56 AM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\SUPERAntiSpyware.com [Folder | Modified Date = 12/21/2007 8:01:30 PM | Attr = ]
C:\Documents and Settings\Mdg\Application Data\Sunbelt Software [Folder | Modified Date = 12/22/2007 9:13:52 AM | Attr = ]
C:\Documents and Settings\Mdg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [Ver = | Size = 59680 bytes | Modified Date = 12/22/2007 6:15:14 PM | Attr = ]
C:\Documents and Settings\Mdg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 151552 bytes | Modified Date = 12/22/2007 12:07:18 AM | Attr = ]
C:\Documents and Settings\Mdg\Local Settings\Application Data\IconCache.db [Ver = | Size = 2646006 bytes | Modified Date = 12/16/2007 12:28:52 AM | Attr = H ]
C:\Documents and Settings\Mdg\My Documents\virus fix.doc [Ver = | Size = 22016 bytes | Modified Date = 12/21/2007 3:07:26 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Reboot your computer into SAFE MODE using the F8 method.doc [Ver = | Size = 22016 bytes | Modified Date = 12/21/2007 8:05:48 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\CF mistakes to fix.doc [Ver = | Size = 24064 bytes | Modified Date = 12/5/2007 12:31:16 AM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Scan History Details.doc [Ver = | Size = 58880 bytes | Modified Date = 12/22/2007 10:56:00 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\CF Copy & Paste.doc [Ver = | Size = 73728 bytes | Modified Date = 11/28/2007 3:59:46 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Reboot your computer into SAFE MODE.doc [Ver = | Size = 20992 bytes | Modified Date = 12/25/2007 10:33:56 AM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\1990s fashion.doc [Ver = | Size = 24576 bytes | Modified Date = 11/27/2007 10:06:06 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\On October 11.doc [Ver = | Size = 24064 bytes | Modified Date = 11/30/2007 2:26:32 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\Grid Results ALICIAS HOMEWORK.doc [Ver = | Size = 32768 bytes | Modified Date = 12/6/2007 7:51:50 PM | Attr = ]
C:\Documents and Settings\Mdg\My Documents\My Sharing Folders.lnk [Ver = | Size = 795 bytes | Modified Date = 12/19/2007 12:26:30 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Flash Video MX.lnk [Ver = | Size = 656 bytes | Modified Date = 11/28/2007 3:50:18 PM | Attr = ]
C:\Documents and Settings\All Users\Desktop\Wheel of Fortune 2nd Edition.lnk [Ver = | Size = 886 bytes | Modified Date = 12/15/2007 10:01:36 AM | Attr = ]
C:\Documents and Settings\All Users\Desktop\AVG Anti-Rootkit Free.lnk [Ver = | Size = 732 bytes | Modified Date = 12/23/2007 7:56:14 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Photos [Folder | Modified Date = 11/27/2007 9:37:46 AM | Attr = R ]
C:\Documents and Settings\Mdg\Desktop\Scanner.lnk [Ver = | Size = 154 bytes | Modified Date = 11/27/2007 9:41:52 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Shortcut to HiJackThis.exe.lnk [Ver = | Size = 643 bytes | Modified Date = 12/19/2007 1:50:14 AM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\Shortcut to CFT Episodes.lnk [Ver = | Size = 358 bytes | Modified Date = 12/19/2007 10:32:12 PM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\fix.reg [Ver = | Size = 89 bytes | Modified Date = 12/24/2007 10:00:16 PM | Attr = ]
C:\Documents and Settings\Mdg\Desktop\winpfind.exe [Ver = | Size = 267222 bytes | Modified Date = 12/25/2007 10:28:14 AM | Attr = ]
C:\Program Files\Common Files\Wise Installation Wizard [Folder | Modified Date = 12/17/2007 11:51:44 PM | Attr = ]
C:\Program Files\Common Files\Java [Folder | Modified Date = 12/21/2007 3:16:18 PM | Attr = ]
C:\WINDOWS\TEMP [Folder | Modified Date = 12/21/2007 3:26:52 PM | Attr = ]
C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 12/21/2007 3:25:48 PM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 636 bytes | Modified Date = 12/24/2007 10:33:12 AM | Attr = ]
C:\WINDOWS\imsins.BAK [Ver = | Size = 1393 bytes | Modified Date = 12/12/2007 3:03:22 AM | Attr = ]
C:\WINDOWS\NeroDigital.ini [Ver = | Size = 116 bytes | Modified Date = 12/25/2007 10:29:20 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 12/25/2007 10:38:04 AM | Attr = S]
C:\WINDOWS\ODBC.INI [Ver = | Size = 376 bytes | Modified Date = 12/10/2007 7:58:12 PM | Attr = ]
C:\WINDOWS\QTFont.qfn [Ver = | Size = 54156 bytes | Modified Date = 12/24/2007 10:06:42 PM | Attr = H ]
C:\WINDOWS\QTFont.for [Ver = | Size = 1409 bytes | Modified Date = 12/17/2007 9:48:50 AM | Attr = ]
C:\WINDOWS\Thumbs.db [Ver = | Size = 42496 bytes | Modified Date = 12/24/2007 9:58:04 PM | Attr = HS]
C:\WINDOWS\$NtUninstallKB944653$ [Folder | Modified Date = 12/12/2007 3:01:34 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB941568$ [Folder | Modified Date = 12/12/2007 3:01:48 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB941569$ [Folder | Modified Date = 12/12/2007 3:03:06 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB942763$ [Folder | Modified Date = 12/12/2007 3:03:16 AM | Attr = H ]
C:\WINDOWS\$NtUninstallKB937894$ [Folder | Modified Date = 12/12/2007 3:05:52 AM | Attr = H ]
C:\WINDOWS\PowerReg.dat [Ver = | Size = 232 bytes | Modified Date = 12/15/2007 10:01:58 AM | Attr = ]
C:\WINDOWS\erdnt [Folder | Modified Date = 12/21/2007 3:26:16 PM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 12720 bytes | Modified Date = 12/24/2007 10:06:28 PM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 226408 bytes | Modified Date = 12/23/2007 7:38:10 AM | Attr = ]
C:\WINDOWS\System32\QuickTime.qts Apple Inc. [Ver = 7.3.1 | Size = 49152 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
C:\WINDOWS\System32\SBRC.dat [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 9:21:42 AM | Attr = ]
C:\WINDOWS\System32\SBFC.dat [Ver = | Size = 0 bytes | Modified Date = 12/22/2007 9:21:42 AM | Attr = ]
C:\WINDOWS\System32\QuickTimeVR.qtx Apple Inc. [Ver = 7.3.1 | Size = 65536 bytes | Modified Date = 12/11/2007 10:57:06 AM | Attr = ]
C:\WINDOWS\System32\d3d9caps.dat [Ver = | Size = 1324 bytes | Modified Date = 12/17/2007 4:19:04 PM | Attr = ]
C:\WINDOWS\System32\Help.ico [Ver = | Size = 1406 bytes | Modified Date = 12/24/2007 10:24:30 AM | Attr = ]
C:\WINDOWS\System32\Uninstall.ico [Ver = | Size = 2550 bytes | Modified Date = 12/24/2007 10:24:30 AM | Attr = ]
C:\WINDOWS\System32\swsc.exe SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 12/4/2007 1:00:44 AM | Attr = ]
C:\WINDOWS\System32\swreg.exe SteelWerX [Ver = 2.0.1.11 | Size = 156160 bytes | Modified Date = 12/13/2007 9:26:52 PM | Attr = ]
C:\WINDOWS\System32\Thumbs.db [Ver = | Size = 14848 bytes | Modified Date = 12/24/2007 9:58:16 PM | Attr = HS]
C:\WINDOWS\System32\drivers\avg7core.sys GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 11/30/2007 10:22:34 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsw.sys GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 11/30/2007 10:22:38 AM | Attr = ]
C:\WINDOWS\System32\drivers\avg7rsxp.sys GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 11/30/2007 10:22:40 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgtdi.sys GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 11/30/2007 10:22:40 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgmfx86.sys GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 12/21/2007 9:49:54 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgclean.sys GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/21/2007 9:50:00 AM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.20071211-093937.backup [Ver = | Size = 183622 bytes | Modified Date = 11/28/2007 7:23:06 AM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\hosts.20071213-105518.backup [Ver = | Size = 183622 bytes | Modified Date = 12/11/2007 9:39:38 AM | Attr = R ]
C:\WINDOWS\System32\drivers\etc\hosts.20071214-114121.backup [Ver = | Size = 183622 bytes | Modified Date = 12/13/2007 10:55:20 AM | Attr = R ]

»»»»»»»»»»»»»»»»»»»» File String Scan (Non-Microsoft Only) »»»»»
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\AVCDX.ax (CoreCodec)
[UPX! , UPX0 , ]C:\WINDOWS\System32\avisynth.dll (The Public)
[UPX! , UPX0 , ]C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
[UPX! , UPX0 , ]C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
[Thawte Consulting , ]C:\WINDOWS\System32\rmoc3260.dll (RealNetworks, Inc.)
[UPX! , UPX0 , ]C:\WINDOWS\System32\CoreAAC.ax ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\ac3DX.ax ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\Smab.dll ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\flvDX.dll (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\MatroskaDX.ax (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLSpeexDec.ax ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\x.264.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\rtl3.dat ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\msfDX.dll (Hans Mayerl)
[UPX! , UPX0 , ]C:\WINDOWS\System32\DiracSplitter.ax (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RealMediaDX.ax (Gabest)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLOgg.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLAPEDec.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLTheoraDec.ax (RadLight, LLC)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLMPCDec.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\RLVorbisDec.ax (RadLight)
[UPX! , UPX0 , ]C:\WINDOWS\System32\WhoisCL.exe (NirSoft)
[UPX! , UPX0 , ]C:\WINDOWS\System32\swsc.exe (SteelWerX)
[UPX! , UPX0 , ]C:\WINDOWS\System32\swreg.exe (SteelWerX)
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[aspack , FSG! , PEC2 , UPX! , ]C:\WINDOWS\System32\drivers\avg7core.sys (GRISOFT, s.r.o.)
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20071121-211405.backup ()
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20071128-072305.backup ()
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20071211-093937.backup ()
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20071213-105518.backup ()
[abetterinternet.com , ad-w-a-r-e.com , web-nex , ]C:\WINDOWS\System32\drivers\etc\hosts.20071214-114121.backup ()

< End of report >











sys32.bat log.




