Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis, Please Help Diagnose


  • This topic is locked This topic is locked
16 replies to this topic

#1 yrhc@eht

yrhc@eht

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 27 November 2006 - 03:02 PM

here is my hijackthis scan, please help diagnose
Logfile of HijackThis v1.99.1
Scan saved at 3:46:00, on 28/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Downloads\HijackThis.exe

R3 - URLSearchHook: ???¢?? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: ?3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: ???¢?? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 10 December 2006 - 09:48 AM

Hi yrhc@eht and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem. Although I am experienced with computers, I am currently a Trainee in Malware removal and, as such, ALL of my fixes will be checked by malware experts. I am sorry for the delay in answering your problem but things are pretty hectic in the anti-malware world. If you still need help then please read on.

HijackThis makes backups of any changes that are made and it is better to have it running from its own dedicated directory so please
  • Open Windows Explorer and click on the C drive
  • From the menu select New then Folder
  • Right-click the folder and rename it to HijackThis or HJT
  • Move the HijackThis.exe file from the downloads directory to there.
If you have not done so already, please do the initial cleanup steps in the following instructions and then post a new log: Preparation Guide For Use Before Posting a HijackThis Log

I would like you to produce a list of installed programs to assist me in any cleanup.
  • To do this open your HijackThis
    • Click on Open the Misc Tools section or Config button, depending on how you are set up.
    • If you used the Config... option then click the Misc Tools tab
    • Select Open Uninstall Manager , a list of your installed programs will be displayed.
    • Select the Save List button and save the file to your desktop.
  • Please post a copy of this list and an up-to-date HijackThis log in your reply
GT :thumbsup:

#3 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 11 December 2006 - 07:46 AM

thank you for your help,
here is my list of installed programs:

??s¥~??
?3μ(FlashGet) Beta1
Adobe Flash Player 9 ActiveX
Adobe Illustrator CS2
Adobe SVG Viewer 3.0
Avance AC'97 Audio
AVG Anti-Spyware 7.5
BitComet 0.70
Conexant USB Network Adapter
Counter-Strike: Condition Zero
ElephantDesktop
FlashGet(JetCar)
HijackThis 1.99.1
Kaspersky Anti-Virus 6.0
Lexmark 2200 Series
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft Office XP Standard
Microsoft Windows ????2?′?
MSN Shell 4
MultiRes (remove only)
Nero - Burning Rom
NVIDIA Drivers
Nvidia Omega Drivers Setup Files
PPLive 1.3.20
PPStream
RealPlayer
RTLSetup
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shui Hu Fantasy Online Version 3.2
Super Dancer Online
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Assistant
Yahoo!?2£??μ??′?1?? 1v7



here is my new hijackthis scan log:

Logfile of HijackThis v1.99.1
Scan saved at 20:45:25, on 11/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSNShell\BIN\MSNShell.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\CNX\Shui Hu Fantasy Online\108Online.bin
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R3 - URLSearchHook: ???¢?? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: ?3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: ???¢?? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSNShell] C:\Program Files\MSNShell\BIN\MSNShell.exe autorun
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\BIN\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#4 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 11 December 2006 - 08:20 AM

Thanks for the logs, I will study them and get back to you once I have had any fixes approved.

What are you using for a Firewall?

GT :thumbsup:

#5 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 12 December 2006 - 07:17 AM

Hi yrhc@eht,

I note that you have already got a thread on the same subject open. Please do not post duplicate threads as it ties up scarce resources.

Please return to the thread here
http://www.bleepingcomputer.com/forums/ind...st&p=398776
and carry out the instructions.

I have asked that this thread be closed off.

Best wishes GT :thumbsup:

#6 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 12 December 2006 - 09:21 AM

that topic has closed and call me continue here
i just use windows firewall

#7 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 12 December 2006 - 02:43 PM

We will continue then in this thread, back later.

GT :thumbsup:

#8 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 13 December 2006 - 04:18 AM

Hi yrhc@eht,

OK stick with me and I will see what I can sort out for you. Please do not open any more threads and post all of the replies in this thread from now on.