Volume in drive C has no label.
Volume Serial Number is 44C0-3E11

Directory of C:\WINDOWS\system32

12/25/2007 11:32 AM 0 sys32.txt
12/24/2007 10:06 PM 12,720 wpa.dbl
12/24/2007 09:58 PM 14,848 Thumbs.db
12/24/2007 10:33 AM 0 asfiles.txt
12/24/2007 10:24 AM 1,406 Help.ico
12/24/2007 10:24 AM 2,550 Uninstall.ico
12/23/2007 07:38 AM 226,408 FNTCACHE.DAT
12/22/2007 09:21 AM 0 SBFC.dat
12/22/2007 09:21 AM 0 SBRC.dat
12/21/2007 03:17 PM 5,387 jupdate-1.6.0_03-b05.log
12/17/2007 04:19 PM 1,324 d3d9caps.dat
12/13/2007 09:26 PM 156,160 swreg.exe
12/12/2007 03:03 AM 497,176 TZLog.log
12/11/2007 10:57 AM 49,152 QuickTime.qts
12/11/2007 10:57 AM 65,536 QuickTimeVR.qtx
12/04/2007 01:00 AM 136,704 swsc.exe
12/02/2007 06:00 PM 18,684,536 MRT.exe
11/13/2007 06:31 AM 60,416 tzchange.exe
10/30/2007 06:42 PM 3,590,656 mshtml.dll
10/29/2007 05:35 PM 1,287,680 QUARTZ.DLL
10/29/2007 05:04 AM 350,720 xpsp3res.dll
10/27/2007 05:40 PM 222,720 WMASF.DLL
10/25/2007 10:34 PM 8,460,288 shell32.dll
10/17/2007 12:23 PM 10,752 WhoisCL.exe
10/11/2007 02:12 PM 1,468,968 LegitCheckControl.dll
10/10/2007 06:56 PM 102,400 occache.dll
10/10/2007 06:56 PM 105,984 URL.DLL
10/10/2007 06:56 PM 232,960 WEBCHECK.DLL
10/10/2007 06:56 PM 671,232 mstime.dll
10/10/2007 06:56 PM 824,832 WININET.DLL
10/10/2007 06:56 PM 1,159,680 URLMON.DLL
10/10/2007 06:55 PM 193,024 msrating.dll
10/10/2007 06:55 PM 478,208 mshtmled.dll
10/10/2007 06:55 PM 27,648 jsproxy.dll
10/10/2007 06:55 PM 44,544 iernonce.dll
10/10/2007 06:55 PM 52,224 msfeedsbs.dll
10/10/2007 06:55 PM 267,776 IERTUTIL.DLL
10/10/2007 06:55 PM 459,264 msfeeds.dll
10/10/2007 06:55 PM 1,831,424 inetcpl.cpl
10/10/2007 06:55 PM 6,065,664 IEFRAME.DLL
10/10/2007 06:55 PM 63,488 icardie.dll
10/10/2007 06:55 PM 124,928 advpack.dll
10/10/2007 06:55 PM 132,608 extmgr.dll
10/10/2007 06:55 PM 153,088 ieakeng.dll
10/10/2007 06:55 PM 214,528 Dxtrans.dll
10/10/2007 06:55 PM 230,400 ieaksie.dll
10/10/2007 06:55 PM 383,488 ieapfltr.dll
10/10/2007 06:55 PM 384,512 iedkcs32.dll
10/10/2007 05:59 AM 13,824 ieudinit.exe
10/10/2007 05:59 AM 70,656 ie4uinit.exe
10/10/2007 12:46 AM 161,792 ieakui.dll
09/28/2007 12:08 PM 156,992 DivXCodecVersionChecker.exe
09/28/2007 12:07 PM 4,816 divxsm.tlb
09/28/2007 12:07 PM 524,288 DivXsm.exe
09/28/2007 12:07 PM 3,596,288 qt-dx331.dll
09/28/2007 12:07 PM 200,704 ssldivx.dll
09/28/2007 12:07 PM 1,044,480 libdivx.dll
09/28/2007 12:05 PM 416 dpl100.dll.manifest
09/28/2007 12:05 PM 416 dtu100.dll.manifest
09/28/2007 12:05 PM 81,920 dpl100.dll
09/28/2007 12:05 PM 196,608 dtu100.dll
09/28/2007 12:05 PM 53,248 dpuGUI10.dll
09/28/2007 12:05 PM 57,344 dpv11.dll
09/28/2007 12:05 PM 294,912 dpu11.dll
09/28/2007 12:05 PM 294,912 dpu10.dll
09/28/2007 12:05 PM 344,064 dpus11.dll
09/28/2007 12:05 PM 593,920 dpuGUI11.dll
09/28/2007 12:05 PM 739,840 DivX.dll
09/28/2007 12:05 PM 802,816 divx_xx11.dll
09/28/2007 12:05 PM 823,296 divx_xx0c.dll
09/28/2007 12:05 PM 823,296 divx_xx07.dll
09/28/2007 12:05 PM 729,088 divxdec.ax
09/28/2007 12:05 PM 12,288 DivXWMPExtType.dll
09/24/2007 11:31 PM 69,632 javacpl.cpl
09/24/2007 11:31 PM 139,264 javaws.exe
09/24/2007 10:30 PM 135,168 javaw.exe
09/24/2007 10:30 PM 135,168 java.exe
08/21/2007 02:15 AM 683,520 inetcomm.dll
08/16/2007 04:17 PM 51,568 sirenacm.dll
08/15/2007 06:33 PM 72,440 pxhpinst.exe
08/15/2007 06:33 PM 187,128 pxmas.dll
08/15/2007 06:33 PM 379,640 pxwave.dll
08/15/2007 06:33 PM 64,760 pxinsa64.exe
08/15/2007 06:33 PM 66,296 pxcpya64.exe
08/15/2007 06:33 PM 88,824 vxblock.dll
08/15/2007 06:33 PM 118,520 pxinsi64.exe
08/15/2007 06:33 PM 120,056 pxcpyi64.exe
08/15/2007 06:33 PM 129,784 pxafs.dll
08/15/2007 06:33 PM 518,904 pxdrv.dll
08/15/2007 06:33 PM 551,672 px.dll
08/15/2007 06:33 PM 1,628,920 pxsfs.dll
08/15/2007 06:30 PM 352,401 DivXMedia.ax
07/30/2007 07:19 PM 1,712,984 wuaueng.dll
07/30/2007 07:19 PM 549,720 wuapi.dll
07/30/2007 07:19 PM 25,944 wuaucpl.cpl.mui
07/30/2007 07:19 PM 325,976 wucltui.dll
07/30/2007 07:19 PM 203,096 wuweb.dll
07/30/2007 07:19 PM 216,408 wuaucpl.cpl
07/30/2007 07:19 PM 92,504 cdm.dll
07/30/2007 07:19 PM 53,080 wuauclt.exe
07/30/2007 07:19 PM 43,352 wups2.dll
07/30/2007 07:19 PM 271,224 mucltui.dll
07/30/2007 07:19 PM 207,736 muweb.dll
07/30/2007 07:19 PM 25,944 wuapi.dll.mui
07/30/2007 07:19 PM 30,072 mucltui.dll.mui
07/30/2007 07:18 PM 34,136 wucltui.dll.mui
07/30/2007 07:18 PM 33,624 wups.dll
07/30/2007 07:18 PM 20,312 wuaueng.dll.mui
07/22/2007 11:49 AM 181,736 rmoc3260.dll
07/22/2007 11:49 AM 5,632 pndx5032.dll
07/22/2007 11:49 AM 6,656 pndx5016.dll
07/22/2007 11:49 AM 278,528 pncrt.dll
07/11/2007 08:49 AM 77,904 perfc009.dat
07/11/2007 08:49 AM 471,656 perfh009.dat
07/11/2007 08:49 AM 541,728 PerfStringBackup.INI
07/09/2007 09:16 AM 582,656 rpcrt4.dll
07/06/2007 07:47 AM 16,896 mqise.dll
07/06/2007 07:47 AM 47,104 mqdscli.dll
07/06/2007 07:47 AM 48,640 mqupgrd.dll
07/06/2007 07:47 AM 95,744 mqsec.dll
07/06/2007 07:47 AM 138,240 mqad.dll
07/06/2007 07:47 AM 177,152 mqrt.dll
07/06/2007 07:47 AM 471,552 mqutil.dll
07/06/2007 07:47 AM 660,992 mqqm.dll
06/26/2007 02:08 AM 1,104,896 msxml3.dll
06/19/2007 09:31 AM 282,112 gdi32.dll
06/11/2007 11:51 PM 10,834,944 wmp.dll
06/02/2007 09:40 AM 69,632 system.mdw
05/19/2007 09:29 AM 1,788 reglog.txt
05/17/2007 05:30 PM 318,976 avisynth.dll
05/17/2007 07:28 AM 549,376 oleaut32.dll
05/15/2007 03:43 PM 1,320,800 msxml6.dll
05/14/2007 03:24 PM 394,240 Smab.dll
05/08/2007 03:03 PM 1,275,392 msxml4.dll
04/25/2007 10:21 AM 144,896 schannel.dll
04/18/2007 12:12 PM 2,854,400 msi.dll
04/17/2007 05:28 AM 2,455,488 ieapfltr.dat
04/16/2007 11:52 AM 984,576 kernel32.dll
04/13/2007 03:21 AM 271,360 mscoree.dll
04/02/2007 01:58 AM 546,304 hhctrl.ocx
03/23/2007 06:07 AM 1,683,280 XpsSvcs.dll
03/23/2007 06:07 AM 583,504 XPSSHHDR.dll
03/22/2007 08:25 PM 124,928 prntvpt.dll
03/17/2007 09:43 AM 292,864 winsrv.dll
03/15/2007 06:17 PM 336,768 WgaTray.exe
03/15/2007 06:16 PM 236,928 WgaLogon.dll
03/08/2007 11:36 AM 40,960 mf3216.dll
03/08/2007 11:36 AM 281,600 gdi32(2)(3).dll
03/08/2007 11:36 AM 577,536 user32.dll
03/08/2007 11:36 AM 577,536 user32(2)(3).dll
03/08/2007 09:47 AM 1,843,584 win32k(2)(3).sys
03/08/2007 09:47 AM 1,843,584 win32k.sys
02/28/2007 05:08 AM 2,136,064 ntoskrnl.exe
02/28/2007 04:38 AM 2,015,744 ntkrnlpa.exe
02/21/2007 06:47 AM 31,232 msfDX.dll
02/05/2007 04:17 PM 185,344 upnphost.dll
01/08/2007 07:07 PM 991,232 ieframe.dll.mui
01/06/2007 04:04 PM 160 BsCLiP.log
01/06/2007 04:03 PM 188 BsGold.log
01/06/2007 04:03 PM 178 RAM.log
12/29/2006 11:23 AM 8,657 jupdate-1.5.0_10-b03.log
12/27/2006 11:34 PM 16,832 amcompat.tlb
12/27/2006 11:34 PM 23,392 nscompat.tlb
12/27/2006 10:02 PM 8,428 jupdate-1.5.0_08-b03.log
12/27/2006 04:14 PM 348,160 msvcr71.dll
12/27/2006 04:14 PM 503,808 msvcp71.dll
12/27/2006 04:13 PM 89,088 atl71.dll
12/27/2006 03:53 PM 261 $winnt$.inf
12/27/2006 03:52 PM 12,662 wpa.bak
12/20/2006 02:04 AM 333 $ncsp$.inf
12/19/2006 04:52 PM 134,656 shsvcs.dll
12/19/2006 01:16 PM 333,824 wiaservc.dll
12/04/2006 03:21 PM 414,720 msscp.dll
12/01/2006 05:20 AM 212,480 swxcacls.exe
11/27/2006 09:54 AM 433,152 riched20.dll
11/27/2006 09:54 AM 539,136 msftedit.dll
11/27/2006 02:34 AM 49,152 VFind.exe
11/24/2006 09:58 PM 82,096 SanCpl.cpl
11/13/2006 01:02 AM 36,352 tsgqec.dll
11/13/2006 01:02 AM 116,736 aaclient.dll
11/13/2006 01:02 AM 288,768 rhttpaa.dll
11/13/2006 01:02 AM 1,866,240 mstscax.dll
11/07/2006 09:03 PM 156,160 msls31.dll
11/07/2006 09:03 PM 180,736 ieui.dll
11/07/2006 09:03 PM 191,488 iepeers.dll
11/07/2006 09:03 PM 413,696 vbscript.dll
11/07/2006 03:26 AM 71,680 admparse.dll
11/07/2006 03:26 AM 55,296 iesetup.dll
11/07/2006 03:26 AM 92,672 inseng.dll
11/07/2006 03:25 AM 10,240 advpack.dll.mui
11/07/2006 03:24 AM 56,483 ieuinit.inf
11/07/2006 03:06 AM 600,576 mstsc.exe
11/06/2006 11:35 AM 531,568 RmActivate_isv.exe
11/06/2006 11:35 AM 523,376 RmActivate.exe
11/06/2006 11:35 AM 518,768 SecProc.dll
11/06/2006 11:35 AM 519,280 SecProc_isv.dll
11/06/2006 11:35 AM 358,000 RmActivate_ssp.exe
11/06/2006 11:35 AM 354,416 RmActivate_ssp_isv.exe
11/06/2006 11:35 AM 192,624 SecProc_ssp_isv.dll
11/06/2006 11:35 AM 323,696 msdrm.dll
11/06/2006 11:35 AM 192,624 SecProc_ssp.dll
11/01/2006 02:17 PM 927,504 mfc40u.dll
10/30/2006 03:33 AM 9,480 icardres.dll
10/30/2006 03:33 AM 26,112 infocardcpl.cpl
10/30/2006 03:33 AM 83,968 infocardapi.dll
10/30/2006 03:33 AM 556,296 icardagt.exe
10/30/2006 03:33 AM 572,176 icardres.dll.mui
10/24/2006 12:30 PM 412,160 photometadatahandler.dll
10/24/2006 12:30 PM 716,288 WindowsCodecs.dll
10/24/2006 12:30 PM 276,992 WMPhoto.dll
10/24/2006 12:29 PM 352,256 WindowsCodecsExt.dll
10/23/2006 10:34 AM 474,112 shlwapi.dll
10/23/2006 10:34 AM 1,497,600 shdocvw.dll
10/23/2006 10:34 AM 151,040 cdfview.dll
10/23/2006 10:34 AM 1,022,976 browseui.dll
10/23/2006 10:34 AM 1,054,208 danim.dll
10/20/2006 09:30 PM 1,980,704 milcore.dll
10/20/2006 09:30 PM 769,312 PresentationNative_v0300.dll
10/20/2006 09:30 PM 478,496 evr.dll
10/20/2006 09:29 PM 344,352 PresentationHost.exe
10/20/2006 09:29 PM 159,008 UIAutomationCore.dll
10/20/2006 09:29 PM 104,224 PresentationCFFRasterizerNative_v0300.dll
10/20/2006 09:29 PM 20,768 PresentationHostProxy.dll
10/20/2006 09:29 PM 69,408 dxva2.dll
10/19/2006 01:33 PM 86,728 msxml6r.dll
10/19/2006 08:56 AM 713,216 sxs.dll
10/18/2006 09:58 PM 8,704 wdfmgr.exe
10/18/2006 09:58 PM 8,704 uwdf.exe
10/18/2006 09:47 PM 4,096 WMVADVD.dll
10/18/2006 09:47 PM 4,096 wmsdmoe2.dll
10/18/2006 09:47 PM 4,096 wmvdmod.dll
10/18/2006 09:47 PM 4,096 wmvdmoe2.dll
10/18/2006 09:47 PM 4,096 wmsdmod.dll
10/18/2006 09:47 PM 4,096 WMVADVE.DLL
10/18/2006 09:47 PM 35,840 wpdconns.dll
10/18/2006 09:47 PM 38,400 wpdshextres.dll
10/18/2006 09:47 PM 63,488 wpdmtpus.dll
10/18/2006 09:47 PM 133,632 WPDShServiceObj.dll
10/18/2006 09:47 PM 154,624 wpdmtp.dll
10/18/2006 09:47 PM 356,352 wpdsp.dll
10/18/2006 09:47 PM 603,648 WMSPDMOD.dll
10/18/2006 09:47 PM 629,760 wpd_ci.dll
10/18/2006 09:47 PM 656,896 WMVXENCD.dll
10/18/2006 09:47 PM 767,488 WMVSENCD.dll
10/18/2006 09:47 PM 1,329,152 WMSPDMOE.dll
10/18/2006 09:47 PM 1,382,912 WMVSDECD.dll
10/18/2006 09:47 PM 1,543,680 WMVDECOD.dll
10/18/2006 09:47 PM 1,574,912 WMVENCOD.dll
10/18/2006 09:47 PM 2,450,944 WMVCORE.DLL
10/18/2006 09:47 PM 2,603,008 WpdShext.dll
10/18/2006 09:47 PM 99,840 wmpshell.dll
10/18/2006 09:47 PM 130,048 wmpps.dll
10/18/2006 09:47 PM 157,184 wmidx.dll
10/18/2006 09:47 PM 204,288 wmpsrcwp.dll
10/18/2006 09:47 PM 227,328 wmerror.dll
10/18/2006 09:47 PM 242,688 wmpasf.dll
10/18/2006 09:47 PM 295,936 wmpeffects.dll
10/18/2006 09:47 PM 314,880 wmpdxm.dll
10/18/2006 09:47 PM 348,672 WMDRMNet.dll
10/18/2006 09:47 PM 535,040 wmdrmsdk.dll
10/18/2006 09:47 PM 613,376 wmpmde.dll
10/18/2006 09:47 PM 937,984 WMNetMgr.dll
10/18/2006 09:47 PM 1,661,440 wmpencen.dll
10/18/2006 09:47 PM 8,231,936 wmploc.dll
10/18/2006 09:47 PM 4,096 wdfapi.dll
10/18/2006 09:47 PM 33,792 wmdmlog.dll
10/18/2006 09:47 PM 37,376 wmdmps.dll
10/18/2006 09:47 PM 101,888 PortableDeviceClassExtension.dll
10/18/2006 09:47 PM 132,096 PortableDeviceWiaCompat.dll
10/18/2006 09:47 PM 166,912 PortableDeviceTypes.dll
10/18/2006 09:47 PM 199,168 PortableDeviceWMDRM.dll
10/18/2006 09:47 PM 211,456 qasf.dll
10/18/2006 09:47 PM 284,160 PortableDeviceApi.dll
10/18/2006 09:47 PM 429,056 WMDRMdev.dll
10/18/2006 09:47 PM 757,248 WMADMOD.dll
10/18/2006 09:47 PM 1,117,696 WMADMOE.dll
10/18/2006 09:47 PM 27,136 MsPMSNSv.dll
10/18/2006 09:47 PM 175,616 MsPMSP.dll
10/18/2006 09:47 PM 179,712 msnetobj.dll
10/18/2006 09:47 PM 321,536 mswmdm.dll
10/18/2006 09:47 PM 4,096 MPG4DMOD.dll
10/18/2006 09:47 PM 4,096 MP43DMOD.dll
10/18/2006 09:47 PM 4,096 MP4SDMOD.dll
10/18/2006 09:47 PM 11,264 LAPRXY.dll
10/18/2006 09:47 PM 212,992 MFPLAT.dll
10/18/2006 09:47 PM 259,072 MP43DECD.dll
10/18/2006 09:47 PM 259,072 MPG4DECD.dll
10/18/2006 09:47 PM 317,440 MP4SDECD.dll
10/18/2006 09:47 PM 229,376 cewmdm.dll
10/18/2006 09:47 PM 542,720 blackbox.dll
10/18/2006 09:47 PM 991,744 drmv2clt.dll
10/18/2006 09:47 PM 7,168 asferror.dll
10/18/2006 09:47 PM 276,992 audiodev.dll
10/18/2006 08:05 PM 232,448 l3codecp.acm
10/18/2006 08:03 PM 100,864 logagent.exe
10/18/2006 08:00 PM 249,856 drmupgds.exe
10/18/2006 08:00 PM 17,408 wpdshextautoplay.exe
10/17/2006 12:06 PM 443,904 html.iec
10/17/2006 12:06 PM 78,336 ieencode.dll
10/17/2006 12:05 PM 206,336 WinFXDocObj.exe
10/17/2006 12:05 PM 40,960 licmgr10.dll
10/17/2006 12:00 PM 491,520 jscript.dll
10/17/2006 11:58 AM 12,288 msfeedssync.exe
10/17/2006 11:58 AM 44,544 pngfilt.dll
10/17/2006 11:58 AM 346,624 dxtmsft.dll
10/17/2006 11:57 AM 36,352 imgutil.dll
10/17/2006 11:56 AM 45,568 mshta.exe
10/17/2006 11:55 AM 66,560 tdc.ocx
10/17/2006 11:28 AM 48,128 mshtmler.dll
10/17/2006 11:19 AM 1,383,424 mshtml.tlb
10/16/2006 04:10 PM 14,640 spmsg.dll
10/16/2006 04:10 PM 23,856 spupdsvc.exe
10/16/2006 11:15 AM 122,880 oledlg.dll
10/14/2006 03:13 AM 981,760 mfc42u.dll
10/13/2006 07:35 AM 64,000 nwapi32.dll
10/13/2006 07:35 AM 65,536 nwwks.dll
10/13/2006 07:35 AM 142,336 nwprovau.dll
10/11/2006 11:24 AM 58,880 pnrpnsp.dll
10/11/2006 11:24 AM 104,960 p2pgasvc.dll
10/11/2006 11:24 AM 116,224 p2pnetsh.dll
10/11/2006 11:24 AM 153,088 p2p.dll
10/11/2006 11:24 AM 313,344 p2pgraph.dll
10/11/2006 11:24 AM 553,984 p2psvc.dll
10/09/2006 04:15 PM 1,669,632 msvidctl.dll
10/09/2006 04:12 PM 456,192 encdec.dll
10/09/2006 04:12 PM 291,840 sbe.dll
10/09/2006 04:12 PM 224,256 psisrndr.ax
10/09/2006 04:12 PM 235,008 psisdecd.dll
10/04/2006 09:33 AM 35,840 umandlg.dll
10/04/2006 04:48 AM 50,176 utilman.exe
10/04/2006 04:48 AM 215,552 osk.exe
10/04/2006 04:48 AM 53,760 narrator.exe
10/04/2006 04:48 AM 72,704 magnify.exe
10/03/2006 07:47 PM 109,360 GEARAspi.dll
10/02/2006 03:28 PM 312,128 msdelta.dll
09/28/2006 08:13 PM 95,344 WUDFCoinstaller.dll
09/28/2006 06:56 PM 146,432 WudfHost.exe
09/28/2006 06:56 PM 316,416 WUDFx.dll
09/28/2006 06:56 PM 165,376 WudfPlatform.dll
09/28/2006 06:56 PM 55,808 WudfSvc.dll
09/23/2006 12:12 PM 74,715 IE7Eula.rtf
09/12/2006 06:46 AM 227,328 ac3DX.ax
09/11/2006 10:25 AM 241,664 rtl2.dat
09/01/2006 07:44 AM 1,988 ticrf.rat
09/01/2006 07:44 AM 8,798 icrav03.rat
08/25/2006 10:45 AM 617,472 comctl32.dll
08/24/2006 04:15 PM 150,808 rgb9rast_2.dll
08/22/2006 04:05 AM 498,742 dxmasf.dll
08/21/2006 09:52 AM 246,814 strmdll.dll
08/21/2006 07:21 AM 16,896 fltlib.dll
08/21/2006 04:14 AM 23,040 fltMc.exe
08/17/2006 07:28 AM 132,096 wkssvc.dll
08/17/2006 07:28 AM 332,288 netapi32.dll
08/17/2006 07:28 AM 721,920 lsasrv.dll
08/16/2006 09:53 AM 175,104 CoreAAC.ax
08/16/2006 06:58 AM 100,352 6to4svc.dll
08/02/2006 12:39 PM 73,728 asuninst.exe
07/21/2006 04:05 PM 146,650 BuzzingBee.wav
07/21/2006 04:05 PM 940,794 LoopyMusic.wav
07/21/2006 03:24 AM 72,704 hlink.dll
07/21/2006 03:17 AM 2,577 CONFIG.NT
07/21/2006 03:16 AM 488 logonui.exe.manifest
07/21/2006 03:16 AM 488 WindowsLogon.manifest
07/21/2006 03:16 AM 749 wuaucpl.cpl.manifest
07/21/2006 03:16 AM 749 sapi.cpl.manifest
07/21/2006 03:16 AM 749 cdplayer.exe.manifest
07/21/2006 03:16 AM 749 ncpa.cpl.manifest
07/21/2006 03:16 AM 749 nwc.cpl.manifest
07/21/2006 03:11 AM 21,640 emptyregdb.dat
07/21/2006 03:02 AM 0 h323log.txt
07/14/2006 10:51 AM 121,856 xmllite.dll
06/29/2006 01:07 PM 14,048 spmsg2.dll
06/29/2006 08:05 AM 23,552 normaliz.dll
06/29/2006 08:05 AM 26,112 idndl.dll
06/28/2006 05:59 PM 24,576 nlsdl.dll
06/26/2006 12:37 PM 8,192 rasadhlp.dll
06/26/2006 12:37 PM 148,480 dnsapi.dll
06/22/2006 05:47 AM 181,248 rasmans.dll
06/22/2006 12:06 AM 69,120 ciodm.dll
06/22/2006 12:06 AM 1,435,648 query.dll
06/08/2006 12:06 PM 39,284 normnfd.nls
06/08/2006 12:06 PM 45,794 normnfc.nls
06/08/2006 12:06 PM 59,342 normidna.nls
06/08/2006 12:06 PM 60,294 normnfkd.nls
06/08/2006 12:06 PM 66,384 normnfkc.nls
06/01/2006 01:47 PM 27,648 jgpl400.dll
06/01/2006 01:47 PM 163,840 jgdw400.dll
05/19/2006 07:59 AM 94,720 iphlpapi.dll
05/19/2006 07:59 AM 111,616 dhcpcsvc.dll
05/03/2006 05:06 AM 163,328 flvDX.dll
04/03/2006 10:59 AM 128 xposer.cfg
04/03/2006 10:59 AM 128 asinst.cfg
03/26/2006 03:00 PM 161,792 CNMLM83.DLL
03/24/2006 01:29 AM 135,168 CNCL160.DLL
03/23/2006 11:37 PM 49,152 wdigest.dll
03/16/2006 07:38 PM 28,672 verclsid.exe
03/15/2006 01:27 AM 57,344 CNCI160.DLL
03/15/2006 01:27 AM 1,134,592 CNCC160.DLL
03/10/2006 04:48 PM 169,472 MatroskaDX.ax
03/03/2006 07:33 AM 331,776 wpdmtpdr.dll
03/03/2006 07:32 AM 10,752 wpdtrace.dll
03/01/2006 02:42 PM 11,776 xolehlp.dll
03/01/2006 02:42 PM 66,560 mtxclu.dll
03/01/2006 02:42 PM 91,136 mtxoci.dll
03/01/2006 02:42 PM 161,280 msdtcuiu.dll
03/01/2006 02:42 PM 426,496 msdtcprx.dll
03/01/2006 02:42 PM 956,416 msdtctm.dll
02/17/2006 01:44 AM 106,496 cnco160.dll
01/15/2006 11:04 PM 307,200 atiiiexx.dll
01/15/2006 10:48 PM 255,488 ati2dvag.dll
01/15/2006 10:43 PM 114,688 atipdlxx.dll
01/15/2006 10:43 PM 77,824 Oemdspif.dll
01/15/2006 10:43 PM 26,112 Ati2mdxx.exe
01/15/2006 10:43 PM 40,960 ati2edxx.dll
01/15/2006 10:42 PM 61,440 ati2evxx.dll
01/15/2006 10:41 PM 405,504 ati2evxx.exe
01/15/2006 10:41 PM 53,248 ATIDDC.DLL
01/15/2006 10:34 PM 2,603,872 ati3duag.dll
01/15/2006 10:28 PM 860,320 ativvaxx.dll
01/15/2006 10:25 PM 6,684,672 atioglx1.dll
01/15/2006 10:22 PM 5,111,808 atioglxx.dll
01/15/2006 10:18 PM 282,624 ATIDEMGR.dll
01/15/2006 10:17 PM 151,552 atikvmag.dll
01/15/2006 10:16 PM 17,408 atitvo32.dll
01/15/2006 10:11 PM 258,048 ati2cqag.dll
01/12/2006 06:23 PM 123,904 AVCDX.ax
01/10/2006 01:58 PM 266,240 RTSndMgr.Cpl
01/03/2006 10:35 PM 68,096 webclnt.dll
12/08/2005 06:01 PM 112,421 atiicdxx.dat
12/02/2005 02:20 PM 6,005 atifglpf.xml
11/25/2005 03:46 PM 161,792 RealMediaDX.ax
11/10/2005 01:16 PM 240,128 x.264.exe
10/31/2005 06:17 PM 135,168 RtlCPAPI.dll
10/28/2005 11:49 PM 84,480 pintool.exe
10/28/2005 11:49 PM 25,600 bcsprsrc.dll
10/28/2005 11:49 PM 133,120 axaltocm.dll
10/28/2005 11:49 PM 151,552 ifxcardm.dll
10/28/2005 04:40 PM 96,792 basecsp.dll
10/20/2005 05:20 PM 1,082,368 esent.dll
10/17/2005 04:14 PM 80,896 fontsub.dll
10/17/2005 04:14 PM 118,272 t2embed.dll
09/28/2005 12:11 AM 442,368 vp6vfw.dll
09/23/2005 07:28 AM 74,240 mscories.dll
09/23/2005 07:28 AM 150,016 mscorier.dll
09/23/2005 07:28 AM 83,456 dfshim.dll
09/21/2005 10:25 AM 299,008 ALSndMgr.Cpl
09/09/2005 08:53 PM 2,067,968 cdosys.dll
08/31/2005 08:41 PM 19,968 linkinfo.dll
08/22/2005 10:35 PM 123,392 umpnpmgr.dll
08/22/2005 01:29 PM 197,632 netman.dll
08/05/2005 02:01 PM 58,368 Msdvbnp.ax
08/05/2005 02:01 PM 62,976 mpeg2data.ax
08/05/2005 02:01 PM 159,744 VBICodec.ax
08/05/2005 02:01 PM 167,936 wstpager.ax
08/05/2005 02:01 PM 240,640 wstrenderer.ax
08/05/2005 01:06 PM 165,376 mpg2splt.ax
08/05/2005 01:05 PM 64,512 msnp.ax
07/29/2005 12:51 PM 22,212 olelib2.tlb
07/29/2005 12:51 PM 569,368 olelib.tlb
07/27/2005 07:36 PM 13,028 eula.txt
07/25/2005 11:39 PM 37,888 olecnv32.dll
07/25/2005 11:39 PM 101,376 txflog.dll
07/25/2005 11:39 PM 397,824 rpcss.dll
07/25/2005 11:39 PM 74,752 olecli32.dll
07/25/2005 11:39 PM 1,285,120 ole32.dll
07/25/2005 11:39 PM 243,200 es.dll
07/25/2005 11:39 PM 540,160 comuid.dll
07/25/2005 11:39 PM 60,416 colbact.dll
07/25/2005 11:39 PM 97,792 comrepl.dll
07/25/2005 11:39 PM 110,080 clbcatex.dll
07/25/2005 11:39 PM 498,688 clbcatq.dll
07/25/2005 11:39 PM 625,152 catsrvut.dll
07/25/2005 11:39 PM 1,267,200 comsvcs.dll
07/25/2005 11:39 PM 225,792 catsrv.dll
07/15/2005 04:48 PM 40,960 ChCfg.exe
07/11/2005 12:31 PM 27,648 AVSredirect.dll
07/08/2005 11:27 AM 76,800 remotesp.tsp
07/08/2005 11:27 AM 249,344 tapisrv.dll
06/28/2005 08:55 PM 385,024 qdvd.dll
06/28/2005 08:46 PM 74,240 mscms.dll
06/28/2005 08:46 PM 254,976 icm32.dll
06/21/2005 05:00 PM 52,736 wzcsapi.dll
06/21/2005 05:00 PM 383,488 wzcdlg.dll
06/21/2005 05:00 PM 474,624 wzcsvc.dll
06/21/2005 05:00 PM 1,705,472 netshell.dll
06/15/2005 12:49 PM 295,936 kerberos.dll
06/10/2005 06:53 PM 57,856 spoolsv.exe
05/26/2005 09:04 PM 41,472 hhsetup.dll
05/26/2005 09:04 PM 137,216 itss.dll
05/26/2005 09:04 PM 155,136 itircl.dll
05/26/2005 04:16 AM 172,312 wuauclt1.exe
05/26/2005 04:16 AM 194,328 wuaueng1.dll
05/26/2005 04:16 AM 198,424 iuengine.dll
05/25/2005 02:40 AM 258,352 unicows.dll
05/25/2005 02:40 AM 1,047,552 MFC71u.dll
05/25/2005 02:40 AM 1,060,864 MFC71.dll
05/12/2005 09:24 PM 44,544 msxml4a.dll
05/12/2005 09:24 PM 1,645,320 gdiplus.dll
05/12/2005 09:24 PM 198,144 _psisdecd.dll
05/10/2005 06:45 PM 75,776 telnet.exe
05/04/2005 02:45 PM 15,360 msisip.dll
05/04/2005 02:45 PM 78,848 msiexec.exe
05/04/2005 02:45 PM 271,360 msihnd.dll
05/04/2005 02:45 PM 884,736 msimsg.dll
05/04/2005 02:45 PM 2,890,240 MSI(3).DLL
03/24/2005 02:27 AM 212,480 PCDLIB32.DLL
03/24/2005 02:27 AM 462,848 ltkrn13n.dll
03/24/2005 02:27 AM 1,009,664 Ltwvc13n.dll
03/24/2005 02:27 AM 49,152 lfpcd13n.dll
03/24/2005 02:27 AM 53,248 lftga13n.dll
03/24/2005 02:27 AM 53,248 lfpcx13n.dll
03/24/2005 02:27 AM 55,808 lfpsd13n.dll
03/24/2005 02:27 AM 61,440 lfwmf13n.dll
03/24/2005 02:27 AM 69,632 lfgif13n.dll
03/24/2005 02:27 AM 155,648 lftif13n.dll
03/24/2005 02:27 AM 159,744 Lfpng13n.dll
03/24/2005 02:27 AM 163,840 ltfil13n.DLL
03/24/2005 02:27 AM 206,336 ltefx13n.DLL
03/24/2005 02:27 AM 299,008 LTDIS13n.dll
03/24/2005 02:27 AM 450,560 ltimg13n.dll
03/24/2005 02:27 AM 1,693,696 Ltclr13n.dll
03/24/2005 02:27 AM 57,344 lfbmp13n.dll
03/24/2005 02:27 AM 65,536 lfeps13n.dll
03/24/2005 02:27 AM 98,304 lffax13n.dll
03/24/2005 02:27 AM 401,408 LFCMP13n.DLL
03/10/2005 02:49 AM 295,424 termsrv.dll
03/02/2005 01:09 PM 56,832 authz.dll
02/22/2005 11:55 AM 81,920 aac_parser.ax
02/12/2005 06:00 PM 51,712 RLSpeexDec.ax
02/12/2005 06:00 PM 67,584 RLTheoraDec.ax
02/12/2005 06:00 PM 186,880 RLOgg.ax
02/05/2005 06:00 PM 92,672 RLVorbisDec.ax
01/28/2005 01:44 PM 96,768 drmstor.dll
01/28/2005 01:44 PM 258,296 drmclien.dll
01/17/2005 06:26 PM 179,200 DiracSplitter.ax
01/12/2005 02:39 PM 2,564 OEMINFO.INI
01/12/2005 02:52 AM 834 Warranty Information.txt
01/07/2005 05:07 PM 25,088 HdAProp.dll
01/07/2005 05:07 PM 61,952 HdAShCut.exe
01/07/2005 05:07 PM 5,120 HdAudRes.dll
01/05/2005 09:36 PM 31,744 hlp95en.dll
12/07/2004 02:32 PM 96,768 srvsvc.dll
11/17/2004 12:41 PM 347,136 hypertrm.dll
10/15/2004 06:32 PM 83,096 SSSensor.dll
10/15/2004 06:31 PM 99,480 FwsVpn.dll
10/15/2004 06:31 PM 218,264 SetAid.dll
10/12/2004 02:46 PM 1,761,280 ffdshow.ax
10/12/2004 02:42 PM 262,144 TomsMoComp_ff.dll
10/12/2004 02:40 PM 2,255,360 libavcodec.dll
10/05/2004 04:16 PM 395,776 libmplayer.dll
10/04/2004 01:50 AM 112,640 libmpeg2_ff.dll
09/05/2004 01:31 PM 184,320 VideoEdit.ocx
08/10/2004 12:00 PM 51 pscript.sep
08/10/2004 12:00 PM 64 cmos.ram
08/10/2004 12:00 PM 75 View Channels.scf
08/10/2004 12:00 PM 81 dsound.vxd
08/10/2004 12:00 PM 114 pcl.sep
08/10/2004 12:00 PM 140 perffilt.h
08/10/2004 12:00 PM 168 l_except.nls
08/10/2004 12:00 PM 343 prodspec.ini
08/10/2004 12:00 PM 427 perfci.h
08/10/2004 12:00 PM 435 perfwci.h
08/10/2004 12:00 PM 487 login.cmd
08/10/2004 12:00 PM 697 noise.tha
08/10/2004 12:00 PM 741 noise.dat
08/10/2004 12:00 PM 751 noise.enu
08/10/2004 12:00 PM 751 noise.eng
08/10/2004 12:00 PM 817 mscdexnt.exe
08/10/2004 12:00 PM 862 termcap
08/10/2004 12:00 PM 882 share.exe
08/10/2004 12:00 PM 882 fastopen.exe
08/10/2004 12:00 PM 929 homepage.inf
08/10/2004 12:00 PM 1,129 vwipxspx.exe
08/10/2004 12:00 PM 1,131 loadfix.com
08/10/2004 12:00 PM 1,152 mmtask.tsk
08/10/2004 12:00 PM 1,152 perffilt.ini
08/10/2004 12:00 PM 1,492 mmdriver.inf
08/10/2004 12:00 PM 1,688 AUTOEXEC.NT
08/10/2004 12:00 PM 1,696 noise.cht
08/10/2004 12:00 PM 1,696 noise.chs
08/10/2004 12:00 PM 1,744 sound.drv
08/10/2004 12:00 PM 1,788 Dcache.bin
08/10/2004 12:00 PM 1,818 rasctrnm.h
08/10/2004 12:00 PM 2,000 keyboard.drv
08/10/2004 12:00 PM 2,032 mouse.drv
08/10/2004 12:00 PM 2,080 winoldap.mod
08/10/2004 12:00 PM 2,112 winspool.exe
08/10/2004 12:00 PM 2,151 12520437.cpx
08/10/2004 12:00 PM 2,176 vga.drv
08/10/2004 12:00 PM 2,233 12520850.cpx
08/10/2004 12:00 PM 2,560 lz32.dll
08/10/2004 12:00 PM 2,577 CONFIG.TMP
08/10/2004 12:00 PM 2,656 netware.drv
08/10/2004 12:00 PM 2,732 perfwci.ini
08/10/2004 12:00 PM 2,736 wowdeb.exe
08/10/2004 12:00 PM 2,755 mqprfsym.h
08/10/2004 12:00 PM 2,864 winsock.dll
08/10/2004 12:00 PM 2,891 perfci.ini
08/10/2004 12:00 PM 3,010 pschdcnt.h
08/10/2004 12:00 PM 3,072 fixmapi.exe
08/10/2004 12:00 PM 3,072 rnr20.dll
08/10/2004 12:00 PM 3,072 systray.exe
08/10/2004 12:00 PM 3,167 rsaci.rat
08/10/2004 12:00 PM 3,178 rsvpcnts.h
08/10/2004 12:00 PM 3,200 wowfax.dll
08/10/2004 12:00 PM 3,214 sysprint.sep
08/10/2004 12:00 PM 3,252 nw16.exe
08/10/2004 12:00 PM 3,338 redir.exe
08/10/2004 12:00 PM 3,360 system.drv
08/10/2004 12:00 PM 3,458 rasctrs.ini
08/10/2004 12:00 PM 3,577 sysprtj.sep
08/10/2004 12:00 PM 3,584 dpnlobby.dll
08/10/2004 12:00 PM 3,584 icmp.dll
08/10/2004 12:00 PM 3,584 dpnaddr.dll
08/10/2004 12:00 PM 3,584 msafd.dll
08/10/2004 12:00 PM 3,584 riched32.dll
08/10/2004 12:00 PM 3,584 regedt32.exe
08/10/2004 12:00 PM 3,584 iprop.dll
08/10/2004 12:00 PM 3,584 mll_hp.dll
08/10/2004 12:00 PM 3,584 comcat.dll
08/10/2004 12:00 PM 3,708 pubprn.vbs
08/10/2004 12:00 PM 4,048 timer.drv
08/10/2004 12:00 PM 4,096 unlodctr.exe
08/10/2004 12:00 PM 4,096 nddeapir.exe
08/10/2004 12:00 PM 4,096 dsprpres.dll
08/10/2004 12:00 PM 4,096 actmovie.exe
08/10/2004 12:00 PM 4,096 wdl.trm
08/10/2004 12:00 PM 4,096 iprtprio.dll
08/10/2004 12:00 PM 4,126 msdxmlc.dll
08/10/2004 12:00 PM 4,208 storage.dll
08/10/2004 12:00 PM 4,310 odbcconf.rsp
08/10/2004 12:00 PM 4,461 oembios.dat
08/10/2004 12:00 PM 4,569 secupd.dat
08/10/2004 12:00 PM 4,608 bootok.exe
08/10/2004 12:00 PM 4,608 mchgrcoi.dll
08/10/2004 12:00 PM 4,608 mqsvc.exe
08/10/2004 12:00 PM 4,608 vjoy.dll
08/10/2004 12:00 PM 4,608 mssip32.dll
08/10/2004 12:00 PM 4,608 msimg32.dll
08/10/2004 12:00 PM 4,608 dllhst3g.exe
08/10/2004 12:00 PM 4,608 regwiz.exe
08/10/2004 12:00 PM 4,656 ds16gt.dLL
08/10/2004 12:00 PM 4,768 himem.sys
08/10/2004 12:00 PM 5,120 sfc.dll
08/10/2004 12:00 PM 5,120 lodctr.exe
08/10/2004 12:00 PM 5,120 shell.dll
08/10/2004 12:00 PM 5,120 bootvrfy.exe
08/10/2004 12:00 PM 5,120 dllhost.exe
08/10/2004 12:00 PM 5,120 kbddv.dll
08/10/2004 12:00 PM 5,120 winnls.dll
08/10/2004 12:00 PM 5,632 security.dll
08/10/2004 12:00 PM 5,632 softpub.dll
08/10/2004 12:00 PM 5,632 perfnw.dll
08/10/2004 12:00 PM 5,632 kbdit142.dll
08/10/2004 12:00 PM 5,632 kbdhu1.dll
08/10/2004 12:00 PM 5,632 kbdpl1.dll
08/10/2004 12:00 PM 5,632 kbdit.dll
08/10/2004 12:00 PM 5,632 kbdro.dll
08/10/2004 12:00 PM 5,632 cisvc.exe
08/10/2004 12:00 PM 5,632 kbdlt.dll
08/10/2004 12:00 PM 5,632 kbdmon.dll
08/10/2004 12:00 PM 5,632 winver.exe
08/10/2004 12:00 PM 5,632 kbdir.dll
08/10/2004 12:00 PM 5,632 wmi.dll
08/10/2004 12:00 PM 5,632 skdll.dll
08/10/2004 12:00 PM 5,632 kbdlt1.dll
08/10/2004 12:00 PM 5,632 kbdhe.dll
08/10/2004 12:00 PM 5,632 kbdhe220.dll
08/10/2004 12:00 PM 5,632 kbdkyr.dll
08/10/2004 12:00 PM 5,632 kbdazel.dll
08/10/2004 12:00 PM 5,632 kbdhe319.dll
08/10/2004 12:00 PM 5,632 kbdmaori.dll
08/10/2004 12:00 PM 5,632 kbdblr.dll
08/10/2004 12:00 PM 5,632 kbdgae.dll
08/10/2004 12:00 PM 5,632 kbdbu.dll
08/10/2004 12:00 PM 5,632 kbdru.dll
08/10/2004 12:00 PM 5,632 kbdru1.dll
08/10/2004 12:00 PM 5,632 kbdycc.dll
08/10/2004 12:00 PM 5,632 kbdur.dll
08/10/2004 12:00 PM 5,632 mll_qic.dll
08/10/2004 12:00 PM 5,632 kbdkaz.dll
08/10/2004 12:00 PM 5,632 kbduzb.dll
08/10/2004 12:00 PM 5,632 tapiperf.dll
08/10/2004 12:00 PM 5,632 kbduk.dll
08/10/2004 12:00 PM 5,632 kbdus.dll
08/10/2004 12:00 PM 5,632 kbdaze.dll
08/10/2004 12:00 PM 5,632 kbdtat.dll
08/10/2004 12:00 PM 6,144 kbdfr.dll
08/10/2004 12:00 PM 6,144 kbdtuf.dll
08/10/2004 12:00 PM 6,144 kbdne.dll
08/10/2004 12:00 PM 6,144 kbdda.dll
08/10/2004 12:00 PM 6,144 kbdca.dll
08/10/2004 12:00 PM 6,144 kbdbr.dll
08/10/2004 12:00 PM 6,144 kbdbene.dll
08/10/2004 12:00 PM 6,144 kbdtuq.dll
08/10/2004 12:00 PM 6,144 kbdinbe1.dll
08/10/2004 12:00 PM 6,144 kbdbe.dll
08/10/2004 12:00 PM 6,144 lpq.exe
08/10/2004 12:00 PM 6,144 kbdmlt48.dll
08/10/2004 12:00 PM 6,144 kbdusl.dll
08/10/2004 12:00 PM 6,144 kbdmlt47.dll
08/10/2004 12:00 PM 6,144 kbdes.dll
08/10/2004 12:00 PM 6,144 kbdno.dll
08/10/2004 12:00 PM 6,144 kbdfc.dll
08/10/2004 12:00 PM 6,144 kbdfi.dll
08/10/2004 12:00 PM 6,144 kbdfo.dll
08/10/2004 12:00 PM 6,144 kbdsp.dll
08/10/2004 12:00 PM 6,144 kbdmac.dll
08/10/2004 12:00 PM 6,144 kbdusx.dll
08/10/2004 12:00 PM 6,144 csrss.exe
08/10/2004 12:00 PM 6,144 kbdsf.dll
08/10/2004 12:00 PM 6,144 kbdhela2.dll
08/10/2004 12:00 PM 6,144 svcpack.dll
08/10/2004 12:00 PM 6,144 nwevent.dll
08/10/2004 12:00 PM 6,144 kbdpo.dll
08/10/2004 12:00 PM 6,144 kbdsw.dll
08/10/2004 12:00 PM 6,144 kbdgkl.dll
08/10/2004 12:00 PM 6,144 kbdic.dll
08/10/2004 12:00 PM 6,144 kbdest.dll
08/10/2004 12:00 PM 6,144 kbdlv.dll
08/10/2004 12:00 PM 6,144 kbdgr.dll
08/10/2004 12:00 PM 6,144 kbdlv1.dll
08/10/2004 12:00 PM 6,144 kbdusr.dll
08/10/2004 12:00 PM 6,144 kbdgr1.dll
08/10/2004 12:00 PM 6,656 kbdsl1.dll
08/10/2004 12:00 PM 6,656 kbdsl.dll
08/10/2004 12:00 PM 6,656 kbdsg.dll
08/10/2004 12:00 PM 6,656 kbdpl.dll
08/10/2004 12:00 PM 6,656 kbdhela3.dll
08/10/2004 12:00 PM 6,656 sensapi.dll
08/10/2004 12:00 PM 6,656 msidle.dll
08/10/2004 12:00 PM 6,656 kbdla.dll
08/10/2004 12:00 PM 6,656 kbdhu.dll
08/10/2004 12:00 PM 6,656 kbdcz2.dll
08/10/2004 12:00 PM 6,656 kbdinmal.dll
08/10/2004 12:00 PM 6,656 kbdinben.dll
08/10/2004 12:00 PM 6,656 kbdcz1.dll
08/10/2004 12:00 PM 6,656 kbdycl.dll
08/10/2004 12:00 PM 6,656 routetab.dll
08/10/2004 12:00 PM 6,656 kbdcr.dll
08/10/2004 12:00 PM 6,656 KBDAL.DLL
08/10/2004 12:00 PM 6,656 msswchx.exe
08/10/2004 12:00 PM 6,708 esentprf.hxx
08/10/2004 12:00 PM 6,761 oembios.sig
08/10/2004 12:00 PM 6,877 pschdprf.ini
08/10/2004 12:00 PM 7,040 kdcom.dll
08/10/2004 12:00 PM 7,046 l_intl.nls
08/10/2004 12:00 PM 7,052 nlsfunc.exe
08/10/2004 12:00 PM 7,168 wshnetbs.dll
08/10/2004 12:00 PM 7,168 hccoin.dll
08/10/2004 12:00 PM 7,168 msr2cenu.dll
08/10/2004 12:00 PM 7,168 stdole32.tlb
08/10/2004 12:00 PM 7,168 kbdno1.dll
08/10/2004 12:00 PM 7,168 forcedos.exe
08/10/2004 12:00 PM 7,168 tlntsvrp.dll
08/10/2004 12:00 PM 7,168 kbdnec.dll
08/10/2004 12:00 PM 7,168 mscat32.dll
08/10/2004 12:00 PM 7,168 kbdcz.dll
08/10/2004 12:00 PM 7,168 kbdukx.dll
08/10/2004 12:00 PM 7,168 diskcopy.com
08/10/2004 12:00 PM 7,168 recover.exe
08/10/2004 12:00 PM 7,168 kbdfi1.dll
08/10/2004 12:00 PM 7,208 secupd.sig
08/10/2004 12:00 PM 7,424 kd1394.dll
08/10/2004 12:00 PM 7,680 hostname.exe
08/10/2004 12:00 PM 7,680 kbdcan.dll
08/10/2004 12:00 PM 7,680 ckcnv.exe
08/10/2004 12:00 PM 7,680 chcp.com
08/10/2004 12:00 PM 7,680 mll_mtf.dll
08/10/2004 12:00 PM 7,680 vcdex.dll
08/10/2004 12:00 PM 7,680 kbdsmsno.dll
08/10/2004 12:00 PM 7,680 kbdsmsfi.dll
08/10/2004 12:00 PM 7,680 ncxpnt.dll
08/10/2004 12:00 PM 7,680 mciole32.dll
08/10/2004 12:00 PM 8,191 bios4.rom
08/10/2004 12:00 PM 8,192 cidaemon.exe
08/10/2004 12:00 PM 8,192 psnppagn.dll
08/10/2004 12:00 PM 8,192 kbdhept.dll
08/10/2004 12:00 PM 8,192 qosname.dll
08/10/2004 12:00 PM 8,192 tssoft32.acm
08/10/2004 12:00 PM 8,192 mag_hook.dll
08/10/2004 12:00 PM 8,192 tsbyuv.dll
08/10/2004 12:00 PM 8,192 mountvol.exe
08/10/2004 12:00 PM 8,192 winhlp32.exe
08/10/2004 12:00 PM 8,192 mciole16.dll
08/10/2004 12:00 PM 8,192 ntlsapi.dll
08/10/2004 12:00 PM 8,192 control.exe
08/10/2004 12:00 PM 8,192 smbinst.exe
08/10/2004 12:00 PM 8,192 streamci.dll
08/10/2004 12:00 PM 8,192 lpr.exe
08/10/2004 12:00 PM 8,192 igmpagnt.dll
08/10/2004 12:00 PM 8,192 mqperf.dll
08/10/2004 12:00 PM 8,192 d3d8thk.dll
08/10/2004 12:00 PM 8,386 ctype.nls
08/10/2004 12:00 PM 8,424 exe2bin.exe
08/10/2004 12:00 PM 8,704 batt.dll
08/10/2004 12:00 PM 8,704 eventvwr.exe
08/10/2004 12:00 PM 8,704 dciman32.dll
08/10/2004 12:00 PM 9,008 ver.dll
08/10/2004 12:00 PM 9,029 ansi.sys
08/10/2004 12:00 PM 9,216 wifeman.dll
08/10/2004 12:00 PM 9,216 wshatm.dll
08/10/2004 12:00 PM 9,216 find.exe
08/10/2004 12:00 PM 9,216 msg711.acm
08/10/2004 12:00 PM 9,216 proxycfg.exe
08/10/2004 12:00 PM 9,216 winfax.dll
08/10/2004 12:00 PM 9,216 diskcomp.com
08/10/2004 12:00 PM 9,216 subst.exe
08/10/2004 12:00 PM 9,216 finger.exe
08/10/2004 12:00 PM 9,216 iissuba.dll
08/10/2004 12:00 PM 9,216 lprmonui.dll
08/10/2004 12:00 PM 9,216 scrnsave.scr
08/10/2004 12:00 PM 9,216 print.exe
08/10/2004 12:00 PM 9,344 vga.dll
08/10/2004 12:00 PM 9,344 framebuf.dll
08/10/2004 12:00 PM 9,728 sprestrt.exe
08/10/2004 12:00 PM 9,728 sfc.exe
08/10/2004 12:00 PM 9,728 gpkrsrc.dll
08/10/2004 12:00 PM 9,728 rsvpperf.dll
08/10/2004 12:00 PM 9,728 label.exe
08/10/2004 12:00 PM 9,936 lzexpand.dll
08/10/2004 12:00 PM 10,110 mqperf.ini
08/10/2004 12:00 PM 10,112 modex.dll
08/10/2004 12:00 PM 10,240 panmap.dll
08/10/2004 12:00 PM 10,240 scriptpw.dll
08/10/2004 12:00 PM 10,240 mcd32.dll
08/10/2004 12:00 PM 10,240 lprhelp.dll
08/10/2004 12:00 PM 10,368 wowexec.exe
08/10/2004 12:00 PM 10,496 mcdsrv32.dll
08/10/2004 12:00 PM 10,544 comm.drv
08/10/2004 12:00 PM 10,752 pschdprf.dll
08/10/2004 12:00 PM 10,752 mqcertui.dll
08/10/2004 12:00 PM 10,752 dumprep.exe
08/10/2004 12:00 PM 10,752 doskey.exe
08/10/2004 12:00 PM 10,752 clb.dll
08/10/2004 12:00 PM 10,790 edit.hlp
08/10/2004 12:00 PM 11,264 msrle32.dll
08/10/2004 12:00 PM 11,264 atmadm.exe
08/10/2004 12:00 PM 11,264 attrib.exe
08/10/2004 12:00 PM 11,264 rasdial.exe
08/10/2004 12:00 PM 11,264 tree.com
08/10/2004 12:00 PM 11,264 autolfn.exe
08/10/2004 12:00 PM 11,264 chkntfs.exe
08/10/2004 12:00 PM 11,753 setver.exe
08/10/2004 12:00 PM 11,776 rasctrs.dll
08/10/2004 12:00 PM 11,776 rasautou.exe
08/10/2004 12:00 PM 11,776 winmsd.exe
08/10/2004 12:00 PM 11,776 spnpinst.exe
08/10/2004 12:00 PM 11,776 chkdsk.exe
08/10/2004 12:00 PM 11,776 localui.dll
08/10/2004 12:00 PM 11,776 WshRm.dll
08/10/2004 12:00 PM 11,776 wshisn.dll
08/10/2004 12:00 PM 11,776 regsvr32.exe
08/10/2004 12:00 PM 12,082 rsvp.ini
08/10/2004 12:00 PM 12,168 tsddd.dll
08/10/2004 12:00 PM 12,288 mscpx32r.dLL
08/10/2004 12:00 PM 12,288 bootvid.dll
08/10/2004 12:00 PM 12,288 msdatsrc.tlb
08/10/2004 12:00 PM 12,288 odbcp32r.dll
08/10/2004 12:00 PM 12,288 mmdrv.dll
08/10/2004 12:00 PM 12,288 perfts.dll
08/10/2004 12:00 PM 12,288 tracert.exe
08/10/2004 12:00 PM 12,288 netrap.dll
08/10/2004 12:00 PM 12,288 tcmsetup.exe
08/10/2004 12:00 PM 12,498 append.exe
08/10/2004 12:00 PM 12,642 edlin.exe
08/10/2004 12:00 PM 12,800 spiisupd.exe
08/10/2004 12:00 PM 12,800 rasser.dll
08/10/2004 12:00 PM 12,800 replace.exe
08/10/2004 12:00 PM 12,800 mrinfo.exe
08/10/2004 12:00 PM 13,256 noise.nld
08/10/2004 12:00 PM 13,312 umdmxfrm.dll
08/10/2004 12:00 PM 13,312 verifier.dll
08/10/2004 12:00 PM 13,312 lsass.exe
08/10/2004 12:00 PM 13,312 atkctrs.dll
08/10/2004 12:00 PM 13,312 irclass.dll
08/10/2004 12:00 PM 13,312 sigtab.dll
08/10/2004 12:00 PM 13,312 msswch.dll
08/10/2004 12:00 PM 13,312 win87em.dll
08/10/2004 12:00 PM 13,312 savedump.exe
08/10/2004 12:00 PM 13,312 ntvdmd.dll
08/10/2004 12:00 PM 13,600 wfwnet.drv
08/10/2004 12:00 PM 13,730 noise.sve
08/10/2004 12:00 PM 13,824 sisbkup.dll
08/10/2004 12:00 PM 13,824 senscfg.dll
08/10/2004 12:00 PM 13,824 wowfaxui.dll
08/10/2004 12:00 PM 13,824 lmhsvc.dll
08/10/2004 12:00 PM 13,824 convert.exe
08/10/2004 12:00 PM 13,824 rexec.exe
08/10/2004 12:00 PM 13,824 uniplat.dll