I have examined your logs and have a few questions arising from them. I also note that you have had a similar problem about a month ago. The probable reason why you have become re-infected is your choice of Firewall. The Windows firewall is not the best tool in that it is a one-way Firewall, preventing most malware from getting on to your computer BUT not preventing malware that is already there communicating with the web; so before we go any further I would like you to get a better firewall installed.
  • There are many paid and free versions available for your use but in the interim I would suggest that you install one of the following free programs.
  • Once your chosen firewall is fully installed, ensure that the Microsoft Firewall is disabled as you should never have more than one firewall active at the same time as they may well interact and be less effective.
  • You have the Flashget downloader software installed, if this is the trial version it comes bundled with Cydoor adware, when you register the program the ads disappear please advise whether you have the trial or registered version.
  • You have 3 programs installed that probably contain corrupted Asian characters, what can you tell me about these
    • ??s¥~??
    • Microsoft Windows ????2?′?
    • Yahoo!?2£??μ??′?1?? 1v7
  • You also have some other programs installed that we will get back to later as I am not a big fan of them, but the main problem is the Yahoo!Assist program so that will be the priority after some basic cleaning.
  • Download CCleaner
    • Select the Download Latest Version link (top of green column) and save to your desktop
    • Right-click the ccsetup127.exe file on your desktop and select Open
    • Follow the on-screen instructions through to the Install Options page. I suggest you only retain the following 2 options
      • Add Desktop Shortcut
      • Automatically check for updates etc
    • Click Install
      To setup CCleaner
    • Click on the CCleaner icon on your desktop.
    • From the menu on the left select Options
    • Now select Advanced. On the right remove the check against Only delete files in Windows Temp folders older than 48 hours.
    • Select Cookies. When CCleaner is run it will remove all of the cookies in the left window; if there are cookies that you wish to retain then select them and transfer them to the right window. Multiple selections can be made by holding down the Ctrl key before selecting.
    • Select Cleaner from the left menu and the Windows tab
      • Under Internet Explorer place ticks in all but the last box
      • Under Windows Explorer tick the last two only
      • Under System tick all boxes
      • There is no need to tick anything under Advanced
    • From the menu on the left click on Analyze
    • When the analysis is complete, click on Run Cleaner and OK at the next screen.
    • Close CCleaner
  • Please ensure your AVG Anti-Spyware is up-to-date, boot into safe mode and carry out a complete scan with it.
  • Reboot to Normal and run a new HijackThis scan.
  • Please post the results of the AVG Anti-Spyware and a new HijackThis log. Please also expand on the nature of your problems and advise about FlashGet
GT :thumbsup:

#9 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 14 December 2006 - 12:50 PM

thank you for helping me,
my Flashget downloader software is registered version,
i am very sorry because i don't know what is: ??s¥~?? and Microsoft Windows ????2?′? but
Yahoo!?2£??μ??′?1?? 1v7 is the a yahoo assistant program.
besides that, should i uninstall the yahoo assistant program?
my computer problem is it runs so slow and lag.

here is my avg scan report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:58 AM 12/15/2006

+ Scan result:



C:\Program Files\Yahoo!\Assistant\Assist\yieacore.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\Program Files\CNX\Shui Hu Fantasy Online\local.ver -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1214440339-706699826-1060284298-1003\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yasrdd.dll -> Downloader.Baido : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yasrde.exe -> Downloader.Baido : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\Assistant\yaLive.dll/ylive.exe -> Dropper.ZSKille.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{739EB46F-1AEE-4C3D-A1A9-E31644CE6DC2}\RP37\A0015528.exe -> Dropper.ZSKille.b : Cleaned with backup (quarantined).
C:\Documents and Settings\yrhc@eht\My Documents\First World Computer\First World Documents\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Ignored.
C:\Program Files\BitComet\Downloads\Kaspersky.Antivirus.2006.v6.0.0.303.Incl Key [11-oct-2006]\Install.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Ignored.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@creative.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\yrhc@eht\Cookies\yrhc@eht@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{739EB46F-1AEE-4C3D-A1A9-E31644CE6DC2}\RP28\A0009924.dll -> Trojan.Zapchast : Cleaned with backup (quarantined).