08/10/2004 12:00 PM 13,824 wscntfy.exe
08/10/2004 12:00 PM 13,824 cmsetACL.dll
08/10/2004 12:00 PM 13,888 toolhelp.dll
08/10/2004 12:00 PM 14,336 serialui.dll
08/10/2004 12:00 PM 14,336 drprov.dll
08/10/2004 12:00 PM 14,336 cmpbk32.dll
08/10/2004 12:00 PM 14,336 wship6.dll
08/10/2004 12:00 PM 14,336 msdmo.dll
08/10/2004 12:00 PM 14,336 runonce.exe
08/10/2004 12:00 PM 14,336 svchost.exe
08/10/2004 12:00 PM 14,336 ntlanui2.dll
08/10/2004 12:00 PM 14,336 ssstars.scr
08/10/2004 12:00 PM 14,336 auditusr.exe
08/10/2004 12:00 PM 14,710 kb16.com
08/10/2004 12:00 PM 14,848 help.exe
08/10/2004 12:00 PM 14,848 slbrccsp.dll
08/10/2004 12:00 PM 14,848 mcastmib.dll
08/10/2004 12:00 PM 14,848 hnetmon.dll
08/10/2004 12:00 PM 14,848 tcpmib.dll
08/10/2004 12:00 PM 14,848 fc.exe
08/10/2004 12:00 PM 14,848 msadp32.acm
08/10/2004 12:00 PM 14,848 mgmtapi.dll
08/10/2004 12:00 PM 14,848 msidntld.dll
08/10/2004 12:00 PM 14,848 serwvdrv.dll
08/10/2004 12:00 PM 14,848 rsh.exe
08/10/2004 12:00 PM 14,848 stimon.exe
08/10/2004 12:00 PM 15,360 pjlmon.dll
08/10/2004 12:00 PM 15,360 taskman.exe
08/10/2004 12:00 PM 15,360 ctfmon.exe
08/10/2004 12:00 PM 15,360 pentnt.exe
08/10/2004 12:00 PM 15,360 tsd32.dll
08/10/2004 12:00 PM 15,860 prnqctl.vbs
08/10/2004 12:00 PM 15,872 comp.exe
08/10/2004 12:00 PM 15,872 w3ssl.dll
08/10/2004 12:00 PM 15,872 more.com
08/10/2004 12:00 PM 15,872 perfmon.exe
08/10/2004 12:00 PM 15,872 dmremote.exe
08/10/2004 12:00 PM 15,872 sysinv.dll
08/10/2004 12:00 PM 15,872 cmcfg32.dll
08/10/2004 12:00 PM 15,872 expand.exe
08/10/2004 12:00 PM 15,872 inetppui.dll
08/10/2004 12:00 PM 16,384 ds32gt.dll
08/10/2004 12:00 PM 16,384 odbc32gt.dll
08/10/2004 12:00 PM 16,384 deskadp.dll
08/10/2004 12:00 PM 16,384 simpdata.tlb
08/10/2004 12:00 PM 16,384 fmifs.dll
08/10/2004 12:00 PM 16,384 runas.exe
08/10/2004 12:00 PM 16,384 imaadp32.acm
08/10/2004 12:00 PM 16,384 prflbmsg.dll
08/10/2004 12:00 PM 16,896 usbmon.dll
08/10/2004 12:00 PM 16,896 vss_ps.dll
08/10/2004 12:00 PM 16,896 perfnet.dll
08/10/2004 12:00 PM 16,896 cfgmgr32.dll
08/10/2004 12:00 PM 16,896 oleaccrc.dll
08/10/2004 12:00 PM 16,896 upnpcont.exe
08/10/2004 12:00 PM 16,896 rassapi.dll
08/10/2004 12:00 PM 16,896 tftp.exe
08/10/2004 12:00 PM 16,896 winrnr.dll
08/10/2004 12:00 PM 16,896 deskmon.dll
08/10/2004 12:00 PM 17,408 ipconf.tsp
08/10/2004 12:00 PM 17,408 compact.exe
08/10/2004 12:00 PM 17,408 powrprof.dll
08/10/2004 12:00 PM 17,408 bidispl.dll
08/10/2004 12:00 PM 17,408 msyuv.dll
08/10/2004 12:00 PM 17,408 winshfhc.dll
08/10/2004 12:00 PM 17,408 esentprf.dll
08/10/2004 12:00 PM 17,408 nwapi16.dll
08/10/2004 12:00 PM 17,408 mcicda.dll
08/10/2004 12:00 PM 17,408 alrsvc.dll
08/10/2004 12:00 PM 17,664 watchdog.sys
08/10/2004 12:00 PM 17,920 diskperf.exe
08/10/2004 12:00 PM 17,920 iaspolcy.dll
08/10/2004 12:00 PM 17,920 stdole2.tlb
08/10/2004 12:00 PM 17,920 ping.exe
08/10/2004 12:00 PM 17,920 nddeapi.dll
08/10/2004 12:00 PM 17,920 ureg.dll
08/10/2004 12:00 PM 17,920 dvdupgrd.exe
08/10/2004 12:00 PM 18,176 vga64k.dll
08/10/2004 12:00 PM 18,432 win.com
08/10/2004 12:00 PM 18,432 secedit.exe
08/10/2004 12:00 PM 18,432 dpnsvr.exe
08/10/2004 12:00 PM 18,432 deskperf.dll
08/10/2004 12:00 PM 18,432 ups.exe
08/10/2004 12:00 PM 18,432 cacls.exe
08/10/2004 12:00 PM 18,432 wtsapi32.dll
08/10/2004 12:00 PM 18,432 dmintf.dll
08/10/2004 12:00 PM 18,832 v7vga.rom
08/10/2004 12:00 PM 18,896 sysedit.exe
08/10/2004 12:00 PM 18,944 version.dll
08/10/2004 12:00 PM 18,944 mimefilt.dll
08/10/2004 12:00 PM 18,944 seclogon.dll
08/10/2004 12:00 PM 18,944 winstrm.dll
08/10/2004 12:00 PM 18,944 snmpapi.dll
08/10/2004 12:00 PM 18,944 nddenb32.dll
08/10/2004 12:00 PM 18,944 rsmps.dll
08/10/2004 12:00 PM 18,944 midimap.dll
08/10/2004 12:00 PM 18,944 wmiprop.dll
08/10/2004 12:00 PM 18,944 ssmyst.scr
08/10/2004 12:00 PM 19,200 tapi.dll
08/10/2004 12:00 PM 19,456 arp.exe
08/10/2004 12:00 PM 19,456 vwipxspx.dll
08/10/2004 12:00 PM 19,456 dmocx.dll
08/10/2004 12:00 PM 19,456 tcpsvcs.exe
08/10/2004 12:00 PM 19,456 mode.com
08/10/2004 12:00 PM 19,456 dswave.dll
08/10/2004 12:00 PM 19,456 shutdown.exe
08/10/2004 12:00 PM 19,618 noise.ita
08/10/2004 12:00 PM 19,684 noise.esn
08/10/2004 12:00 PM 19,694 graphics.com
08/10/2004 12:00 PM 19,968 ssbezier.scr
08/10/2004 12:00 PM 19,968 msgsm32.acm
08/10/2004 12:00 PM 19,968 wshtcpip.dll
08/10/2004 12:00 PM 19,968 ws2help.dll
08/10/2004 12:00 PM 19,968 route.exe
08/10/2004 12:00 PM 19,968 mqbkup.exe
08/10/2004 12:00 PM 20,480 nbtstat.exe
08/10/2004 12:00 PM 20,480 wmp.ocx
08/10/2004 12:00 PM 20,480 wmpui.dll
08/10/2004 12:00 PM 20,480 wmpcore.dll
08/10/2004 12:00 PM 20,480 encapi.dll
08/10/2004 12:00 PM 20,480 nwcfg.dll
08/10/2004 12:00 PM 20,480 wmpcd.dll
08/10/2004 12:00 PM 20,480 msorc32r.dll
08/10/2004 12:00 PM 20,480 cliconfg.exe
08/10/2004 12:00 PM 20,480 msacm32.drv
08/10/2004 12:00 PM 20,510 odpdx32.dll
08/10/2004 12:00 PM 20,510 odfox32.dll
08/10/2004 12:00 PM 20,510 odexl32.dll
08/10/2004 12:00 PM 20,511 odtext32.dll
08/10/2004 12:00 PM 20,511 oddbse32.dll
08/10/2004 12:00 PM 20,535 vfpodbc.dll
08/10/2004 12:00 PM 20,634 debug.exe
08/10/2004 12:00 PM 20,992 hid.dll
08/10/2004 12:00 PM 20,992 bthci.dll
08/10/2004 12:00 PM 20,992 sclgntfy.dll
08/10/2004 12:00 PM 20,992 ssmarque.scr
08/10/2004 12:00 PM 20,992 ipxwan.dll
08/10/2004 12:00 PM 20,992 fontview.exe
08/10/2004 12:00 PM 21,232 graphics.pro
08/10/2004 12:00 PM 21,504 feclient.dll
08/10/2004 12:00 PM 21,504 pathping.exe
08/10/2004 12:00 PM 21,504 dpvacm.dll
08/10/2004 12:00 PM 21,504 rcp.exe
08/10/2004 12:00 PM 21,504 ipxrip.dll
08/10/2004 12:00 PM 21,527 prnjobs.vbs
08/10/2004 12:00 PM 22,016 olesvr32.dll
08/10/2004 12:00 PM 22,016 rpcns4.dll
08/10/2004 12:00 PM 22,016 mpnotify.exe
08/10/2004 12:00 PM 22,016 lpk.dll
08/10/2004 12:00 PM 22,016 w32topl.dll
08/10/2004 12:00 PM 22,040 sorttbls.nls
08/10/2004 12:00 PM 22,528 rasmxs.dll
08/10/2004 12:00 PM 22,528 mfcsubs.dll
08/10/2004 12:00 PM 22,528 wsock32.dll
08/10/2004 12:00 PM 23,040 setup.exe
08/10/2004 12:00 PM 23,040 psapi.dll
08/10/2004 12:00 PM 23,040 mciseq.dll
08/10/2004 12:00 PM 23,040 ersvc.dll
08/10/2004 12:00 PM 23,552 mciwave.dll
08/10/2004 12:00 PM 23,552 dpmodemx.dll
08/10/2004 12:00 PM 23,552 iasacct.dll
08/10/2004 12:00 PM 23,552 dmserver.dll
08/10/2004 12:00 PM 23,552 sfmapi.dll
08/10/2004 12:00 PM 23,552 ipxroute.exe
08/10/2004 12:00 PM 23,552 rasrad.dll
08/10/2004 12:00 PM 23,552 sort.exe
08/10/2004 12:00 PM 23,552 rsvpmsg.dll
08/10/2004 12:00 PM 24,064 pidgen.dll
08/10/2004 12:00 PM 24,064 olesvr.dll
08/10/2004 12:00 PM 24,576 davclnt.dll
08/10/2004 12:00 PM 24,576 dbmsrpcn.dll
08/10/2004 12:00 PM 24,576 rsmsink.exe
08/10/2004 12:00 PM 24,576 httpapi.dll
08/10/2004 12:00 PM 24,576 userinit.exe
08/10/2004 12:00 PM 24,576 odbcbcp.dll
08/10/2004 12:00 PM 24,576 gdi.exe
08/10/2004 12:00 PM 24,576 cliconfg.rll
08/10/2004 12:00 PM 24,603 sqlwid.dll
08/10/2004 12:00 PM 24,661 spxcoins.dll
08/10/2004 12:00 PM 24,772 geo.nls
08/10/2004 12:00 PM 25,088 mslbui.dll
08/10/2004 12:00 PM 25,088 defrag.exe
08/10/2004 12:00 PM 25,088 lnkstub.exe
08/10/2004 12:00 PM 25,088 perfos.dll
08/10/2004 12:00 PM 25,088 at.exe
08/10/2004 12:00 PM 25,088 shfolder.dll
08/10/2004 12:00 PM 25,088 slayerxp.dll
08/10/2004 12:00 PM 25,264 mciseq.drv
08/10/2004 12:00 PM 25,415 prndrvr.vbs
08/10/2004 12:00 PM 25,600 aaaamon.dll
08/10/2004 12:00 PM 25,600 format.com
08/10/2004 12:00 PM 25,600 netsetup.cpl
08/10/2004 12:00 PM 25,600 msvidc32.dll
08/10/2004 12:00 PM 25,600 udhisapi.dll
08/10/2004 12:00 PM 25,600 utildll.dll
08/10/2004 12:00 PM 25,600 routemon.exe
08/10/2004 12:00 PM 26,112 adptif.dll
08/10/2004 12:00 PM 26,112 ntdsbcli.dll
08/10/2004 12:00 PM 26,112 vdmdbg.dll
08/10/2004 12:00 PM 26,112 graftabl.com
08/10/2004 12:00 PM 26,112 skeys.exe
08/10/2004 12:00 PM 26,209 ntmsmgr.msc
08/10/2004 12:00 PM 26,224 odbc16gt.dll
08/10/2004 12:00 PM 26,624 scredir.dll
08/10/2004 12:00 PM 26,624 perfdisk.dll
08/10/2004 12:00 PM 26,624 msxmlr.dll
08/10/2004 12:00 PM 26,624 cnvfat.dll
08/10/2004 12:00 PM 26,624 efsadu.dll
08/10/2004 12:00 PM 27,097 country.sys
08/10/2004 12:00 PM 27,136 findstr.exe
08/10/2004 12:00 PM 27,136 ddrawex.dll
08/10/2004 12:00 PM 27,136 ctl3d32.dll
08/10/2004 12:00 PM 27,200 ctl3dv2.dll
08/10/2004 12:00 PM 27,648 conime.exe
08/10/2004 12:00 PM 27,648 ccfgnt.dll
08/10/2004 12:00 PM 27,648 profmap.dll
08/10/2004 12:00 PM 27,648 shscrap.dll
08/10/2004 12:00 PM 27,866 ntdos.sys
08/10/2004 12:00 PM 28,112 drwatson.exe
08/10/2004 12:00 PM 28,160 telephon.cpl
08/10/2004 12:00 PM 28,160 mciwave.drv
08/10/2004 12:00 PM 28,420 bios1.rom
08/10/2004 12:00 PM 28,626 perfd009.dat
08/10/2004 12:00 PM 28,672 batmeter.dll
08/10/2004 12:00 PM 28,672 wshcon.dll
08/10/2004 12:00 PM 28,672 dfsshlex.dll
08/10/2004 12:00 PM 28,672 dbnmpntw.dll
08/10/2004 12:00 PM 28,672 dmband.dll
08/10/2004 12:00 PM 28,672 rsfsaps.dll
08/10/2004 12:00 PM 28,746 msrecr40.dll
08/10/2004 12:00 PM 29,146 ntdos804.sys
08/10/2004 12:00 PM 29,146 ntdos404.sys
08/10/2004 12:00 PM 29,184 sendcmsg.dll
08/10/2004 12:00 PM 29,184 sdhcinst.dll
08/10/2004 12:00 PM 29,274 ntdos412.sys
08/10/2004 12:00 PM 29,370 ntdos411.sys
08/10/2004 12:00 PM 29,454 prnport.vbs
08/10/2004 12:00 PM 29,696 lights.exe
08/10/2004 12:00 PM 29,696 hidphone.tsp
08/10/2004 12:00 PM 30,160 compobj.dll
08/10/2004 12:00 PM 30,208 dplaysvr.exe
08/10/2004 12:00 PM 30,208 asr_fmt.exe
08/10/2004 12:00 PM 30,208 bthserv.dll
08/10/2004 12:00 PM 30,208 ddeshare.exe
08/10/2004 12:00 PM 30,208 atmlib.dll
08/10/2004 12:00 PM 30,208 mspatcha.dll
08/10/2004 12:00 PM 30,720 iologmsg.dll
08/10/2004 12:00 PM 30,720 vbisurf.ax
08/10/2004 12:00 PM 30,720 plustab.dll
08/10/2004 12:00 PM 30,720 xcopy.exe
08/10/2004 12:00 PM 30,749 vbajet32.dll
08/10/2004 12:00 PM 31,232 traffic.dll
08/10/2004 12:00 PM 31,232 sethc.exe
08/10/2004 12:00 PM 31,232 sc.exe
08/10/2004 12:00 PM 31,744 tracert6.exe
08/10/2004 12:00 PM 31,744 ntsd.exe
08/10/2004 12:00 PM 31,744 rtipxmib.dll
08/10/2004 12:00 PM 32,256 iashlpr.dll
08/10/2004 12:00 PM 32,256 wupdmgr.exe
08/10/2004 12:00 PM 32,256 wpnpinst.exe
08/10/2004 12:00 PM 32,256 asr_ldm.exe
08/10/2004 12:00 PM 32,256 wpabaln.exe
08/10/2004 12:00 PM 32,546 prnmngr.vbs
08/10/2004 12:00 PM 32,674 winhelp.hlp
08/10/2004 12:00 PM 32,760 fsmgmt.msc
08/10/2004 12:00 PM 32,768 odbccp32.cpl
08/10/2004 12:00 PM 32,768 cnetcfg.dll
08/10/2004 12:00 PM 32,768 csrsrv.dll
08/10/2004 12:00 PM 32,768 asr_pfu.exe
08/10/2004 12:00 PM 32,768 relog.exe
08/10/2004 12:00 PM 32,768 winipsec.dll
08/10/2004 12:00 PM 32,768 odbcad32.exe
08/10/2004 12:00 PM 32,816 commdlg.dll
08/10/2004 12:00 PM 32,968 ntmsoprq.msc
08/10/2004 12:00 PM 33,040 dplay.dll
08/10/2004 12:00 PM 33,079 devmgmt.msc
08/10/2004 12:00 PM 33,280 clipsrv.exe
08/10/2004 12:00 PM 33,280 eventcls.dll
08/10/2004 12:00 PM 33,280 rundll32.exe
08/10/2004 12:00 PM 33,280 cryptdll.dll
08/10/2004 12:00 PM 33,280 ping6.exe
08/10/2004 12:00 PM 33,280 inetmib1.dll
08/10/2004 12:00 PM 33,280 msobjs.dll
08/10/2004 12:00 PM 33,280 kmddsp.tsp
08/10/2004 12:00 PM 33,464 services.msc
08/10/2004 12:00 PM 33,673 diskmgmt.msc
08/10/2004 12:00 PM 33,792 msgsvc.dll
08/10/2004 12:00 PM 33,792 vssadmin.exe
08/10/2004 12:00 PM 33,840 ntio.sys
08/10/2004 12:00 PM 34,304 pstorsvc.dll
08/10/2004 12:00 PM 34,560 ntio804.sys
08/10/2004 12:00 PM 34,560 ntio404.sys
08/10/2004 12:00 PM 34,816 perfproc.dll
08/10/2004 12:00 PM 34,816 d3dpmesh.dll
08/10/2004 12:00 PM 34,816 ssdpapi.dll
08/10/2004 12:00 PM 34,816 atmpvcno.dll
08/10/2004 12:00 PM 34,871 gpedit.msc
08/10/2004 12:00 PM 35,328 mciqtz32.dll
08/10/2004 12:00 PM 35,328 corpol.dll
08/10/2004 12:00 PM 35,328 dpnhpast.dll
08/10/2004 12:00 PM 35,328 pifmgr.dll
08/10/2004 12:00 PM 35,328 pid.dll
08/10/2004 12:00 PM 35,424 ntio412.sys
08/10/2004 12:00 PM 35,648 ntio411.sys
08/10/2004 12:00 PM 35,755 prncnfg.vbs
08/10/2004 12:00 PM 35,840 rcimlby.exe
08/10/2004 12:00 PM 35,840 narrhook.dll
08/10/2004 12:00 PM 35,840 jgmd400.dll
08/10/2004 12:00 PM 35,840 mssign32.dll
08/10/2004 12:00 PM 35,840 ncpa.cpl
08/10/2004 12:00 PM 35,840 dmloader.dll
08/10/2004 12:00 PM 36,352 ncobjapi.dll
08/10/2004 12:00 PM 36,352 typeperf.exe
08/10/2004 12:00 PM 36,364 secpol.msc
08/10/2004 12:00 PM 36,864 ntmsevt.dll
08/10/2004 12:00 PM 36,864 mscpxl32.dLL
08/10/2004 12:00 PM 36,864 ntsdexts.dll
08/10/2004 12:00 PM 36,864 syskey.exe
08/10/2004 12:00 PM 36,864 nwc.cpl
08/10/2004 12:00 PM 36,864 mqoa10.tlb
08/10/2004 12:00 PM 36,864 netstat.exe
08/10/2004 12:00 PM 36,921 imeshare.dll
08/10/2004 12:00 PM 37,916 msxml2r.dll
08/10/2004 12:00 PM 38,302 compmgmt.msc
08/10/2004 12:00 PM 38,912 sens.dll
08/10/2004 12:00 PM 38,912 dfrgsnap.dll
08/10/2004 12:00 PM 39,274 mem.exe
08/10/2004 12:00 PM 39,424 grpconv.exe
08/10/2004 12:00 PM 39,424 ddeml.dll
08/10/2004 12:00 PM 39,424 esentutl.exe
08/10/2004 12:00 PM 39,744 ole2.dll
08/10/2004 12:00 PM 39,936 ipxrtmgr.dll
08/10/2004 12:00 PM 39,936 perfctrs.dll
08/10/2004 12:00 PM 39,936 cmmon32.exe
08/10/2004 12:00 PM 39,936 cmutil.dll
08/10/2004 12:00 PM 39,936 rshx32.dll
08/10/2004 12:00 PM 40,448 wiasf.ax
08/10/2004 12:00 PM 40,448 osuninst.exe
08/10/2004 12:00 PM 40,448 webhits.dll
08/10/2004 12:00 PM 40,505 cmdlib.wsc
08/10/2004 12:00 PM 40,960 ntmsapi.dll
08/10/2004 12:00 PM 41,019 usrsvpia.dll
08/10/2004 12:00 PM 41,397 dfrg.msc
08/10/2004 12:00 PM 41,472 g711codc.ax
08/10/2004 12:00 PM 41,472 iasads.dll
08/10/2004 12:00 PM 41,762 ciadv.msc
08/10/2004 12:00 PM 41,984 msports.dll
08/10/2004 12:00 PM 41,984 htui.dll
08/10/2004 12:00 PM 42,166 lusrmgr.msc
08/10/2004 12:00 PM 42,339 certmgr.msc
08/10/2004 12:00 PM 42,496 ftp.exe
08/10/2004 12:00 PM 42,496 wsnmp32.dll
08/10/2004 12:00 PM 42,496 audiosrv.dll
08/10/2004 12:00 PM 42,496 net.exe
08/10/2004 12:00 PM 42,496 shmgrate.exe
08/10/2004 12:00 PM 42,537 keyboard.sys
08/10/2004 12:00 PM 42,768 dpwsock.dll
08/10/2004 12:00 PM 42,809 key01.sys
08/10/2004 12:00 PM 43,520 pstorec.dll
08/10/2004 12:00 PM 43,520 ntlanman.dll
08/10/2004 12:00 PM 44,032 dimap.dll
08/10/2004 12:00 PM 44,032 twext.dll
08/10/2004 12:00 PM 44,032 msxml3r.dll
08/10/2004 12:00 PM 44,032 ipsec6.exe
08/10/2004 12:00 PM 44,032 rtutils.dll
08/10/2004 12:00 PM 44,451 rsop.msc
08/10/2004 12:00 PM 44,544 jgaw400.dll
08/10/2004 12:00 PM 44,544 alg.exe
08/10/2004 12:00 PM 45,083 dispex.dll
08/10/2004 12:00 PM 45,116 usrvoica.dll
08/10/2004 12:00 PM 45,568 jgsd400.dll
08/10/2004 12:00 PM 45,568 dnsrslvr.dll
08/10/2004 12:00 PM 45,568 tcpmon.dll
08/10/2004 12:00 PM 45,568 drwtsn32.exe
08/10/2004 12:00 PM 45,568 tcpmonui.dll
08/10/2004 12:00 PM 45,568 extrac32.exe
08/10/2004 12:00 PM 46,080 docprop.dll
08/10/2004 12:00 PM 46,133 sqlsodbc.chm
08/10/2004 12:00 PM 46,258 mib.bin
08/10/2004 12:00 PM 46,592 pmspl.dll
08/10/2004 12:00 PM 47,104 cmdl32.exe
08/10/2004 12:00 PM 47,104 mprui.dll
08/10/2004 12:00 PM 47,104 ssmypics.scr
08/10/2004 12:00 PM 47,104 cnbjmon.dll
08/10/2004 12:00 PM 47,616 d3dxof.dll
08/10/2004 12:00 PM 47,616 iyuv_32.dll
08/10/2004 12:00 PM 47,872 user.exe
08/10/2004 12:00 PM 47,952 jobexec.dll
08/10/2004 12:00 PM 48,128 msprivs.dll
08/10/2004 12:00 PM 48,128 docprop2.dll
08/10/2004 12:00 PM 48,794 ntimage.gif
08/10/2004 12:00 PM 49,152 rsm.exe
08/10/2004 12:00 PM 49,152 rsmui.exe
08/10/2004 12:00 PM 49,152 powercfg.exe
08/10/2004 12:00 PM 49,152 mprdim.dll
08/10/2004 12:00 PM 49,179 sqlwoa.dll
08/10/2004 12:00 PM 49,196 noise.fra
08/10/2004 12:00 PM 49,209 usrv80a.dll
08/10/2004 12:00 PM 49,211 usrsdpia.dll
08/10/2004 12:00 PM 49,211 usrvpa.dll
08/10/2004 12:00 PM 49,664 regapi.dll
08/10/2004 12:00 PM 49,664 w32tm.exe
08/10/2004 12:00 PM 50,176 xmlprovi.dll
08/10/2004 12:00 PM 50,176 eventcreate.exe
08/10/2004 12:00 PM 50,176 mdhcp.dll
08/10/2004 12:00 PM 50,176 loghours.dll
08/10/2004 12:00 PM 50,176 reg.exe
08/10/2004 12:00 PM 50,176 proquota.exe
08/10/2004 12:00 PM 50,620 command.com
08/10/2004 12:00 PM 50,688 smss.exe
08/10/2004 12:00 PM 50,688 camocx.dll
08/10/2004 12:00 PM 50,688 btpanui.dll
08/10/2004 12:00 PM 50,688 wstdecod.dll
08/10/2004 12:00 PM 50,688 mmcshext.dll
08/10/2004 12:00 PM 51,200 syncapp.exe
08/10/2004 12:00 PM 51,200 wmerrenu.dll
08/10/2004 12:00 PM 51,200 dssec.dll
08/10/2004 12:00 PM 51,200 dfrgres.dll
08/10/2004 12:00 PM 51,456 vga256.dll
08/10/2004 12:00 PM 51,712 migpwd.exe
08/10/2004 12:00 PM 51,712 vdmredir.dll
08/10/2004 12:00 PM 51,712 msident.dll
08/10/2004 12:00 PM 52,224 dmutil.dll
08/10/2004 12:00 PM 52,224 tsappcmp.dll
08/10/2004 12:00 PM 52,736 basesrv.dll
08/10/2004 12:00 PM 53,248 ipv6.exe
08/10/2004 12:00 PM 53,279 msjter40.dll
08/10/2004 12:00 PM 53,279 odbcji32.dll
08/10/2004 12:00 PM 53,305 usrlbva.dll
08/10/2004 12:00 PM 53,478 tcpmon.ini
08/10/2004 12:00 PM 53,520 dpserial.dll
08/10/2004 12:00 PM 53,760 winsta.dll
08/10/2004 12:00 PM 53,760 cryptext.dll
08/10/2004 12:00 PM 53,840 dosx.exe
08/10/2004 12:00 PM 54,272 ixsso.dll
08/10/2004 12:00 PM 54,272 dataclen.dll
08/10/2004 12:00 PM 54,784 npptools.dll
08/10/2004 12:00 PM 54,784 msvcirt.dll
08/10/2004 12:00 PM 54,784 icmui.dll
08/10/2004 12:00 PM 55,296 getmac.exe
08/10/2004 12:00 PM 55,296 sendmail.dll
08/10/2004 12:00 PM 55,296 mqoa20.tlb
08/10/2004 12:00 PM 55,296 dvdplay.exe
08/10/2004 12:00 PM 55,808 secur32.dll
08/10/2004 12:00 PM 55,808 eventlog.dll
08/10/2004 12:00 PM 55,808 wmiscmgr.dll
08/10/2004 12:00 PM 55,808 ipconfig.exe
08/10/2004 12:00 PM 56,320 cipher.exe
08/10/2004 12:00 PM 56,320 fsutil.exe
08/10/2004 12:00 PM 56,678 eventvwr.msc
08/10/2004 12:00 PM 56,832 ndptsp.tsp
08/10/2004 12:00 PM 56,832 rasphone.exe
08/10/2004 12:00 PM 57,344 msasn1.dll
08/10/2004 12:00 PM 57,344 dpwsockx.dll
08/10/2004 12:00 PM 57,344 gpupdate.exe
08/10/2004 12:00 PM 57,856 clusapi.dll
08/10/2004 12:00 PM 57,856 ntlanui.dll
08/10/2004 12:00 PM 57,856 synceng.dll
08/10/2004 12:00 PM 58,273 perfmon.msc
08/10/2004 12:00 PM 58,368 packager.exe
08/10/2004 12:00 PM 58,368 driverquery.exe
08/10/2004 12:00 PM 58,880 atl.dll
08/10/2004 12:00 PM 58,880 rastapi.dll
08/10/2004 12:00 PM 58,880 resutils.dll
08/10/2004 12:00 PM 59,392 logman.exe
08/10/2004 12:00 PM 59,392 iassvcs.dll
08/10/2004 12:00 PM 59,904 ipv6mon.dll
08/10/2004 12:00 PM 59,904 mpr.dll
08/10/2004 12:00 PM 59,904 devenum.dll
08/10/2004 12:00 PM 59,904 cabinet.dll
08/10/2004 12:00 PM 59,904 regsvc.dll
08/10/2004 12:00 PM 60,416 cryptsvc.dll
08/10/2004 12:00 PM 60,416 msratelc.dll
08/10/2004 12:00 PM 60,416 fwcfg.dll
08/10/2004 12:00 PM 60,928 dpnhupnp.dll
08/10/2004 12:00 PM 60,928 ocmanage.dll
08/10/2004 12:00 PM 60,928 miglibnt.dll
08/10/2004 12:00 PM 60,928 mqgentr.dll
08/10/2004 12:00 PM 61,168 msacm.dll
08/10/2004 12:00 PM 61,172 cmmgr32.hlp
08/10/2004 12:00 PM 61,440 dmcompos.dll
08/10/2004 12:00 PM 61,440 rasman.dll
08/10/2004 12:00 PM 61,440 dmview.ocx
08/10/2004 12:00 PM 61,440 msvcrt40.dll
08/10/2004 12:00 PM 61,440 tlntadmn.exe
08/10/2004 12:00 PM 61,500 usrcntra.dll
08/10/2004 12:00 PM 61,508 usrprbda.exe
08/10/2004 12:00 PM 61,952 acelpdec.ax
08/10/2004 12:00 PM 61,952 dpnwsock.dll
08/10/2004 12:00 PM 62,464 dpnmodem.dll
08/10/2004 12:00 PM 62,464 iasnap.dll
08/10/2004 12:00 PM 62,976 rsopprov.exe
08/10/2004 12:00 PM 62,976 pautoenr.dll
08/10/2004 12:00 PM 62,976 dsauth.dll
08/10/2004 12:00 PM 63,488 cryptnet.dll
08/10/2004 12:00 PM 63,488 cmstp.exe
08/10/2004 12:00 PM 63,488 browselc.dll
08/10/2004 12:00 PM 64,000 avicap32.dll
08/10/2004 12:00 PM 64,000 samlib.dll
08/10/2004 12:00 PM 64,000 cleanmgr.exe
08/10/2004 12:00 PM 65,024 asycfilt.dll
08/10/2004 12:00 PM 65,024 msaudite.dll
08/10/2004 12:00 PM 65,489 wbcache.sve
08/10/2004 12:00 PM 65,489 wbcache.enu
08/10/2004 12:00 PM 65,489 wbcache.esn
08/10/2004 12:00 PM 65,489 wbcache.nld
08/10/2004 12:00 PM 65,489 wbcache.ita
08/10/2004 12:00 PM 65,489 wbcache.deu
08/10/2004 12:00 PM 65,489 wbcache.fra
08/10/2004 12:00 PM 65,536 wshext.dll
08/10/2004 12:00 PM 65,536 odbccr32.dll
08/10/2004 12:00 PM 65,536 odbccu32.dll
08/10/2004 12:00 PM 65,536 shimeng.dll
08/10/2004 12:00 PM 65,536 jgsh400.dll
08/10/2004 12:00 PM 65,536 wextract.exe
08/10/2004 12:00 PM 66,082 c_28599.nls
08/10/2004 12:00 PM 66,082 c_20905.nls
08/10/2004 12:00 PM 66,082 c_21866.nls
08/10/2004 12:00 PM 66,082 c_875.nls
08/10/2004 12:00 PM 66,082 c_28591.nls
08/10/2004 12:00 PM 66,082 c_28592.nls
08/10/2004 12:00 PM 66,082 c_1255.nls
08/10/2004 12:00 PM 66,082 c_28593.nls
08/10/2004 12:00 PM 66,082 c_1254.nls
08/10/2004 12:00 PM 66,082 c_10081.nls
08/10/2004 12:00 PM 66,082 c_28605.nls
08/10/2004 12:00 PM 66,082 c_500.nls
08/10/2004 12:00 PM 66,082 c_10082.nls
08/10/2004 12:00 PM 66,082 c_1256.nls
08/10/2004 12:00 PM 66,082 c_1258.nls
08/10/2004 12:00 PM 66,082 c_10006.nls
08/10/2004 12:00 PM 66,082 c_1251.nls
08/10/2004 12:00 PM 66,082 c_1250.nls
08/10/2004 12:00 PM 66,082 c_20866.nls
08/10/2004 12:00 PM 66,082 c_10007.nls
08/10/2004 12:00 PM 66,082 c_1026.nls
08/10/2004 12:00 PM 66,082 c_10017.nls
08/10/2004 12:00 PM 66,082 c_1257.nls
08/10/2004 12:00 PM 66,082 c_10029.nls
08/10/2004 12:00 PM 66,082 c_10079.nls
08/10/2004 12:00 PM 66,082 c_10000.nls
08/10/2004 12:00 PM 66,082 C_28595.NLS
08/10/2004 12:00 PM 66,082 c_037.nls
08/10/2004 12:00 PM 66,082 c_20127.nls
08/10/2004 12:00 PM 66,082 C_28597.NLS
08/10/2004 12:00 PM 66,082 c_1252.nls
08/10/2004 12:00 PM 66,082 c_1253.nls
08/10/2004 12:00 PM 66,082 c_28603.nls
08/10/2004 12:00 PM 66,082 c_28598.nls
08/10/2004 12:00 PM 66,082 c_10010.nls
08/10/2004 12:00 PM 66,082 C_28594.NLS
08/10/2004 12:00 PM 66,560 ipxsap.dll
08/10/2004 12:00 PM 66,560 console.dll
08/10/2004 12:00 PM 66,594 c_866.nls
08/10/2004 12:00 PM 66,594 c_855.nls
08/10/2004 12:00 PM 66,594 c_863.nls
08/10/2004 12:00 PM 66,594 c_869.nls
08/10/2004 12:00 PM 66,594 c_861.nls
08/10/2004 12:00 PM 66,594 c_437.nls
08/10/2004 12:00 PM 66,594 c_874.nls
08/10/2004 12:00 PM 66,594 c_860.nls
08/10/2004 12:00 PM 66,594 c_737.nls
08/10/2004 12:00 PM 66,594 c_850.nls
08/10/2004 12:00 PM 66,594 c_865.nls
08/10/2004 12:00 PM 66,594 c_852.nls
08/10/2004 12:00 PM 66,594 c_857.nls
08/10/2004 12:00 PM 66,594 c_775.nls
08/10/2004 12:00 PM 67,072 ntdsapi.dll
08/10/2004 12:00 PM 67,584 sti.dll
08/10/2004 12:00 PM 67,584 osuninst.dll
08/10/2004 12:00 PM 67,584 openfiles.exe
08/10/2004 12:00 PM 68,096 shgina.dll
08/10/2004 12:00 PM 68,096 systeminfo.exe
08/10/2004 12:00 PM 68,096 adsmsext.dll
08/10/2004 12:00 PM 68,608 digest.dll
08/10/2004 12:00 PM 68,608 joy.cpl
08/10/2004 12:00 PM 68,768 mmsystem.dll
08/10/2004 12:00 PM 69,120 notepad.exe
08/10/2004 12:00 PM 69,120 mprddm.dll
08/10/2004 12:00 PM 69,120 MSCTFP.dll
08/10/2004 12:00 PM 69,120 olethk32.dll
08/10/2004 12:00 PM 69,120 ipxpromn.dll
08/10/2004 12:00 PM 69,584 avicap.dll
08/10/2004 12:00 PM 69,632 odbcconf.exe
08/10/2004 12:00 PM 69,632 spnike.dll
08/10/2004 12:00 PM 69,632 msr2c.dll
08/10/2004 12:00 PM 69,632 scarddlg.dll
08/10/2004 12:00 PM 69,632 raschap.dll
08/10/2004 12:00 PM 69,632 msscds32.ax
08/10/2004 12:00 PM 69,699 usrcoina.dll
08/10/2004 12:00 PM 69,700 usrshuta.exe
08/10/2004 12:00 PM 69,886 edit.com
08/10/2004 12:00 PM 70,144 sigverif.exe
08/10/2004 12:00 PM 70,656 sprio600.dll
08/10/2004 12:00 PM 70,656 ifsutil.dll
08/10/2004 12:00 PM 70,656 mmcbase.dll
08/10/2004 12:00 PM 70,656 amstream.dll
08/10/2004 12:00 PM 71,680 dsdmoprp.dll
08/10/2004 12:00 PM 71,680 msacm32.dll
08/10/2004 12:00 PM 71,680 ssdpsrv.dll
08/10/2004 12:00 PM 71,680 blastcln.exe
08/10/2004 12:00 PM 71,859 cliconf.chm
08/10/2004 12:00 PM 72,192 taskkill.exe
08/10/2004 12:00 PM 72,192 tasklist.exe
08/10/2004 12:00 PM 72,192 sprio800.dll
08/10/2004 12:00 PM 72,704 msw3prt.dll
08/10/2004 12:00 PM 73,216 tlntsvr.exe
08/10/2004 12:00 PM 73,376 mciavi.drv
08/10/2004 12:00 PM 73,728 csseqchk.dll
08/10/2004 12:00 PM 73,728 fdeploy.dll
08/10/2004 12:00 PM 73,802 msrclr40.dll
08/10/2004 12:00 PM 74,240 dhcpsapi.dll
08/10/2004 12:00 PM 74,240 unimdmat.dll
08/10/2004 12:00 PM 74,752 cryptdlg.dll
08/10/2004 12:00 PM 74,752 spoolss.dll
08/10/2004 12:00 PM 75,264 inetpp.dll
08/10/2004 12:00 PM 75,264 locator.exe
08/10/2004 12:00 PM 75,776 wiascr.dll
08/10/2004 12:00 PM 75,776 strmfilt.dll
08/10/2004 12:00 PM 76,800 gcdef.dll
08/10/2004 12:00 PM 76,800 nslookup.exe
08/10/2004 12:00 PM 77,312 sdbinst.exe
08/10/2004 12:00 PM 77,312 rtcshare.exe
08/10/2004 12:00 PM 77,312 browser.dll
08/10/2004 12:00 PM 77,824 eventtriggers.exe
08/10/2004 12:00 PM 77,824 shrpubw.exe
08/10/2004 12:00 PM 77,824 cliconfg.dll
08/10/2004 12:00 PM 77,883 usrrtosa.dll
08/10/2004 12:00 PM 77,890 usrdpa.dll
08/10/2004 12:00 PM 77,891 usrmlnka.exe
08/10/2004 12:00 PM 78,336 browsewm.dll
08/10/2004 12:00 PM 78,336 tlntsess.exe
08/10/2004 12:00 PM 78,848 tapiui.dll
08/10/2004 12:00 PM 80,384 autodisc.dll
08/10/2004 12:00 PM 80,384 iccvid.dll
08/10/2004 12:00 PM 80,384 firewall.cpl
08/10/2004 12:00 PM 80,384 faultrep.dll
08/10/2004 12:00 PM 80,896 netui0.dll
08/10/2004 12:00 PM 81,408 fsusd.dll
08/10/2004 12:00 PM 81,408 wscsvc.dll
08/10/2004 12:00 PM 81,408 mqoa.tlb
08/10/2004 12:00 PM 81,920 proctexe.ocx
08/10/2004 12:00 PM 82,432 ufat.dll
08/10/2004 12:00 PM 82,432 dfrgfat.exe
08/10/2004 12:00 PM 82,432 dmscript.dll
08/10/2004 12:00 PM 82,944 ws2_32.dll
08/10/2004 12:00 PM 82,944 olecli.dll
08/10/2004 12:00 PM 83,456 l3codecx.ax
08/10/2004 12:00 PM 83,456 dpvsetup.exe
08/10/2004 12:00 PM 83,456 olepro32.dll
08/10/2004 12:00 PM 83,968 ipxmontr.dll
08/10/2004 12:00 PM 84,480 cabview.dll
08/10/2004 12:00 PM 84,480 mciavi32.dll
08/10/2004 12:00 PM 84,992 avifil32.dll
08/10/2004 12:00 PM 85,020 dgsetup.dll
08/10/2004 12:00 PM 85,504 makecab.exe
08/10/2004 12:00 PM 85,504 diantz.exe
08/10/2004 12:00 PM 86,016 msapsspc.dll
08/10/2004 12:00 PM 86,016 netsh.exe
08/10/2004 12:00 PM 86,016 sl_anet.acm
08/10/2004 12:00 PM 86,073 usrfaxa.dll
08/10/2004 12:00 PM 86,528 iassam.dll
08/10/2004 12:00 PM 87,040 mprapi.dll
08/10/2004 12:00 PM 87,552 fldrclnr.dll
08/10/2004 12:00 PM 89,088 rasauto.dll
08/10/2004 12:00 PM 89,088 mqlogmgr.dll
08/10/2004 12:00 PM 89,588 unicode.nls
08/10/2004 12:00 PM 89,600 langwrbk.dll
08/10/2004 12:00 PM 89,600 smlogsvc.exe
08/10/2004 12:00 PM 90,112 sqlsrv32.rll
08/10/2004 12:00 PM 90,112 rsvpsp.dll
08/10/2004 12:00 PM 90,112 mycomput.dll
08/10/2004 12:00 PM 90,624 mydocs.dll
08/10/2004 12:00 PM 90,624 trkwks.dll
08/10/2004 12:00 PM 91,136 ntprint.dll
08/10/2004 12:00 PM 91,648 xactsrv.dll
08/10/2004 12:00 PM 92,168 rdpdd.dll
08/10/2004 12:00 PM 92,224 krnl386.exe
08/10/2004 12:00 PM 92,672 wlnotify.dll
08/10/2004 12:00 PM 92,672 dskquota.dll
08/10/2004 12:00 PM 94,208 timedate.cpl
08/10/2004 12:00 PM 94,208 odbcint.dll
08/10/2004 12:00 PM 94,282 msencode.dll
08/10/2004 12:00 PM 95,744 scardsvr.exe
08/10/2004 12:00 PM 96,768 dpcdll.dll
08/10/2004 12:00 PM 96,768 psbase.dll
08/10/2004 12:00 PM 97,280 loadperf.dll
08/10/2004 12:00 PM 97,965 eventquery.vbs
08/10/2004 12:00 PM 98,304 ahui.exe
08/10/2004 12:00 PM 98,304 slbiop.dll
08/10/2004 12:00 PM 98,304 verifier.exe
08/10/2004 12:00 PM 98,304 rtm.dll
08/10/2004 12:00 PM 98,304 cscript.exe
08/10/2004 12:00 PM 98,304 wshom.ocx
08/10/2004 12:00 PM 99,328 winscard.dll
08/10/2004 12:00 PM 99,840 mprmsg.dll
08/10/2004 12:00 PM 101,888 gpkcsp.dll
08/10/2004 12:00 PM 101,888 actxprxy.dll
08/10/2004 12:00 PM 101,888 cscdll.dll
08/10/2004 12:00 PM 101,888 win32spl.dll
08/10/2004 12:00 PM 102,400 rcbdyctl.dll
08/10/2004 12:00 PM 102,400 msscript.ocx
08/10/2004 12:00 PM 102,446 net.hlp
08/10/2004 12:00 PM 102,457 usrv42a.dll
08/10/2004 12:00 PM 102,912 apcups.dll
08/10/2004 12:00 PM 102,912 msaatext.dll
08/10/2004 12:00 PM 103,424 dmsynth.dll
08/10/2004 12:00 PM 103,424 EqnClass.Dll
08/10/2004 12:00 PM 103,936 nlhtml.dll
08/10/2004 12:00 PM 104,448 dmusic.dll
08/10/2004 12:00 PM 104,960 dfrgntfs.exe
08/10/2004 12:00 PM 105,472 polstore.dll
08/10/2004 12:00 PM 105,984 sysocmgr.exe
08/10/2004 12:00 PM 105,984 dmstyle.dll
08/10/2004 12:00 PM 106,496 odbccp32.dll
08/10/2004 12:00 PM 107,008 oleprn.dll
08/10/2004 12:00 PM 107,520 rsnotify.exe
08/10/2004 12:00 PM 107,520 rend.dll
08/10/2004 12:00 PM 108,032 services.exe
08/10/2004 12:00 PM 108,032 wshbth.dll
08/10/2004 12:00 PM 108,464 netapi.dll
08/10/2004 12:00 PM 109,456 avifile.dll
08/10/2004 12:00 PM 109,568 progman.exe
08/10/2004 12:00 PM 109,568 adsnw.dll
08/10/2004 12:00 PM 109,568 cic.dll
08/10/2004 12:00 PM 110,080 imm32.dll
08/10/2004 12:00 PM 110,592 inetcplc.dll
08/10/2004 12:00 PM 110,592 dbnetlib.dll
08/10/2004 12:00 PM 110,592 bthprops.cpl
08/10/2004 12:00 PM 111,104 dgnet.dll
08/10/2004 12:00 PM 111,104 wiavideo.dll
08/10/2004 12:00 PM 111,104 activeds.tlb
08/10/2004 12:00 PM 111,104 netdde.exe
08/10/2004 12:00 PM 112,128 mapistub.dll
08/10/2004 12:00 PM 112,128 mapi32.dll
08/10/2004 12:00 PM 112,128 rastls.dll
08/10/2004 12:00 PM 113,152 dsuiext.dll
08/10/2004 12:00 PM 114,688 powercfg.cpl
08/10/2004 12:00 PM 114,688 asctrls.ocx
08/10/2004 12:00 PM 114,688 wscript.exe
08/10/2004 12:00 PM 114,688 aclui.dll
08/10/2004 12:00 PM 114,688 iexpress.exe
08/10/2004 12:00 PM 115,200 wmsdmoe.dll
08/10/2004 12:00 PM 115,712 mstlsapi.dll
08/10/2004 12:00 PM 116,736 dpvvox.dll
08/10/2004 12:00 PM 117,248 mqtgsvc.exe
08/10/2004 12:00 PM 117,760 fde.dll
08/10/2004 12:00 PM 118,272 mdminst.dll
08/10/2004 12:00 PM 118,784 scardssp.dll
08/10/2004 12:00 PM 118,784 ntmarta.dll
08/10/2004 12:00 PM 118,784 msdadiag.dll
08/10/2004 12:00 PM 118,784 dmdskres.dll
08/10/2004 12:00 PM 119,808 iasrad.dll
08/10/2004 12:00 PM 119,808 gpresult.exe
08/10/2004 12:00 PM 119,808 mmutilse.dll
08/10/2004 12:00 PM 120,320 ir41_qc.dll
08/10/2004 12:00 PM 120,832 idq.dll
08/10/2004 12:00 PM 120,832 offfilt.dll
08/10/2004 12:00 PM 120,832 msvfw32.dll
08/10/2004 12:00 PM 121,856 stobject.dll
08/10/2004 12:00 PM 121,856 schtasks.exe
08/10/2004 12:00 PM 121,856 exts.dll
08/10/2004 12:00 PM 122,880 glu32.dll
08/10/2004 12:00 PM 123,392 mqrtdep.dll
08/10/2004 12:00 PM 123,392 input.dll
08/10/2004 12:00 PM 123,904 dfrgui.dll
08/10/2004 12:00 PM 124,416 wiadss.dll
08/10/2004 12:00 PM 124,928 net1.exe
08/10/2004 12:00 PM 126,464 nwscript.exe
08/10/2004 12:00 PM 126,912 msvideo.dll
08/10/2004 12:00 PM 126,976 apphelp.dll
08/10/2004 12:00 PM 127,213 ega.cpi
08/10/2004 12:00 PM 129,536 xmlprov.dll
08/10/2004 12:00 PM 129,536 msv1_0.dll
08/10/2004 12:00 PM 129,536 acledit.dll
08/10/2004 12:00 PM 129,536 intl.cpl
08/10/2004 12:00 PM 130,048 sdpblb.dll
08/10/2004 12:00 PM 132,608 upnp.dll
08/10/2004 12:00 PM 132,608 rsvp.exe
08/10/2004 12:00 PM 134,400 hal.dll
08/10/2004 12:00 PM 134,656 mssap.dll
08/10/2004 12:00 PM 135,168 desk.cpl
08/10/2004 12:00 PM 135,168 odbcconf.dll
08/10/2004 12:00 PM 135,680 webvw.dll
08/10/2004 12:00 PM 135,680 taskmgr.exe
08/10/2004 12:00 PM 135,680 ifmon.dll
08/10/2004 12:00 PM 136,704 bootcfg.exe
08/10/2004 12:00 PM 136,704 sti_ci.dll
08/10/2004 12:00 PM 137,216 dssenh.dll
08/10/2004 12:00 PM 138,752 swprv.dll
08/10/2004 12:00 PM 139,264 netid.dll
08/10/2004 12:00 PM 139,810 c_20261.nls
08/10/2004 12:00 PM 140,288 sfc_os.dll
08/10/2004 12:00 PM 141,312 iasrecst.dll
08/10/2004 12:00 PM 142,336 dsprop.dll
08/10/2004 12:00 PM 142,848 capesnpn.dll
08/10/2004 12:00 PM 143,360 msorcl32.dll
08/10/2004 12:00 PM 143,360 mobsync.exe
08/10/2004 12:00 PM 143,360 rasmontr.dll
08/10/2004 12:00 PM 143,360 adsldpc.dll
08/10/2004 12:00 PM 143,872 ntshrui.dll
08/10/2004 12:00 PM 144,384 dskquoui.dll
08/10/2004 12:00 PM 144,384 imagehlp.dll
08/10/2004 12:00 PM 144,896 hotplug.dll
08/10/2004 12:00 PM 145,408 wiavusd.dll
08/10/2004 12:00 PM 146,432 winspool.drv
08/10/2004 12:00 PM 147,456 odbctrac.dll
08/10/2004 12:00 PM 147,456 initpki.dll
08/10/2004 12:00 PM 147,968 mdwmdmsp.dll
08/10/2004 12:00 PM 148,480 wscui.cpl
08/10/2004 12:00 PM 149,019 crtdll.dll
08/10/2004 12:00 PM 149,848 noise.deu
08/10/2004 12:00 PM 150,016 imapi.exe
08/10/2004 12:00 PM 150,528 keymgr.dll
08/10/2004 12:00 PM 151,552 scrrun.dll
08/10/2004 12:00 PM 151,552 shmedia.dll
08/10/2004 12:00 PM 151,552 msdart.dll
08/10/2004 12:00 PM 151,583 msjint40.dll
08/10/2004 12:00 PM 152,064 datime.dll
08/10/2004 12:00 PM 152,576 rsaenh.dll
08/10/2004 12:00 PM 153,008 ole2nls.dll
08/10/2004 12:00 PM 153,088 daxctle.ocx
08/10/2004 12:00 PM 153,600 modemui.dll
08/10/2004 12:00 PM 154,112 ipmontr.dll
08/10/2004 12:00 PM 154,624 ivfsrc.ax
08/10/2004 12:00 PM 155,136 hdwwiz.cpl
08/10/2004 12:00 PM 157,696 paqsp.dll
08/10/2004 12:00 PM 159,232 dinput.dll
08/10/2004 12:00 PM 159,232 sbeio.dll
08/10/2004 12:00 PM 159,232 MSIMTF.dll
08/10/2004 12:00 PM 159,744 scrobj.dll
08/10/2004 12:00 PM 161,792 adsnds.dll
08/10/2004 12:00 PM 162,850 c_932.nls
08/10/2004 12:00 PM 163,328 ciadmin.dll
08/10/2004 12:00 PM 163,328 oleacc.dll
08/10/2004 12:00 PM 163,840 diskpart.exe
08/10/2004 12:00 PM 163,840 credui.dll
08/10/2004 12:00 PM 167,219 pagefileconfig.vbs
08/10/2004 12:00 PM 167,936 appmgmts.dll
08/10/2004 12:00 PM 169,520 ole2disp.dll
08/10/2004 12:00 PM 169,984 sccbase.dll
08/10/2004 12:00 PM 169,984 iprtrmgr.dll
08/10/2004 12:00 PM 171,008 netmsg.dll
08/10/2004 12:00 PM 171,008 sccsccp.dll
08/10/2004 12:00 PM 172,032 wldap32.dll
08/10/2004 12:00 PM 174,200 xenroll.dll
08/10/2004 12:00 PM 174,592 w32time.dll
08/10/2004 12:00 PM 175,616 adsldp.dll
08/10/2004 12:00 PM 176,128 photowiz.dll
08/10/2004 12:00 PM 176,128 ftsrch.dll
08/10/2004 12:00 PM 176,128 winmm.dll
08/10/2004 12:00 PM 176,157 dgrpsetu.dll
08/10/2004 12:00 PM 176,640 wintrust.dll
08/10/2004 12:00 PM 177,152 MSCTFIME.IME
08/10/2004 12:00 PM 177,856 typelib.dll
08/10/2004 12:00 PM 179,712 ntmsdba.dll
08/10/2004 12:00 PM 180,224 scecli.dll
08/10/2004 12:00 PM 180,224 dwwin.exe
08/10/2004 12:00 PM 180,800 sqlunirl.dll
08/10/2004 12:00 PM 181,248 dmime.dll
08/10/2004 12:00 PM 181,760 dsdmo.dll
08/10/2004 12:00 PM 181,760 dinput8.dll
08/10/2004 12:00 PM 181,760 tapi32.dll
08/10/2004 12:00 PM 182,272 snmpsnap.dll
08/10/2004 12:00 PM 182,784 ipsecsvc.dll
08/10/2004 12:00 PM 183,296 els.dll
08/10/2004 12:00 PM 183,808 ir50_qcx.dll
08/10/2004 12:00 PM 186,880 mqtrig.dll
08/10/2004 12:00 PM 187,392 xpsp1res.dll
08/10/2004 12:00 PM 187,904 main.cpl
08/10/2004 12:00 PM 191,488 syncui.dll
08/10/2004 12:00 PM 192,512 qcap.dll
08/10/2004 12:00 PM 193,024 eudcedit.exe
08/10/2004 12:00 PM 193,024 fsquirt.exe
08/10/2004 12:00 PM 194,048 activeds.dll
08/10/2004 12:00 PM 194,560 certcli.dll
08/10/2004 12:00 PM 195,072 msutb.dll
08/10/2004 12:00 PM 196,642 c_936.nls
08/10/2004 12:00 PM 196,642 c_950.nls
08/10/2004 12:00 PM 196,642 c_949.nls
08/10/2004 12:00 PM 198,656 gptext.dll
08/10/2004 12:00 PM 199,168 ir32_32.dll
08/10/2004 12:00 PM 199,680 iac25_32.ax
08/10/2004 12:00 PM 200,192 ir50_qc.dll
08/10/2004 12:00 PM 200,704 dmdskmgr.dll
08/10/2004 12:00 PM 204,288 mswebdvd.dll
08/10/2004 12:00 PM 206,336 rasppp.dll
08/10/2004 12:00 PM 206,848 unimdm.tsp
08/10/2004 12:00 PM 207,360 mobsync.dll
08/10/2004 12:00 PM 208,896 wavemsp.dll
08/10/2004 12:00 PM 212,480 dpvoice.dll
08/10/2004 12:00 PM 213,023 msltus40.dll
08/10/2004 12:00 PM 214,016 netevent.dll
08/10/2004 12:00 PM 216,064 moricons.dll
08/10/2004 12:00 PM 218,003 dssec.dat
08/10/2004 12:00 PM 218,624 sysmon.ocx
08/10/2004 12:00 PM 218,624 uxtheme.dll
08/10/2004 12:00 PM 220,672 logon.scr
08/10/2004 12:00 PM 221,184 msadds32.ax
08/10/2004 12:00 PM 221,600 lanman.drv
08/10/2004 12:00 PM 221,696 localsec.dll