::Report end


here is my new hijackthis report:
Logfile of HijackThis v1.99.1
Scan saved at 1:43:18 AM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R3 - URLSearchHook: ???¢?? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: ?3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: ???¢?? - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &妏蚚辦陬(FlashGet)狟婥 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#10 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 16 December 2006 - 03:46 AM

Hi yrhc@eht,
Download this file - combofix.exe

and save it to your desktop. Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe" /wow

Boot into safe mode by tapping the F8 key just before Windows starts to load.

go to start --> run and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /wow

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post, please include
  • new hijackthis log
  • combofix log
*use separate posts to ensure the logs don't get cut off!
GT :thumbsup:

Edited by Whisperer, 16 December 2006 - 08:15 AM.


#11 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 18 December 2006 - 09:28 AM

hi, whisperer

here is my combofix log:

yrhc@eht - 06-12-18 22:07:07.15 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\yrhc@eht\desktop"
Command switches used :: /wow

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\YAHOO!\Assist~1
C:\Program Files\YAHOO!\Assist~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-18 to 2006-12-18 ))))))))))))))))))))))))))))))))))


2006-12-18 22:15 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-15 12:56 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-15 12:56 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-12-15 12:53 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-15 12:48 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-12-15 12:45 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-14 23:07 86,016 --a------ C:\WINDOWS\unvise32.exe
2006-12-14 22:48 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-12-14 22:23 <DIR> d-------- C:\Program Files\Sunbelt Software
2006-12-14 22:14 <DIR> d-------- C:\Program Files\CCleaner
2006-12-12 21:41 <DIR> d-------- C:\Program Files\SoftWorld
2006-12-12 16:57 118,752 --a------ C:\WINDOWS\system32\mfcuiw32.dll
2006-12-12 01:53 8,704 --a------ C:\WINDOWS\system32\drivers\zeybkaax.sys
2006-12-11 20:38 <DIR> d-------- C:\HijackThis
2006-12-09 19:31 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!
2006-12-09 19:31 <DIR> d-------- C:\WINDOWS\cache
2006-12-08 23:50 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-12-08 23:50 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-12-08 23:16 <DIR> d-------- C:\Program Files\Warcraft III
2006-12-07 02:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2006-12-07 02:15 <DIR> d-------- C:\Program Files\Real
2006-12-07 02:15 <DIR> d-------- C:\Program Files\Common Files\Real
2006-12-07 02:15 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\Real
2006-12-07 01:59 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-07 01:38 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\PPLive
2006-12-07 01:36 <DIR> d-------- C:\Program Files\PPLive
2006-12-07 01:33 <DIR> d-------- C:\Program Files\Common Files\Synacast
2006-12-05 21:07 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2006-12-01 11:08 <DIR> d--h----- C:\WINDOWS\PIF
2006-11-30 01:10 <DIR> d-------- C:\Program Files\ElephantDrive
2006-11-30 01:03 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-11-28 04:38 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-28 04:38 <DIR> d-------- C:\Program Files\Grisoft
2006-11-28 04:32 <DIR> d-------- C:\!KillBox
2006-11-27 20:22 <DIR> d-------- C:\Valve
2006-11-25 01:59 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\Yahoo!
2006-11-24 22:34 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-11-24 22:33 <DIR> d-------- C:\Program Files\9you
2006-11-23 03:29 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\Macromedia
2006-11-23 02:39 5,376 --a------ C:\WINDOWS\system32\antiwpa.dll
2006-11-23 02:00 <DIR> d-------- C:\Program Files\PPStream
2006-11-23 02:00 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\ppstream
2006-11-22 23:29 55,224 --a------ C:\WINDOWS\system32\drivers\yaskp.sys
2006-11-22 23:28 <DIR> d-------- C:\Program Files\Yahoo!
2006-11-22 22:21 <DIR> d-------- C:\Program Files\BitComet
2006-11-22 19:36 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2006-11-22 19:32 <DIR> d-------- C:\Downloads
2006-11-22 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-22 19:23 <DIR> d--hs---- C:\Documents and Settings\yrhc@eht\UserData
2006-11-22 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2006-11-22 18:29 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\Adobe
2006-11-22 18:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-11-22 18:24 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-11-22 18:24 <DIR> d-------- C:\WINDOWS\system32\Adobe
2006-11-22 18:24 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-11-22 18:24 <DIR> d-------- C:\Program Files\Adobe
2006-11-22 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-22 18:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-11-22 18:14 <DIR> d-------- C:\Program Files\Common Files\Designer
2006-11-22 18:12 <DIR> d-------- C:\WINDOWS\ShellNew
2006-11-22 18:12 <DIR> d-------- C:\Program Files\Microsoft Office
2006-11-22 17:22 <DIR> d-------- C:\Program Files\CNX
2006-11-22 09:04 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2006-11-22 09:03 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2006-11-22 09:03 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2006-11-22 09:03 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-11-22 09:03 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2006-11-22 09:03 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2006-11-22 09:03 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2006-11-22 09:03 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2006-11-22 09:02 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2006-11-22 09:02 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2006-11-22 09:02 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2006-11-22 09:02 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2006-11-22 09:02 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2006-11-22 09:02 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2006-11-22 09:02 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2006-11-22 09:02 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2006-11-22 09:02 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2006-11-22 09:02 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2006-11-22 09:02 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2006-11-22 09:01 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2006-11-22 09:01 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2006-11-22 09:01 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2006-11-22 09:01 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2006-11-22 09:01 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2006-11-22 09:01 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2006-11-22 09:01 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2006-11-22 09:01 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2006-11-22 09:01 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2006-11-22 09:01 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2006-11-22 09:01 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2006-11-22 09:01 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2006-11-22 08:54 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-22 08:54 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-22 08:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-22 08:53 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-11-22 08:53 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-22 08:53 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-11-22 08:53 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-11-22 08:53 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-11-22 08:53 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-11-22 08:53 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-11-22 08:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-22 08:53 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-22 08:52 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-22 08:52 3,736,704 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-11-22 08:52 2,826,944 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-22 08:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-11-22 08:51 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2006-11-22 08:51 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-22 08:51 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-22 08:51 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2006-11-22 08:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-22 08:51 25,434 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2006-11-22 08:51 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-22 08:49 <DIR> d--hs---- C:\WINDOWS\Installer
2006-11-22 08:49 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-11-22 08:48 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-11-22 08:48 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-11-22 08:48 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-11-22 08:48 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-11-22 08:48 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-22 08:48 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-11-22 08:48 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-22 08:48 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-11-22 08:48 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-11-22 08:48 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-22 08:48 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-11-22 08:48 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-11-22 08:48 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-11-22 08:48 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-11-22 08:48 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-11-22 08:48 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-11-22 08:48 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-11-22 08:48 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-11-22 08:48 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-11-22 08:48 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-11-22 08:48 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-22 08:48 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-11-22 08:48 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-11-22 08:48 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-22 08:48 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-11-22 08:48 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-11-22 08:48 <DIR> dr------- C:\Program Files\Common Files\..
2006-11-22 08:48 <DIR> dr------- C:\Program Files\.
2006-11-22 08:48 <DIR> dr------- C:\Program Files
2006-11-22 08:48 <DIR> d--hs---- C:\Program Files\..
2006-11-22 08:48 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-22 08:48 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-22 08:48 <DIR> d-------- C:\Program Files\Common Files\.
2006-11-22 08:48 <DIR> d-------- C:\Program Files\Common Files
2006-11-22 08:47 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-11-22 08:47 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-11-22 08:47 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-11-22 08:47 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-11-22 08:47 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-11-22 08:47 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-11-22 08:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-11-22 08:47 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-11-22 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-11-22 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-11-22 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-11-22 08:46 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-11-22 08:46 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-11-22 08:46 <DIR> d-------- C:\Documents and Settings
2006-11-22 08:45 <DIR> d--hs---- C:\System Volume Information
2006-11-22 08:31 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-11-22 08:31 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-11-22 08:31 <DIR> dr------- C:\WINDOWS\Web
2006-11-22 08:31 <DIR> d--hs---- C:\WINDOWS\..
2006-11-22 08:31 <DIR> d--h----- C:\WINDOWS\inf
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\WinSxS