08/10/2004 12:00 PM 224,768 dmadmin.exe
08/10/2004 12:00 PM 225,280 mqoa.dll
08/10/2004 12:00 PM 229,376 compstui.dll
08/10/2004 12:00 PM 229,888 dplayx.dll
08/10/2004 12:00 PM 236,544 rasapi32.dll
08/10/2004 12:00 PM 239,104 dsquery.dll
08/10/2004 12:00 PM 239,616 upnpui.dll
08/10/2004 12:00 PM 239,616 qpnpui.dll
08/10/2004 12:00 PM 239,616 apnpui.dll
08/10/2004 12:00 PM 240,120 setup.bmp
08/10/2004 12:00 PM 241,693 msjtes40.dll
08/10/2004 12:00 PM 245,248 mswsock.dll
08/10/2004 12:00 PM 245,760 netui1.dll
08/10/2004 12:00 PM 247,808 iassdo.dll
08/10/2004 12:00 PM 248,832 msieftp.dll
08/10/2004 12:00 PM 248,832 newdev.dll
08/10/2004 12:00 PM 249,270 locale.nls
08/10/2004 12:00 PM 249,856 odbc32.dll
08/10/2004 12:00 PM 252,928 compatUI.dll
08/10/2004 12:00 PM 253,952 neth.dll
08/10/2004 12:00 PM 253,952 msvcrt20.dll
08/10/2004 12:00 PM 257,024 nusrmgr.cpl
08/10/2004 12:00 PM 258,048 wmvds32.ax
08/10/2004 12:00 PM 258,077 mstext40.dll
08/10/2004 12:00 PM 259,584 tracerpt.exe
08/10/2004 12:00 PM 262,144 mpg4ds32.ax
08/10/2004 12:00 PM 262,148 sortkey.nls
08/10/2004 12:00 PM 263,680 adsnt.dll
08/10/2004 12:00 PM 264,192 wow32.dll
08/10/2004 12:00 PM 265,728 h323.tsp
08/10/2004 12:00 PM 266,240 ddraw.dll
08/10/2004 12:00 PM 266,752 oakley.dll
08/10/2004 12:00 PM 272,128 perfi009.dat
08/10/2004 12:00 PM 273,920 dmdlgs.dll
08/10/2004 12:00 PM 275,456 ulib.dll
08/10/2004 12:00 PM 276,992 comdlg32.dll
08/10/2004 12:00 PM 278,559 odbcjt32.dll
08/10/2004 12:00 PM 278,559 wmv8ds32.ax
08/10/2004 12:00 PM 279,040 qdv.dll
08/10/2004 12:00 PM 282,624 devmgr.dll
08/10/2004 12:00 PM 283,648 pdh.dll
08/10/2004 12:00 PM 285,184 glmf32.dll
08/10/2004 12:00 PM 285,696 objsel.dll
08/10/2004 12:00 PM 285,696 atmfd.dll
08/10/2004 12:00 PM 289,792 vssvc.exe
08/10/2004 12:00 PM 290,816 msnsspc.dll
08/10/2004 12:00 PM 290,816 l3codeca.acm
08/10/2004 12:00 PM 294,400 MSCTF.dll
08/10/2004 12:00 PM 294,912 msh263.drv
08/10/2004 12:00 PM 294,912 msaud32.acm
08/10/2004 12:00 PM 295,936 appmgr.dll
08/10/2004 12:00 PM 298,496 sysdm.cpl
08/10/2004 12:00 PM 303,616 wmstream.dll
08/10/2004 12:00 PM 304,128 duser.dll
08/10/2004 12:00 PM 306,176 slbcsp.dll
08/10/2004 12:00 PM 308,224 netui2.dll
08/10/2004 12:00 PM 313,856 scesrv.dll
08/10/2004 12:00 PM 315,423 msrd3x40.dll
08/10/2004 12:00 PM 316,416 untfs.dll
08/10/2004 12:00 PM 319,517 msexcl40.dll
08/10/2004 12:00 PM 323,641 usrdtea.dll
08/10/2004 12:00 PM 326,656 cscui.dll
08/10/2004 12:00 PM 329,728 netsetup.exe
08/10/2004 12:00 PM 330,752 ippromon.dll
08/10/2004 12:00 PM 330,752 hnetwiz.dll
08/10/2004 12:00 PM 330,752 dmconfig.dll
08/10/2004 12:00 PM 331,264 ipnathlp.dll
08/10/2004 12:00 PM 337,920 filemgmt.dll
08/10/2004 12:00 PM 337,920 zipfldr.dll
08/10/2004 12:00 PM 338,432 ir41_qcx.dll
08/10/2004 12:00 PM 341,504 localspl.dll
08/10/2004 12:00 PM 343,040 cmdial32.dll
08/10/2004 12:00 PM 343,040 msvcrt.dll
08/10/2004 12:00 PM 344,064 hnetcfg.dll
08/10/2004 12:00 PM 345,600 confmsp.dll
08/10/2004 12:00 PM 347,136 tourstart.exe
08/10/2004 12:00 PM 348,189 msxbde40.dll
08/10/2004 12:00 PM 348,189 mspbde40.dll
08/10/2004 12:00 PM 349,696 ipsecsnp.dll
08/10/2004 12:00 PM 350,208 d3drm.dll
08/10/2004 12:00 PM 351,232 winhttp.dll
08/10/2004 12:00 PM 358,400 termmgr.dll
08/10/2004 12:00 PM 358,976 msjetoledb40.dll
08/10/2004 12:00 PM 359,936 cards.dll
08/10/2004 12:00 PM 362,496 jet500.dll
08/10/2004 12:00 PM 363,008 smlogcfg.dll
08/10/2004 12:00 PM 367,616 dsound.dll
08/10/2004 12:00 PM 370,176 dhcpmon.dll
08/10/2004 12:00 PM 375,296 dpnet.dll
08/10/2004 12:00 PM 380,416 irprops.cpl
08/10/2004 12:00 PM 380,957 expsrv.dll
08/10/2004 12:00 PM 382,976 fontext.dll
08/10/2004 12:00 PM 384,000 ipsmsnap.dll
08/10/2004 12:00 PM 385,536 themeui.dll
08/10/2004 12:00 PM 388,608 cmd.exe
08/10/2004 12:00 PM 393,216 ssflwbox.scr
08/10/2004 12:00 PM 394,240 diactfrm.dll
08/10/2004 12:00 PM 397,824 regwizc.dll
08/10/2004 12:00 PM 399,872 lmrt.dll
08/10/2004 12:00 PM 406,528 usp10.dll
08/10/2004 12:00 PM 407,040 netlogon.dll
08/10/2004 12:00 PM 413,696 msvcp60.dll
08/10/2004 12:00 PM 414,208 setupdll.dll
08/10/2004 12:00 PM 415,744 samsrv.dll
08/10/2004 12:00 PM 419,840 ntvdm.exe
08/10/2004 12:00 PM 421,919 msrd2x40.dll
08/10/2004 12:00 PM 423,936 licdll.dll
08/10/2004 12:00 PM 430,592 vssapi.dll
08/10/2004 12:00 PM 433,664 wiaacmgr.exe
08/10/2004 12:00 PM 435,200 ntmssvc.dll
08/10/2004 12:00 PM 435,712 shellstyle.dll
08/10/2004 12:00 PM 436,224 d3dim.dll
08/10/2004 12:00 PM 438,272 shimgvw.dll
08/10/2004 12:00 PM 438,784 xpob2res.dll
08/10/2004 12:00 PM 442,368 sqlsrv32.dll
08/10/2004 12:00 PM 450,560 infosoft.dll
08/10/2004 12:00 PM 457,728 certmgr.dll
08/10/2004 12:00 PM 463,360 wiadefui.dll
08/10/2004 12:00 PM 488,448 ntmsmgr.dll
08/10/2004 12:00 PM 502,272 winlogon.exe
08/10/2004 12:00 PM 506,368 msxml.dll
08/10/2004 12:00 PM 512,029 msexch40.dll
08/10/2004 12:00 PM 512,512 cryptui.dll
08/10/2004 12:00 PM 514,560 logonui.exe
08/10/2004 12:00 PM 517,632 mqsnap.dll
08/10/2004 12:00 PM 549,376 shdoclc.dll
08/10/2004 12:00 PM 549,888 appwiz.cpl
08/10/2004 12:00 PM 552,989 msrepl40.dll
08/10/2004 12:00 PM 560,640 printui.dll
08/10/2004 12:00 PM 562,176 qedit.dll
08/10/2004 12:00 PM 565,760 msvcp50.dll
08/10/2004 12:00 PM 566,784 gpedit.dll
08/10/2004 12:00 PM 580,608 autofmt.exe
08/10/2004 12:00 PM 586,240 mlang.dll
08/10/2004 12:00 PM 588,800 autochk.exe
08/10/2004 12:00 PM 589,312 wiashext.dll
08/10/2004 12:00 PM 590,336 d3dramp.dll
08/10/2004 12:00 PM 596,992 wsecedit.dll
08/10/2004 12:00 PM 597,504 crypt32.dll
08/10/2004 12:00 PM 602,624 autoconv.exe
08/10/2004 12:00 PM 610,304 sspipes.scr
08/10/2004 12:00 PM 614,429 mswstr10.dll
08/10/2004 12:00 PM 614,912 h323msp.dll
08/10/2004 12:00 PM 616,960 advapi32.dll
08/10/2004 12:00 PM 618,496 mmsys.cpl
08/10/2004 12:00 PM 619,008 dx7vb.dll
08/10/2004 12:00 PM 622,080 netcfgx.dll
08/10/2004 12:00 PM 640,000 dbghelp.dll
08/10/2004 12:00 PM 657,920 rasdlg.dll
08/10/2004 12:00 PM 673,088 mlang.dat
08/10/2004 12:00 PM 679,936 sstext3d.scr
08/10/2004 12:00 PM 701,440 msxml2.dll
08/10/2004 12:00 PM 704,512 ss3dfo.scr
08/10/2004 12:00 PM 708,096 ntdll.dll
08/10/2004 12:00 PM 713,728 opengl32.dll
08/10/2004 12:00 PM 723,456 userenv.dll
08/10/2004 12:00 PM 733,696 qedwipes.dll
08/10/2004 12:00 PM 750,080 wbdbase.esn
08/10/2004 12:00 PM 755,200 ir50_32.dll
08/10/2004 12:00 PM 764,928 winntbbu.dll
08/10/2004 12:00 PM 786,944 wbdbase.fra
08/10/2004 12:00 PM 792,064 comres.dll
08/10/2004 12:00 PM 815,104 mmc.exe
08/10/2004 12:00 PM 825,344 d3dim700.dll
08/10/2004 12:00 PM 831,519 mswdat10.dll
08/10/2004 12:00 PM 844,314 msdxm.ocx
08/10/2004 12:00 PM 847,872 dbgeng.dll
08/10/2004 12:00 PM 848,384 ir41_32.ax
08/10/2004 12:00 PM 858,624 tapi3.dll
08/10/2004 12:00 PM 867,840 wbdbase.ita
08/10/2004 12:00 PM 875,008 netplwiz.dll
08/10/2004 12:00 PM 924,432 mfc40.dll
08/10/2004 12:00 PM 937,984 winbrand.dll
08/10/2004 12:00 PM 937,984 wbdbase.sve
08/10/2004 12:00 PM 956,990 instcat.sql
08/10/2004 12:00 PM 957,440 wbdbase.enu
08/10/2004 12:00 PM 983,552 setupapi.dll
08/10/2004 12:00 PM 984,576 syssetup.dll
08/10/2004 12:00 PM 994,304 msgina.dll
08/10/2004 12:00 PM 1,015,477 esentprf.ini
08/10/2004 12:00 PM 1,028,096 mfc42.dll
08/10/2004 12:00 PM 1,095,680 wbdbase.nld
08/10/2004 12:00 PM 1,114,896 esent97.dll
08/10/2004 12:00 PM 1,179,648 d3d8.dll
08/10/2004 12:00 PM 1,192,960 mmcndmgr.dll
08/10/2004 12:00 PM 1,200,128 ntbackup.exe
08/10/2004 12:00 PM 1,227,264 dx8vb.dll
08/10/2004 12:00 PM 1,294,336 dsound3d.dll
08/10/2004 12:00 PM 1,298,432 dxdiag.exe
08/10/2004 12:00 PM 1,309,184 wbdbase.deu
08/10/2004 12:00 PM 1,326,080 webfldrs.msi
08/10/2004 12:00 PM 1,355,776 msvbvm50.dll
08/10/2004 12:00 PM 1,501,696 diskcopy.dll
08/10/2004 12:00 PM 1,507,356 msjet40.dll
08/10/2004 12:00 PM 1,580,544 sfcfiles.dll
08/10/2004 12:00 PM 1,689,088 d3d9.dll
08/10/2004 12:00 PM 2,113,536 dxdiagn.dll
08/10/2004 12:00 PM 2,897,920 xpsp2res.dll
08/10/2004 12:00 PM 13,107,200 oembios.bin
08/10/2004 08:00 AM 2 desktop.ini
08/10/2004 08:00 AM 768 msdtcprf.h
08/10/2004 08:00 AM 1,161 usrlogon.cmd
08/10/2004 08:00 AM 1,931 msdtcprf.ini
08/10/2004 08:00 AM 3,286 tslabels.h
08/10/2004 08:00 AM 4,096 rdpcfgex.dll
08/10/2004 08:00 AM 4,096 mtxex.dll
08/10/2004 08:00 AM 5,120 dcomcnfg.exe
08/10/2004 08:00 AM 5,632 write.exe
08/10/2004 08:00 AM 6,144 msdtc.exe
08/10/2004 08:00 AM 6,656 wuauserv.dll
08/10/2004 08:00 AM 6,948 kanji_1.uce
08/10/2004 08:00 AM 7,168 bitsprx3.dll
08/10/2004 08:00 AM 8,192 bitsprx2.dll
08/10/2004 08:00 AM 8,484 kanji_2.uce
08/10/2004 08:00 AM 9,728 reset.exe
08/10/2004 08:00 AM 11,264 icaapi.dll
08/10/2004 08:00 AM 11,264 atrace.dll
08/10/2004 08:00 AM 12,288 nmevtmsg.dll
08/10/2004 08:00 AM 12,288 mstinit.exe
08/10/2004 08:00 AM 12,876 korean.uce
08/10/2004 08:00 AM 13,223 tslabels.ini
08/10/2004 08:00 AM 13,824 rdsaddin.exe
08/10/2004 08:00 AM 14,848 shadow.exe
08/10/2004 08:00 AM 14,848 tsdiscon.exe
08/10/2004 08:00 AM 14,848 tscon.exe
08/10/2004 08:00 AM 15,360 logoff.exe
08/10/2004 08:00 AM 15,872 cdmodem.dll
08/10/2004 08:00 AM 15,872 rwinsta.exe
08/10/2004 08:00 AM 16,384 icfgnt5.dll
08/10/2004 08:00 AM 16,384 tskill.exe
08/10/2004 08:00 AM 16,384 avmeter.dll
08/10/2004 08:00 AM 16,740 shiftjis.uce
08/10/2004 08:00 AM 16,896 tsshutdn.exe
08/10/2004 08:00 AM 16,896 qappsrv.exe
08/10/2004 08:00 AM 17,408 mmfutil.dll
08/10/2004 08:00 AM 18,944 qmgrprxy.dll
08/10/2004 08:00 AM 19,968 rdpsnd.dll
08/10/2004 08:00 AM 20,480 qprocess.exe
08/10/2004 08:00 AM 20,480 mtxdm.dll
08/10/2004 08:00 AM 20,992 msg.exe
08/10/2004 08:00 AM 22,016 qwinsta.exe
08/10/2004 08:00 AM 22,984 bopomofo.uce
08/10/2004 08:00 AM 24,006 gb2312.uce
08/10/2004 08:00 AM 25,088 mtxlegih.dll
08/10/2004 08:00 AM 25,600 comaddin.dll
08/10/2004 08:00 AM 28,672 nmmkcert.dll
08/10/2004 08:00 AM 29,696 safrdm.dll
08/10/2004 08:00 AM 32,768 mnmsrvc.exe
08/10/2004 08:00 AM 32,768 isrdbg32.dll
08/10/2004 08:00 AM 33,792 regini.exe
08/10/2004 08:00 AM 34,560 mnmdd.dll
08/10/2004 08:00 AM 35,328 winchat.exe
08/10/2004 08:00 AM 38,912 cfgbkend.dll
08/10/2004 08:00 AM 43,520 racpldlg.dll
08/10/2004 08:00 AM 43,520 safrcdlg.dll
08/10/2004 08:00 AM 44,544 hticons.dll
08/10/2004 08:00 AM 44,544 tscupgrd.exe
08/10/2004 08:00 AM 45,568 safrslv.dll
08/10/2004 08:00 AM 48,128 inetres.dll
08/10/2004 08:00 AM 54,272 stclient.dll
08/10/2004 08:00 AM 55,296 freecell.exe
08/10/2004 08:00 AM 56,320 servdeps.dll
08/10/2004 08:00 AM 56,832 sol.exe
08/10/2004 08:00 AM 58,880 msdtclog.dll
08/10/2004 08:00 AM 58,880 licwmi.dll
08/10/2004 08:00 AM 60,416 remotepg.dll
08/10/2004 08:00 AM 60,458 ideograf.uce
08/10/2004 08:00 AM 62,464 rdpclip.exe
08/10/2004 08:00 AM 63,488 wmimgmt.msc
08/10/2004 08:00 AM 64,512 acctres.dll
08/10/2004 08:00 AM 65,536 icwphbk.dll
08/10/2004 08:00 AM 67,072 rdshost.exe
08/10/2004 08:00 AM 67,584 srclient.dll
08/10/2004 08:00 AM 68,608 access.cpl
08/10/2004 08:00 AM 69,632 msconf.dll
08/10/2004 08:00 AM 73,216 avwav.dll
08/10/2004 08:00 AM 73,728 icwdial.dll
08/10/2004 08:00 AM 80,384 charmap.exe
08/10/2004 08:00 AM 81,920 ils.dll
08/10/2004 08:00 AM 81,920 isign32.dll
08/10/2004 08:00 AM 85,504 catsrvps.dll
08/10/2004 08:00 AM 87,176 rdpwsx.dll
08/10/2004 08:00 AM 93,696 tscfgwmi.dll
08/10/2004 08:00 AM 93,702 subrange.uce
08/10/2004 08:00 AM 102,912 clipbrd.exe
08/10/2004 08:00 AM 105,984 msoert2.dll
08/10/2004 08:00 AM 114,688 calc.exe
08/10/2004 08:00 AM 118,784 msg723.acm
08/10/2004 08:00 AM 119,808 winmine.exe
08/10/2004 08:00 AM 123,392 mplay32.exe
08/10/2004 08:00 AM 126,976 mshearts.exe
08/10/2004 08:00 AM 131,584 sndrec32.exe
08/10/2004 08:00 AM 138,752 sndvol32.exe
08/10/2004 08:00 AM 140,800 sessmgr.exe
08/10/2004 08:00 AM 147,456 comsnap.dll
08/10/2004 08:00 AM 147,968 rdchost.dll
08/10/2004 08:00 AM 170,496 srsvc.dll
08/10/2004 08:00 AM 183,808 accwiz.exe
08/10/2004 08:00 AM 185,344 cmprops.dll
08/10/2004 08:00 AM 188,416 msh261.drv
08/10/2004 08:00 AM 190,976 schedsvc.dll
08/10/2004 08:00 AM 227,840 avtapi.dll
08/10/2004 08:00 AM 239,104 srrstr.dll
08/10/2004 08:00 AM 252,928 msoeacct.dll
08/10/2004 08:00 AM 274,432 inetcfg.dll
08/10/2004 08:00 AM 274,944 mstask.dll
08/10/2004 08:00 AM 343,040 mspaint.exe
08/10/2004 08:00 AM 382,464 qmgr.dll
08/10/2004 08:00 AM 538,624 spider.exe
08/10/2004 08:00 AM 605,696 getuname.dll
08/10/2004 04:11 AM 8,704 igdetect.dll
08/10/2004 04:11 AM 85,504 mhn.dll
08/10/2004 03:43 AM 4,396,544 wpgldfsh.scr
08/10/2004 03:43 AM 1,742,336 mypixdx.scr
08/10/2004 03:43 AM 3,343,360 nature.scr
08/10/2004 03:43 AM 7,093,760 space.scr
08/10/2004 03:43 AM 5,068,800 davinci.scr
08/04/2004 12:56 AM 23,552 wdmaud.drv
08/04/2004 12:56 AM 130,048 ksproxy.ax
08/04/2004 12:56 AM 74,240 usbui.dll
08/04/2004 12:56 AM 74,752 storprop.dll
08/04/2004 12:56 AM 159,232 ptpusd.dll
08/04/2004 12:56 AM 4,096 ksuser.dll
07/26/2004 05:16 PM 262,144 ImagXR7.dll
07/26/2004 05:16 PM 471,040 ImagXRA7.dll
07/26/2004 05:16 PM 476,320 ImagXpr7.dll
07/26/2004 05:16 PM 1,568,768 ImagX7.dll
06/29/2004 08:07 PM 1,658,973 libmmd.dll
05/11/2004 08:14 AM 719,872 devil.dll
04/26/2004 06:00 PM 37,888 RLMPCDec.ax
04/22/2004 02:07 AM 11,452 mypixdx.chm
04/05/2004 01:46 PM 61,440 xvid.ax
04/05/2004 01:36 PM 679,936 xvidcore.dll
03/09/2004 12:00 AM 1,081,616 MSCOMCTL.OCX
02/23/2004 08:42 PM 1,386,496 msvbvm60.dll
02/10/2004 07:15 PM 344,064 xvid.dll
01/29/2004 09:08 AM 32,768 ATHPRXY.DLL
01/03/2004 12:08 AM 70,656 i420vfw.dll
01/03/2004 12:08 AM 70,656 yv12vfw.dll
11/21/2003 05:45 PM 91,136 msls2.dll
11/20/2003 06:00 PM 54,784 RLAPEDec.ax
10/24/2003 12:22 AM 135,168 DVDMenu.dll
09/25/2003 12:07 PM 1,139,472 FM20.DLL
09/04/2003 08:53 AM 16,384 rtl3.dat
08/19/2003 03:20 PM 180,224 ac3filter.ax
08/18/2003 02:26 PM 25,872 FM20ENU.DLL
05/22/2003 11:38 PM 106,496 DVDRAMSV.exe
04/18/2003 12:29 PM 82,432 msxml4r.dll
03/18/2003 04:44 PM 49,152 MFC71KOR.DLL
03/18/2003 04:44 PM 57,344 MFC71ENU.DLL
03/18/2003 04:44 PM 40,960 MFC71CHS.DLL
03/18/2003 04:44 PM 45,056 MFC71CHT.DLL
03/18/2003 04:44 PM 61,440 MFC71ESP.DLL
03/18/2003 04:44 PM 61,440 MFC71ITA.DLL
03/18/2003 04:44 PM 49,152 MFC71JPN.DLL
03/18/2003 04:44 PM 61,440 MFC71FRA.DLL
03/18/2003 04:44 PM 65,536 MFC71DEU.DLL
03/13/2003 09:38 PM 155,648 RAMASST.exe
02/27/2003 12:22 PM 176,128 PixologyIRISS005.dll
02/21/2003 07:16 AM 49,152 REGTLIB.EXE
02/20/2003 07:16 PM 32,768 netfxperf.dll
01/10/2003 12:00 AM 18,944 lfavi12n.dll
01/10/2003 12:00 AM 18,944 lfmac12n.dll
01/10/2003 12:00 AM 19,456 lfras12n.dll
01/10/2003 12:00 AM 19,456 lfmsp12n.dll
01/10/2003 12:00 AM 19,968 lfpcd12n.dll
01/10/2003 12:00 AM 19,968 lfwfx12n.dll
01/10/2003 12:00 AM 19,968 lfitg12n.dll
01/10/2003 12:00 AM 20,480 lfsgi12n.dll
01/10/2003 12:00 AM 20,992 lftga12n.dll
01/10/2003 12:00 AM 20,992 lfimg12n.dll
01/10/2003 12:00 AM 20,992 lfwpg12n.dll
01/10/2003 12:00 AM 21,504 lfCUT12n.dll
01/10/2003 12:00 AM 23,040 lfawd12n.dll
01/10/2003 12:00 AM 26,112 lfpcx12n.dll
01/10/2003 12:00 AM 26,112 lfani12n.dll
01/10/2003 12:00 AM 26,112 lfxwd12n.dll
01/10/2003 12:00 AM 27,648 lfiff12n.dll
01/10/2003 12:00 AM 28,672 lfclp12n.dll
01/10/2003 12:00 AM 29,184 lflma12n.dll
01/10/2003 12:00 AM 30,208 Ltwnd12n.dll
01/10/2003 12:00 AM 30,720 lfbmp12n.dll
01/10/2003 12:00 AM 31,232 LFPNM12n.dll
01/10/2003 12:00 AM 31,744 lflmb12n.dll
01/10/2003 12:00 AM 32,256 Lttmb12n.dll
01/10/2003 12:00 AM 35,840 lfcal12n.dll
01/10/2003 12:00 AM 35,840 Lttwn12n.dll
01/10/2003 12:00 AM 36,864 lfpsd12n.dll
01/10/2003 12:00 AM 37,888 lfeps12n.dll
01/10/2003 12:00 AM 38,912 lfflc12n.dll
01/10/2003 12:00 AM 45,568 lfXbm12n.dll
01/10/2003 12:00 AM 47,104 lfXpm12n.dll
01/10/2003 12:00 AM 48,128 lfica12n.dll
01/10/2003 12:00 AM 49,152 Ltlst12n.dll
01/10/2003 12:00 AM 49,664 lfwmf12n.dll
01/10/2003 12:00 AM 60,416 lfpct12n.dll
01/10/2003 12:00 AM 73,728 lffax12n.dll
01/10/2003 12:00 AM 84,480 lffpx12n.dll
01/10/2003 12:00 AM 131,072 Ltfil12n.dll
01/10/2003 12:00 AM 143,360 Ltscr12n.dll
01/10/2003 12:00 AM 164,864 Ltimg12n.dll
01/10/2003 12:00 AM 181,248 Lfpng12n.dll
01/10/2003 12:00 AM 208,384 Ltefx12n.dll
01/10/2003 12:00 AM 259,584 Ltdis12n.dll
01/10/2003 12:00 AM 358,912 LFCMP12n.DLL
01/10/2003 12:00 AM 363,520 Ltdlg12n.dll
01/10/2003 12:00 AM 406,016 Ltkrn12n.dll
11/07/2002 09:46 AM 21,416 OEMLOGO.BMP
11/09/2001 12:01 PM 24,064 ativcoxx.dll
08/18/2001 08:00 PM 262,144 mpg4ds32.axu
08/17/2001 10:36 PM 5,632 ptpusb.dll
07/09/2001 11:50 AM 155,648 NeroCheck.exe
05/01/2001 05:06 PM 89,088 wmidx.ocx
03/02/2001 08:52 PM 8,704 npwmsdrm.dll
03/02/2001 08:52 PM 15,360 asfsipc.dll
06/30/2000 05:40 PM 139,264 Mpeg2Decoder.ax
06/26/2000 01:13 PM 94,208 Mpeg2Parser.ax
06/26/2000 11:45 AM 106,496 TwnLib20.dll
05/22/2000 04:58 PM 647,872 mscomct2.ocx
05/22/2000 06:58 AM 140,488 comdlg32.ocx
05/11/2000 01:06 PM 397,312 MSRDO20.DLL
04/03/2000 05:52 PM 151,552 RDOCURS.DLL
04/03/2000 10:05 AM 118,784 msstdfmt.dll
04/03/2000 07:52 AM 67,376 sysinfo.ocx
04/03/2000 07:52 AM 103,744 mscomm32.ocx
11/24/1999 05:40 PM 40,960 VBAME.DLL
10/01/1998 06:00 PM 122,880 Lfkodak.dll
10/01/1998 06:00 PM 338,944 Lffpx7.dll
08/09/1998 10:07 AM 94,208 MSSTKPRP.DLL
06/17/1998 06:08 PM 53,248 MFC42ENU.DLL
03/24/1998 08:54 PM 15,872 SCP32.DLL
03/24/1998 12:44 PM 24,848 VBAEN32.OLB
03/24/1998 12:44 PM 24,848 VBAEND32.OLB
07/11/1997 12:00 AM 43 FFASTLOG.TXT
07/11/1997 12:00 AM 601 SWEDISH.TRN
07/11/1997 12:00 AM 601 NORWEG.TRN
07/11/1997 12:00 AM 601 USASCII.TRN
07/11/1997 12:00 AM 601 ISO88591.TRN
12/03/1996 01:50 PM 37,376 VEN2232.OLB
01/12/1996 05:00 PM 24,576 STKIT432.DLL
2231 File(s) 485,158,918 bytes
0 Dir(s) 34,227,290,112 bytes free