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\twain_32
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Temp
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\wins
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\spool
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\ras
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\npp
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\mui
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\IME
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\ias
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\export
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\config
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\3076
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\2052
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1054
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1042
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1041
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1037
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1033
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1031
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1028
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\1025
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\..
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32\.
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system32
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system\..
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system\.
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\system
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\security
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Resources
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\repair
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Provisioning
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\PeerNet
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\pchealth
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\mui
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\msapps
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\msagent
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Media
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\java
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\ime
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Help
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\ehome
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Debug
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Cursors
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\Config
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\AppPatch
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\addins
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS\.
2006-11-22 08:31 <DIR> d-------- C:\WINDOWS
2006-11-22 03:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-11-22 03:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-11-22 03:43 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-22 03:23 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Contacts
2006-11-22 03:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2006-11-22 03:21 <DIR> d-------- C:\WINDOWS\pss
2006-11-22 03:14 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-22 02:20 159,744 --a------ C:\WINDOWS\system32\contmenu.dll
2006-11-22 02:20 <DIR> d-------- C:\Program Files\MSNShell
2006-11-22 02:19 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-22 02:19 <DIR> d-------- C:\Program Files\MSN Messenger
2006-11-22 02:17 <DIR> d-------- C:\Program Files\Ahead
2006-11-22 02:13 <DIR> d-------- C:\Program Files\FlashGet
2006-11-22 02:11 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2006-11-22 02:11 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2006-11-22 02:11 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-11-22 02:11 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2006-11-22 02:11 311,296 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-11-22 02:11 311,296 --a------ C:\WINDOWS\system32\nvwrsel.dll
2006-11-22 02:11 303,104 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2006-11-22 02:11 299,008 --a------ C:\WINDOWS\system32\nvwrspt.dll
2006-11-22 02:11 299,008 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-11-22 02:11 299,008 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-11-22 02:11 299,008 --a------ C:\WINDOWS\system32\nvrsar.dll
2006-11-22 02:11 294,912 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-11-22 02:11 294,912 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-11-22 02:11 294,912 --a------ C:\WINDOWS\system32\nvrshe.dll
2006-11-22 02:11 290,816 --a------ C:\WINDOWS\system32\nvwrsru.dll
2006-11-22 02:11 290,816 --a------ C:\WINDOWS\system32\nvwrshu.dll
2006-11-22 02:11 282,624 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-11-22 02:11 278,528 --a------ C:\WINDOWS\system32\nvwrstr.dll
2006-11-22 02:11 278,528 --a------ C:\WINDOWS\system32\nvwrssl.dll
2006-11-22 02:11 278,528 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-11-22 02:11 274,432 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-11-22 02:11 274,432 --a------ C:\WINDOWS\system32\nvwrssk.dll
2006-11-22 02:11 274,432 --a------ C:\WINDOWS\system32\nvwrspl.dll
2006-11-22 02:11 274,432 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-11-22 02:11 274,432 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-11-22 02:11 262,144 --a------ C:\WINDOWS\system32\nvwrseng.dll
2006-11-22 02:11 262,144 --a------ C:\WINDOWS\system32\nvwrscs.dll
2006-11-22 02:11 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-11-22 02:11 262,144 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-11-22 02:11 258,048 --a------ C:\WINDOWS\system32\nvwrshe.dll
2006-11-22 02:11 258,048 --a------ C:\WINDOWS\system32\nvwrsar.dll
2006-11-22 02:11 258,048 --a------ C:\WINDOWS\system32\nvrses.dll
2006-11-22 02:11 258,048 --a------ C:\WINDOWS\system32\nvrsel.dll
2006-11-22 02:11 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-11-22 02:11 253,952 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-11-22 02:11 253,952 --a------ C:\WINDOWS\system32\nvrsesm.dll
2006-11-22 02:11 249,856 --a------ C:\WINDOWS\system32\nvrspt.dll
2006-11-22 02:11 245,760 --a------ C:\WINDOWS\system32\nvrsru.dll
2006-11-22 02:11 245,760 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-11-22 02:11 241,664 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-11-22 02:11 241,664 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-11-22 02:11 237,568 --a------ C:\WINDOWS\system32\nvrssl.dll
2006-11-22 02:11 237,568 --a------ C:\WINDOWS\system32\nvrshu.dll
2006-11-22 02:11 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-11-22 02:11 233,472 --a------ C:\WINDOWS\system32\nvrstr.dll
2006-11-22 02:11 233,472 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-11-22 02:11 233,472 --a------ C:\WINDOWS\system32\nvrssk.dll
2006-11-22 02:11 233,472 --a------ C:\WINDOWS\system32\nvrspl.dll
2006-11-22 02:11 233,472 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-11-22 02:11 225,280 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-11-22 02:11 225,280 --a------ C:\WINDOWS\system32\nvrseng.dll
2006-11-22 02:11 225,280 --a------ C:\WINDOWS\system32\nvrscs.dll
2006-11-22 02:11 204,800 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-11-22 02:11 196,608 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-11-22 02:11 184,320 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-11-22 02:11 172,032 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-11-22 02:11 155,648 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-11-22 02:11 151,552 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-11-22 02:11 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-11-22 02:11 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-11-22 02:11 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2006-11-22 02:11 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-11-22 02:11 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-11-22 02:11 <DIR> d-------- C:\WINDOWS\nview
2006-11-22 02:03 <DIR> d-------- C:\Program Files\MultiRes
2006-11-22 02:02 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-11-22 02:02 <DIR> d-------- C:\Program Files\Nvidia Omega Drivers
2006-11-22 02:00 <DIR> dr-h----- C:\Documents and Settings\yrhc@eht\Recent
2006-11-22 01:58 <DIR> d-------- C:\Program Files\w.h.l.l
2006-11-22 01:55 <DIR> d-------- C:\Program Files\WinRAR
2006-11-22 01:51 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-22 01:51 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-11-22 01:51 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-22 01:50 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2006-11-22 01:50 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-11-22 01:50 <DIR> d-------- C:\Program Files\Lexmark 2200 Series
2006-11-22 01:49 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-11-22 01:28 <DIR> dr-h----- C:\Documents and Settings\yrhc@eht\SendTo
2006-11-22 01:28 <DIR> dr-h----- C:\Documents and Settings\yrhc@eht\Application Data\.
2006-11-22 01:28 <DIR> dr-h----- C:\Documents and Settings\yrhc@eht\Application Data
2006-11-22 01:28 <DIR> dr------- C:\Documents and Settings\yrhc@eht\Start Menu
2006-11-22 01:28 <DIR> dr------- C:\Documents and Settings\yrhc@eht\My Documents
2006-11-22 01:28 <DIR> dr------- C:\Documents and Settings\yrhc@eht\Favorites
2006-11-22 01:28 <DIR> d--hs---- C:\Documents and Settings\yrhc@eht\Cookies
2006-11-22 01:28 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-22 01:28 <DIR> d--h----- C:\Documents and Settings\yrhc@eht\Templates
2006-11-22 01:28 <DIR> d--h----- C:\Documents and Settings\yrhc@eht\PrintHood
2006-11-22 01:28 <DIR> d--h----- C:\Documents and Settings\yrhc@eht\NetHood
2006-11-22 01:28 <DIR> d--h----- C:\Documents and Settings\yrhc@eht\Local Settings
2006-11-22 01:28 <DIR> d---s---- C:\Documents and Settings\yrhc@eht\Application Data\Microsoft
2006-11-22 01:28 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Desktop
2006-11-22 01:28 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\Identities
2006-11-22 01:28 <DIR> d-------- C:\Documents and Settings\yrhc@eht\Application Data\..
2006-11-22 01:28 <DIR> d-------- C:\Documents and Settings\yrhc@eht\..
2006-11-22 01:28 <DIR> d-------- C:\Documents and Settings\yrhc@eht\.
2006-11-22 01:23 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-11-22 01:23 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-11-22 01:23 <DIR> d-------- C:\WINDOWS\Prefetch
2006-11-22 01:15 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-11-22 01:15 <DIR> d-------- C:\Program Files\xerox
2006-11-22 01:15 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-11-22 01:14 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-11-22 01:14 0 -rahs---- C:\MSDOS.SYS
2006-11-22 01:14 0 -rahs---- C:\IO.SYS
2006-11-22 01:14 0 --a------ C:\CONFIG.SYS
2006-11-22 01:14 0 --a------ C:\AUTOEXEC.BAT
2006-11-22 01:11 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-11-22 01:11 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-11-22 01:11 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-11-22 01:10 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-11-22 01:09 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-11-22 01:09 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-11-22 01:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-11-22 01:09 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-11-22 01:09 <DIR> d-------- C:\Program Files\Common Files\Services
2006-11-22 01:08 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-22 01:08 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-22 01:08 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-22 01:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-22 01:08 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-22 01:08 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-22 01:08 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-22 01:08 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-22 01:08 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-22 01:08 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-11-22 01:08 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-22 01:08 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-22 01:08 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-22 01:08 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-11-22 01:08 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-22 01:08 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-22 01:08 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-22 01:08 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-22 