I'm not seeing anything in those logs at all suspicious.

Just prior to this problem starting,can you remember installing any software/program you downloaded from the internet.

Download RegSeeker 1.55.zip
Right click on a blank area of your desktop,click 'New'>'Folder',rename it 'RegSeeker'.
Unzip/extract RegSeeker.zip to that new folder.
Open the 'RegSeeker' folder and double click on the RegSeeker.exe icon.
When the program opens click on/select 'Clean the Registry'.
Click on 'Auto Clean' at the bottom,then click on 'GO!' in the opening window.
Close the program when it's finished.


Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close all running programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

December 8th or 9th, I downloaded a .zip file from Limewire. I was trying to download a video. I scanned the .zip file with my AVG program, which found no threats and unzipped the file to my desktop. A desktop icon appeared which was an .exe file and without thinking... I clicked on it. The popups began almost immediately after I ran my browser. I ran AVG which found and quarantined a virus, popups continued. I ran BitDefender which found the virus I posted in the first post of this thread. I had a difficult time finding the System Volume Information folder where the file was, but I did find it and deleted the icon (obviously not the file), but the popups continued. All system restore points were destroyed.

The file that was extracted from the .zip file was only called setup.exe and the icon was blue and white with a blue arrow pointing down and the acronym "NSIS" on it. I've downloaded the file again to check the properties but it gives me no information. It's on my desktop for now.

I'll try your latest instructions.

Launch HJThis,click 'Open the Misc Tools Section'.
Click 'Open Uninstall Manager'.
Click on 'Save List',save it to your desktop.
Copy and paste the content of that list into your next reply as well please.

I have downloaded this virus again to my desktop for information and changed the file extension from setup. exe to setup.pll to avoid accidentally opening it.

Microworld found that virus as well as a couple of items with the word "dc_ads" in it.

I'll attatch the log as a zip file as it's too large to post.

I'll finalize with the Hijackthis log as requested.

delete

This log is too large... and I'm losing my place.

Let's start with this.

This is the "Virus Log Information" from MicroWorld. Is this sufficient?

File C:\Documents and Settings\Mdg\Desktop\[Full] very brady christmas with Bonus.zip/setup.exe//data0009//stream//data0004//PE_Patch.UPX//UPX tagged as "not-a-virus:AdWare.Win32.TrafficSol.o". Action Taken: No Action Taken.
File C:\Documents and Settings\Mdg\Desktop\setup.pll//data0009//stream//data0004//PE_Patch.UPX//UPX tagged as "not-a-virus:AdWare.Win32.TrafficSol.o". Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "trojan-downloader.bat.ftp.ab Trojan-Downloader" found in File System! Action Taken: No Action Taken.
Object "browserangel/searchlocate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browserangel/searchlocate toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mirar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\dc_ads.ads" refers to invalid object "{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}". Action Taken: No Action Taken.
Entry "HKCR\dc_ads.ads.1" refers to invalid object "{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".02". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".171/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lic". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rar". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".THM". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpi". Action Taken: No Action Taken.



Hijackthis


Flash Video MX version 4.5.2.3
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG 7.5
AVG Anti-Rootkit Free
Avid Codecs LE
Belarc Advisor 7.2
BHA B's Recorder GOLD BASIC 7.13
B's CLiP
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CleanUp!
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
DVD-RAM Driver
FLV Player
Freecorder Toolbar 3.0 Application
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935448)
iPod Updater 2004-11-15
iTunes
Java™ 6 Update 3
LimeWire 4.14.10
Logitech SetPoint
Map Button (Windows Live Toolbar)
MediaLife
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Nero Suite
OneCare Advisor (Windows Live Toolbar)
Personal License Update Wizard for Windows Media Player
Popup Blocker (Windows Live Toolbar)
PowerDVD
PowerProducer
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Registry Mechanic 5.0
Rhapsody Player Engine
River Past Video Cleaner
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SiSoftware Sandra Lite XIb (Win64/32/CE)
Smart Menus (Windows Live Toolbar)
Spybot - Search & Destroy 1.4
SUPER © Version 2007.bld.23 (July 4, 2007)
Sygate Personal Firewall
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Rollup 2 for Windows XP Media Center Edition 2005
Wheel of Fortune 2nd Edition
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB925766
WinZip

Here's the Microworld log in .zip.

Hopefully this works.

Download RegSearch by Bobbi Flekman.
Right click on your desktop 'New',select 'Folder'.
Right click on that new folder and select 'Rename',rename it to RegSearch
Unzip/extract the contents of regsearch.zip to the RegSearch folder.
Open the RegSearch folder and double-click the icon RegSearch.exe to launch the program.
Copy and paste the following string to search for in the top space,then click "OK":

{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}

After completion Notepad will be opened with all the found instances of the string.
The resulting file is saved in the same location as RegSearch.exe.
Copy and paste the entire search results into your next reply.

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 12/25/2007 8:47:13 PM for strings:
; '{6fc3c36d-7635-4d43-ba62-0d9d2f2cd06e}'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dc_ads.ads\CLSID]
@="{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dc_ads.ads.1\CLSID]
@="{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}"

; End Of The Log...

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: fix2.reg to your desktop.
Then double click on the fix2.reg file on your desktopand agree to merge the information into the registry,then restart your pc.


Let me know whats happening now please.

Two Google searches ("interior decorating" and "Massage") and another popup without an ad, just the words "hash verification failed:".

An hour or so and another popup, this time with the ad... apparently my soul-mate is out there waiting for me, I just have to click on the "enter" box to find her....

Lets try this:
Double click on 'setup.exe' and allow it to fully install,don't stop it,then reboot.
Now cllick Start/Control Panel/Add or Remove Programs and remove NSIS,then restart your pc.

Before I do that, here's a bit of information on it.

When I double click on the .exe, a window opens titled "Adsite Flash Games Installer and Browser Optimizer and Toolbar" asking me to accept the license. Here's the agreement. Note the section I've highlighted.

I don't remember accepting this agreement the first time but I may have, I certainly didn't read it. I'm not sure what I was thinking, obviously, I wasn't.


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Version 2.1 (June 27, 2007)

END USER LICENSE AGREEMENT
NOTE TO USER: BEFORE YOU INSTALL, COPY OR OTHERWISE USE THE LICENSED SOFTWARE (AS DEFINED BELOW), CAREFULLY READ THE TERMS AND CONDITIONS OF THIS END USER LICENSE AGREEMENT AS WELL AS THE OTHER SIMILAR AGREEMENTS FOR THE THIRD PARTY SOFTWARE (AS DEFINED BELOW) THAT MAY BE BUNDLED WITH THE LICENSED SOFTWARE. BY INSTALLING, COPYING OR OTHERWISE USING THE LICENSED SOFTWARE, YOU ARE CONSENTING TO BE BOUND BY AND ARE BECOMING A PARTY TO THIS LEGALLY ENFORCEABLE AGREEMENT AS WELL AS THE OTHER SIMILAR THIRD PARTY SOFTWARE AGREEMENTS (INCLUDED HEREWITH). YOU ARE ALSO ACKNOWLEDING AND AGREEING THAT, UPON INSTALLATION OF THE LICENSED SOFTWARE, YOU WILL RECEIVE AND CONTINUE TO RECEIVE CONTEXTUAL POPUP AND CONTEXTUAL LINK ADVERTISING VIA HIGHLIGHTED LINKS. YOU MAY ALSO CHOOSE TO INSTALL (OR UNINSTALL) THIRD-PARTY SOFTWARE FROM SELECT ADVERTISERS. THE LICENSED SOFTWARE CAN BE UNINSTALLED UTILIZING THE “ADD/REMOVE PROGRAMS” COMMAND OF YOUR COMPUTER (SEE FURTHER INSTRUCTIONS BELOW).

This End-User License Agreement (the “Agreement”) is an important legal agreement between you (the “Licensee”) and Danube International S.A., a Costa Rican corporation (“Licensor”). Licensor is willing to license the Licensed Software (as defined below) to you, provided that you agree to and accept all of the terms and conditions in this Agreement. IF YOU DO NOT AGREE TO ALL THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT, DO NOT INSTALL THE LICENSED SOFTWARE. UPON INSTALLATION, YOUR USE OF THE LICENSED SOFTWARE IS SUBJECT TO THE TERMS AND CONDITIONS SET FORTH IN THIS AGREEMENT.

Special Notice for Non-English Speakers:
The Licensed Software is suited primarily for the use of English speakers and, therefore, this Agreement is written in English and is addressed to English speakers. If you are not proficient in English and feel that you cannot properly understand this License Agreement, we recommend that you either retain the help of an English speaker to help you understand and accept the terms of this Agreement or, alternatively, refrain from installing or using the Licensed Software. In any event, if you choose to install or use the Licensed Software, you will be bound by this Agreement and the Privacy Policy incorporated herein.

Special Notice for Residents of the State of Alaska, USA:
Unfortunately, according to SB 140 (Alaska), persons who reside in the State of Alaska may not install the Licensed Software. Therefore, by installing or using the Licensed Software you represent and warrant that your computer is not located in the State of Alaska. To the extent that our system is reasonably able to recognize that your computer is located in the State of Alaska, we will not enable you to install the Licensed Software.

Notice for All Users:
By downloading the Licensed Software, you get free access to sponsored content across the Internet. The Licensed Software may, among other things, show you ads that pop up on your screen in a separate browser, provide you with a toolbar to make your use of the internet more efficient and enjoyable and allow you to access or otherwise link to programs from our affiliates. The pop-up ads that may appear on your computer are based on keywords and URL targets from the sites you visit. Please note that you will receive Adult-oriented ads if you utilize keywords related to such content or if you view Adult-oriented websites. The Licensed Software is a service of Licensor.

1. DEFINITIONS. The capitalized terms used but not otherwise defined in this Agreement shall have the following meanings:

1.1 “Agreement” or “License” means this End User License Agreement.

1.2 “Licensee” or “you” means the individual who agrees to license the Licensed Software in accordance with the terms and conditions of this Agreement.

1.3 “Licensed Software” means collectively the Software, Third Party Software and Updates.

1.4 “Third Party Software” means the software of third parties bundled together with the Software and/or made available to or installed by Licensee in connection with the installation, use and/or maintenance of the Software, which software includes or displays, without limitation, cookies and pop-up advertisements of third parties, or links to third-party websites not affiliated with Licensor. You may choose not to install Third Party Software or may uninstall such software using your “Add/Remove Software” function on your computer. Each company providing Third Party Software has its own agreements and privacy policies (or other policies) that may be different from this (Licensor’s) Agreement and Privacy Policy <http://adssite.biz/privacy.html>. By clicking “I Agree” you also agree to be bound by the Third Party Software Agreements that are included herewith. In the event of a conflict between a Third Party Software Agreement and this Agreement, this Agreement shall control with respect to Licensor’s obligations, duties or liability.

1.5 “Software” toolbar, contextual popup and contextual link applications installed by Licensee pursuant the terms of this Agreement, together with the software applications, documentation and local computer files installed or utilized by Licensee in connection therewith (excluding the Third Party Software), and all updates, modifications or patches thereof.

1.6 “Updates” means any bug fixes, upgrades, modified versions or updates to the Licensed Software.

1.7 "Use”, "Used" or "Using" means to access, install, download, copy or benefit from using the functionality of the Licensed Software

2. PERMISSION/AUTHORITY TO DOWNLOAD LICENSED SOFTWARE
2.1 Permission to Download Licensed Software. This Agreement contains important legal obligations. Pursuant to applicable laws including, without limitation, the Electronic Signature Law and Uniform Electronic Transactions Act (“UETA”), by clicking “I Agree”, Licensor will treat Licensee’s affirmative action as equivalent to a signed written contract that will legally bind Licensee to the terms of this Agreement. Licensee should carefully review the terms of this Agreement (as well as any Third Party Software Agreements included herewith) before clicking “I agree”.

2.2 Obligation to be Bound by Current Version of EULA. Licensor may revise this EULA or its Privacy Policy <http://adssite.biz/privacy.html> at anytime, and may (but shall not be obligated) to notify Licensees of such revisions. By agreeing to the terms of this EULA, Licensee agrees to read and review this EULA and privacy policy in order to stay current on any changes.

3. SOFTWARE LICENSE AND RESTRICTIONS.
3.1 License Grant. Upon acceptance of the terms and conditions of this Agreement, as evidenced by clicking “I agree” and continuing with the installation procedure, Licensor grants Licensee a non-transferable, non-exclusive, revocable, non-sub licensable license to Use the Licensed Software, in binary executable form only, solely in accordance with the terms and conditions set forth in this Agreement. The Licensee agrees not to Use the Licensed Software in any manner that could damage, disable, overburden or impair the Licensed Software, including, without limitation, Using the Licensed Software in an automated manner or in any other manner which could interfere with any other party's use and enjoyment of the Licensed Software.

3.2 Restrictions. As a material condition to the license granted in Section 3.1 above, you will: (a) not reverse engineer, disassemble or decompile the Licensed Software or attempt to discover or recreate the source code to the Licensed Software, except as otherwise required by applicable law, ( comply with all applicable laws, including U.S. export control laws, in your Use of the Licensed Software, © not make any modification, adaptation, improvement, enhancement, translation or derivative work of or to the Licensed Software, (d) not remove, alter or obscure any proprietary notices (including copyright notices) of Licensor or Licensor’s affiliates in the Licensed Software, (e) not Use the Licensed Software for purposes for which it is not designed, and (f) only Use the Licensed Software for personal, non-commercial use.

4. OWNER OF COMPUTER; ALL USERS BOUND; AGE LIMITATION. You represent and warrant either that you are the owner of the computer up which you intend to download the Licensed Software and that you have authorized the download and installation of the Licensed Software or that the owner of the computer has authorized you to do so. You agree, with respect to all users of the computer on which you have caused the Licensed Software to reside, to provide a copy of these terms and conditions and to obtain their consent to these terms and conditions before allowing them to Use the Licensed Software. Alternatively, if you have the legal right to accept this Agreement on behalf of one or more users of the computer on which you have caused or authorized the Licensed Software to reside, then you hereby accept this Agreement on behalf of all such other users. You understand that the presence of the Licensed Software on any computer is voluntary and that you may remove it at any time. You must be at least 18 years of age to Use the Licensed Software. By accepting the terms of this Agreement and Using the Licensed Software you represent that you are over the age of 18.

5. IMPORTANT INFORMATION REGARDING FUNCTIONALITY OF LICENSED SOFTWARE.
5.1 Functionality. Certain applications in the Licensed Software recognize keywords from your Internet browser and URL targets from the sites you visit to display relevant contextual advertisements. These advertisements may be displayed on your computer screen at any time while you are searching and shopping online (and not necessarily while you are using any product or service related to or downloaded with the Licensed Software) and pop-up on your screen in a separate browser. The Licensed Software gathers and stores personal identifiable information and records concerning your Internet browsing behavior. Please refer to Section 10 (below) for further information about Licensor’s privacy policies.

5.2. Display of Advertising. The Licensed Software starts automatically when you start your computer, runs in the background on your computer, and may periodically direct you to our sponsors' websites. By installing and/or using the Licensed Software you grant permission for Licensor to periodically display sponsors' websites to you. The frequency of these advertisements (which will pop up on your screen in a separate browser) will vary depending on your use of the Internet. Please note that you will receive Adult-oriented ads if you utilize keywords related to such content or if you view Adult-oriented websites. On occasion, you may search for a website and receive an error from your browser software indicating that the site cannot be found. When this occurs, the Software includes a function that may redirect your web browser to our sponsor's websites based on the content of the website address, or URL, which you entered. You hereby consent to these actions. Content Licensor considers “Adult” is defined as any audio, video, audiovisual, images, sounds or text that contain or reference any of the following: profanity, crude or off-color humor, violence, blood and gore, weapons, use of alcohol, drugs, tobacco or other controlled substances, online gambling, pornography, erotica, erotic images, nudity, sex, sexually explicit images, and sexual references.

6. INTELLECTUAL PROPERTY RIGHTS. The Licensed Software is the intellectual property of, and owned exclusively by, Licensor, its affiliates or suppliers or the companies that own or control the Third Party Software. The structure, organization and code of the Licensed Software are the valuable trade secrets and confidential information of Licensor, its suppliers or affiliates or the companies that own or control the Third Party Software. The Licensed Software is protected by copyright, including without limitation by United States copyright law, international treaty provisions and applicable laws in the country in which it is being used. Except as expressly stated herein, this Agreement does not grant you any intellectual property rights in the Licensed Software, and all rights not expressly granted are reserved by Licensor and its affiliates or suppliers.

7. UNINSTALLATION. You understand and agree that the presence of the Licensed Software on your computer is voluntary and that you may remove the Licensed Software from your computer at any time going to the “Add/Remove Software” function on your computer and clicking “Remove Software”. The program name for the software is Browser Optimizer Adssite. Should you choose to download additional software from Licensor’s affiliates or advertisers, those programs may be named differently and require you to remove them separately. Please note that the above is the only proper way to ensure complete removal of all Licensed Software files - many anti-spyware or other software tools do not completely or properly remove the Licensed Software. Some Internet content and software publishers require that their users have certain of the Licensed Software installed on their computer in order to access their content or use their software applications ("Content Providers"). Uninstallation of such Licensed Software may impact your ability to access such content and/or use such software. You may be required to restart your computer in order for the uninstallation to take effect. Should you have any questions regarding the removal of the Licensed Software, please contact <removal@adssite.biz <mailto:removal@adssite.biz>>.

8. UPDATES. Licensor, in its sole discretion, may provide you with Updates to the Licensed Software as part of this Agreement. The Licensed Software may check with Licensor or its affiliates for the existence of any Update released and, in the event that one is available, the Licensed Software may update itself automatically or prompt you to update the Software. Nothing herein shall be construed or interpreted as requiring that Licensor provide Updates. The companies that own or control the Third Party Software may also provide you with Updates to their Licensed Software. Licensor has no control and accepts no liability for Updates that may (or may not) be provided for the Third Party Software.

9. DISCLAIMER OF WARRANTIES AND REMEDIES; INDEMNITY.
9.1 No Warranty; Disclaimer. YOUR USE OF THE LICENSED SOFTWARE IS AT YOUR SOLE RISK. THE LICENSED SOFTWARE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS. LICENSOR, ITS AFFILIATES OR SUPPLIERS, AND THE COMPANIES THAT OWN OR CONTROL THE THIRD PARTY SOFTWARE EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. LICENSOR, AND ITS AFFILIATES AND SUPPLIERS, MAKE NO WARRANTY THAT (i) THE LICENSED SOFTWARE WILL MEET YOUR REQUIREMENTS, (ii) THE LICENSED SOFTWARE WILL BE UNINTERRUPTED, TIMELY, SECURE, OR ERROR-FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE LICENSED SOFTWARE WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCTS, SERVICES, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE LICENSED SOFTWARE WILL MEET YOUR EXPECTATIONS, OR (v) ANY ERRORS IN THE LICENSED SOFTWARE WILL BE CORRECTED. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE LICENSED SOFTWARE IS OBTAINED AT YOUR OWN DISCRETION AND RISK AND YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM LICENSOR OR THROUGH OR FROM THE LICENSED SOFTWARE SHALL CREATE ANY WARRANTY. LICENSOR IS NOT RESPONSIBLE FOR CONTENT HOSTED BY CONTENT PROVIDERS.

9.2 Limitation of Damages. LICENSOR, ITS AFFILIATES OR SUPPLIERS, OR THE COMPANIES THAT OWN OR CONTROL THE THIRD PARTY SOFTWARE WILL NOT HAVE ANY LIABILITY FOR, AND YOU HEREBY RELEASE LICENSOR, ITS AFFILIATES AND SUPPLIERS AND THE COMPANIES THAT OWN OR CONTROL THE THIRD PARTY SOFTWARE FROM ANY, LIABILITY (WHETHER IN CONTRACT, WARRANTY, TORT, NEGLIGENCE OR OTHERWISE) FOR ANY DAMAGES SUSTAINED BY YOU ARISING FROM THE USE OR INABILITY TO USE THE LICENSED SOFTWARE, INCLUDING, WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS OF DATA, SAVINGS, OR PROFITS OR THE COST OF PROCURING SUBSTITUTE GOODS, EVEN IF LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO EVENT WILL LICENSOR’S ENTIRE LIABILITY ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT EXCEED $100.00. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF CERTAIN WARRANTIES OR THE LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES. ACCORDINGLY, SOME OF THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

9.3 Indemnity. Licensee agrees to indemnify, defend, and hold Licensor and all of the directors, officers, shareholders, affiliates, employees, and agents of Licensor (collectively referred to as "Licensor’s Agents") harmless against and in respect to any and all claims, demands, losses, costs, expenses, obligations, liabilities, damages, recoveries, and deficiencies, including interest, penalties, expert witness fees, and reasonable attorneys' fees that Licensor, Licensor’s Agents and the companies that own or control the Third Party Software shall incur or suffer, which arise, result from, or in any way relate to: (a) any breach of, or failure by Licensee to perform any of the representations, warranties, covenants or agreements in this Agreement; ( Licensee’s violation of any applicable law or regulation, whether or not referenced herein; and © Licensee’s violation of any rights of any third party (including, without limitation, the right of the third parties who own the Third Party Software).

10. USE OF INFORMATION; PRIVACY POLICY.
10.1 Use of Information. By entering into this Agreement, Licensee agrees that Licensor may collect and retain information about Licensee, including Licensee’s name and email address. Licensor may employ other companies and individuals to perform these functions on its behalf. Examples may include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance and processing credit card payments. These third parties may be given access to personal information needed to perform their functions, but may not use it for other purposes. In addition, Licensor will collect and use anonymous information relating to your use of the Licensed Software application for statistical and related purposes. Licensor may disclose the information to third parties for these purposes but will not use or disclose information about your use of the Licensed Software for any other purpose (unless required to do so by law). Licensor may keep track of your Internet history in order to customize the advertisements provided to you as part of the Licensed Software.

10.2 Privacy Policy. Without limiting the generality of Section 10.1, by installing the Licensed Software, you grant permission for Licensor to collect and use certain information. You acknowledge that you have reviewed the applicable Licensor Privacy Policy, which describes Licensor’s general practices with respect to the collection, use and disclosure of information in connection with your Use of the Licensed Software, which is incorporated herein by reference. Licensor reserves the right to change the provisions of its Privacy Policy from time to time. Your Use of the Licensed Software following the posting of such changes to Licensor’s Privacy Policy will constitute your acceptance of any such changes. Licensor does not make any and hereby disclaims to the maximum extent allowed by law any and all covenants, representations and warranties with respect to its compliance with the statements of intent contained in Licensor's privacy policy.

11. COMPATIBILITY. Licensor does not warrant that the Licensed Software will be compatible with your hardware or other software installed on your computer system. Compatibility issues may cause your computer's performance to suffer. In the event that the Licensed Software is not compatible with your hardware or other software installed on your computer system, the Licensed Software can be uninstalled as provided in Section 7, above. Like all software, the Licensed Software utilizes some of your computer's resources to run, including system memory and Internet connection. Use of the Licensed Software on a computer with inadequate system resources will cause such computer's performance to suffer.

12. USER REPRESENTATIONS AND WARRANTIES. You acknowledge, represent and warrant that: (a) you own the computer on which you are installing the Licensed Software, or have the authority to install the Licensed Software on such computer; ( your installation and/or Use of the Licensed Software will not violate any local, state or federal laws that apply to you, or the Use or installation of the Licensed Software; © Licensor is not causing the Licensed Software to be installed on your computer, but has provided the Licensed Software to you, which you are installing of your own volition; and (d) you have read and fully understand the terms of this Agreement.

13. EXPORT. You agree that the Licensed Software may not be acquired, shipped, transported, exported, or re-exported (A) into (or to a national or resident of) any U.S. embargoed country or ( to anyone on the U.S. Treasury Department's list of Specially Designated Nationals or the U.S. Department of Commerce's Table of Denial Orders. By using the Licensed Software, you represent and warrant that you are not located in, under control of, or a national or resident of any such country or on any such list.

14. MISCELLANEOUS.
14.1 Entire Agreement. This Agreement and any Third Party Software Agreement set forth the entire understanding of the parties with respect to the subject matter hereof. There are no representations, warranties, agreements, arrangements or understandings, oral or written, between the parties relating to this Agreement which are not fully expressed in this Agreement. No waiver, amendment or modification of any of the terms of this Agreement shall be effective unless in writing and signed by the party affected by the waiver, amendment or modification; provided, however, that that Licensor may unilaterally amend or modify this Agreement or a company that owns or controls Third Party Software may modify their Third Party Software Agreement at any time and you shall have notice of these changes by reference to the Version number of this document and the effective date for such version (or the Third Party Software Agreement may be amended according to that company’s particular policies). Further, no waiver of any term, condition or default of any term of this Agreement shall be construed as a waiver of any other term, condition or default. In the event of a conflict between this Agreement and any Third Party Agreement with respect to the use of the Licensed Software and the obligations, duties or liability of Licensor, this Agreement shall control notwithstanding such conflicting language.

14.2 Severability. In the event that any provision of this Agreement is held by a court of competent jurisdiction to be unenforceable, the validity of the remaining provisions shall not be affected, and the rights and obligations of the parties shall be construed and enforced as if the Agreement did not contain the particular provisions held to be unenforceable and the unenforceable provisions shall be replaced by mutually acceptable provisions which, being valid, legal and enforceable, come closest to the intention of the parties underlying the invalid or unenforceable provision.
14.3 Governing Law and Venue. This Agreement and each and every portion of this Agreement shall be interpreted pursuant to the internal laws of the Country of Costa Rica, without giving effect to the principles of conflict of laws. Each of the parties hereby irrevocably and unconditionally agrees to the exclusive jurisdiction of any court located in Cost Rica for any actions, suits or proceedings arising out of or relating to this Agreement (and the parties each agree not to commence any action, suit or proceeding relating thereto except in such courts and not to plead or claim that any such court is an inconvenient or otherwise improper or inappropriate forum).
14.4 Injunctive Relief. Licensee acknowledges that the injury that would be suffered by Licensor as a result of a breach of the provisions of this Agreement by Licensee would be irreparable and that an award of monetary damages to Licensor for such a breach would be an inadequate remedy. Consequently, Licensor will have the right, in addition to any other rights it may have, to obtain injunctive relief to restrain any breach or threatened breach or otherwise to specifically enforce any provision of this Agreement, and Licensor will not be obligated to post bond or other security in seeking such relief

Should you have any questions concerning this Agreement, or if you wish to contact Licensor for any reason, please e-mail us at Adssite.biz <sendto:info@adssite.biz>.


webHancer Customer Companion - (If applicable)*

Terms and Conditions of Installing the webHancer Customer Companion (the "Software").

IMPORTANT NOTICE:

THIS SOFTWARE RELAYS YOUR WEB SURFING PERFORMANCE METRICS TO
WEBHANCER CORP. TO GENERATE PERFORMANCE REPORTS FOR THIRD PARTIES. AS
SUCH, YOUR INTERNET CONNECTION WILL BE USED PERIODICALLY TO SEND AND
RECEIVE DATA.

WE RESPECT OUR CUSTOMERS PRIVACY. THE WEBHANCER PRIVACY POLICY (available
at: http://www.webhancer.com/privacy) FORMS PART OF THIS AGREEMENT. BY AGREEING
TO THE TERMS OF THIS AGREEMENT, YOU ALSO CONSENT TO THE TERMS OF THE
WEBHANCER PRIVACY POLICY, INCLUDING, WITHOUT LIMITATION, THE COLLECTION, USE
AND DISCLOSURE OF INFORMATION AS SET OUT THEREIN. IF YOU DO NOT AGREE TO
THE TERMS OF THE WEBHANCER PRIVACY POLICY, DO NOT INSTALL THIS SOFTWARE.

THIS SOFTWARE SUPPORTS WINDOWS 98/2000/ME/XP and WINDOWS NT 4.0 Service Pack 4
and higher (EXCLUDING WINDOWS TERMINAL SERVER AND WINDOWS 2000 WITH
TERMINAL SERVICES ENABLED).

THIS IS A LICENSE, NOT A SALE. THIS END USER LICENSE AGREEMENT ("AGREEMENT") IS
A LEGAL CONTRACT BETWEEN YOU AND WEBHANCER CORP. ("WEBHANCER") FOR THE
CUSTOMER COMPANION SOFTWARE (THE 'SOFTWARE'). THIS SOFTWARE WILL MAKE
USE OF YOUR INTERNET CONNECTION. YOU ARE SOLELY RESPONSIBLE FOR ANY AND
ALL NETWORK USAGE COSTS OR ANY OTHER COSTS ASSOCIATED WITH YOUR USE OF
THE SOFTWARE. BY DOWNLOADING, INSTALLING OR USING THE SOFTWARE YOU AGREE
TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT
AGREE WITH THESE TERMS AND CONDITIONS, UNINSTALL, AND DO NOT USE THE
SOFTWARE.

WEBHANCER grants to you a non-exclusive, non-transferable and restricted license to use the Software on a single computer for your internal use, subject to the terms and conditions of this Agreement. You may make and distribute unlimited copies of the Software, excluding copies for commercial distribution, as long as each copy that you distribute is distributed subject to this agreement.

Copyright 2006 webHancer Corp.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Should I still install and try to uninstall?

Yes,maybe wise to create a new System Restore point first.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

That was a bit scary.

I now remember what happened when I first downloaded this program. I did click "Accept" on the licence agreement and then another opened. I realized it wasn’t something I wanted and I canceled but explorer opened and then I got a popup saying I'd won and iPod Touch (woohoo!), when I closed explorer and the popup window, a prompt asked me if I wanted to quit before the program was installed. I clicked “yes” but the popups started after I started Firefox. I guess the program(s) had been installed or partially installed already.

Ok, onward…. as per your instructions, I created a restore point, double clicked on setup.exe and I repeated the exact same process above, same results.

There was no NSIS program in the Add/Remove Programs list but there were two that had the words Adssite in them. One called Search Assist Adssite and another called Adssite Games Collection. I uninstalled both and rebooted.

I did a few Google searches with no popups, but like before, sometimes it takes some time. I’ll be out for a few hours (family Christmas stuff) but will check back tonight for any further instructions.

In the meantime, I did another Hijackthis scan, just in case you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:51 PM, on 12/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Installation Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: rightonads optimizer - {10F3E8BD-257A-4702-A2F5-DC02055B068C} - C:\WINDOWS\system32\gzmrt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsj9.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [postSetupCheck] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrt.dll" DllStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by127fd.bay127.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EF9AA4A-3F82-461A-B765-BBCFE7F31A2E}: NameServer = 192.168.2.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7802 bytes

Just got another popup tonight.

Instead of the window title saying "Ads served by Dcads", it now says "Ads served by Adssite".

I'll try doing the system restore. If Adssite overwrote Dcads and the system restore works, perhaps it will eliminate the program.

No such luck. The popups are back but they say Dcads now.

I'm installing Vista tomorrow, it's too bad we couldn't figure out how to elimnate this thing so that other people don't have to go through all of this.

Here's their website...

http://dcads.biz/

and the one for Adssite

http://Adssite.biz/

I suspect they are one and the same. Perhaps everyone could collectively flood them with useless mail (using a dummy hotmail account).

Ok thanks for the update,nevermind,hope all goes well with the Vista install