01:08 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-22 01:08 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-22 01:08 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-22 01:08 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-22 01:08 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-22 01:08 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-11-22 01:08 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-22 01:08 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-11-22 01:08 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-11-22 01:08 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-22 01:08 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-22 01:08 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-11-22 01:08 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-22 01:08 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-11-22 01:08 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-11-22 01:08 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-22 01:08 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-11-22 01:08 <DIR> d---s---- C:\WINDOWS\Tasks
2006-11-22 01:08 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-11-22 01:08 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-11-22 01:08 <DIR> d-------- C:\WINDOWS\srchasst
2006-11-22 01:08 <DIR> d-------- C:\Program Files\NetMeeting
2006-11-22 01:08 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-11-22 01:07 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-22 01:07 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-22 01:07 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-22 01:07 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-22 01:07 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-22 01:07 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-22 01:07 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-22 01:07 <DIR> d-------- C:\Program Files\Outlook Express
2006-11-22 01:07 <DIR> d-------- C:\Program Files\Internet Explorer
2006-11-22 01:07 <DIR> d-------- C:\Program Files\Common Files\System
2006-11-22 01:06 <DIR> dr--s---- C:\WINDOWS\assembly
2006-11-22 01:04 <DIR> d-------- C:\WINDOWS\Registration
2006-11-22 01:04 <DIR> d-------- C:\Program Files\Online Services
2006-11-22 01:04 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-11-22 01:03 7,093,760 --a------ C:\WINDOWS\system32\space.scr
2006-11-22 01:03 5,068,800 --a------ C:\WINDOWS\system32\davinci.scr
2006-11-22 01:03 4,396,544 --a------ C:\WINDOWS\system32\wpgldfsh.scr
2006-11-22 01:03 3,343,360 --a------ C:\WINDOWS\system32\nature.scr
2006-11-22 01:03 1,742,336 --a------ C:\WINDOWS\system32\mypixdx.scr
2006-11-22 01:03 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2006-11-22 01:03 <DIR> d-------- C:\Program Files\Windows Plus
2006-11-22 01:03 <DIR> d-------- C:\Program Files\Windows Media Player
2006-11-22 01:02 85,504 --a------ C:\WINDOWS\system32\mhn.dll
2006-11-22 01:02 8,704 --a------ C:\WINDOWS\system32\igdetect.dll
2006-11-22 01:02 19,840 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-11-22 01:02 11,008 --a------ C:\WINDOWS\system32\drivers\mhndrv.sys
2006-11-22 01:02 <DIR> d-------- C:\Program Files\Movie Maker
2006-11-22 01:01 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-11-22 01:01 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-11-22 01:01 <DIR> d-------- C:\Program Files\Messenger
2006-11-22 01:00 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-11-22 01:00 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-11-22 01:00 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-11-22 01:00 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-11-22 01:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-11-22 01:00 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-11-22 01:00 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-11-22 01:00 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-11-22 01:00 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-11-22 01:00 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-11-22 01:00 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-11-22 01:00 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-11-22 01:00 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-11-22 01:00 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-11-22 01:00 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-11-22 01:00 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-11-22 01:00 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-11-22 01:00 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-11-22 01:00 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-11-22 01:00 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-11-22 01:00 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-11-22 01:00 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-11-22 01:00 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-11-22 01:00 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-11-22 01:00 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-11-22 01:00 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-11-22 01:00 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-11-22 01:00 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-11-22 01:00 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-11-22 01:00 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-11-22 01:00 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-11-22 01:00 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-11-22 01:00 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-11-22 01:00 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-11-22 01:00 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-11-22 01:00 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-11-22 00:59 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-22 00:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-22 00:59 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-22 00:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-22 00:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-22 00:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-22 00:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-22 00:59 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-22 00:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-22 00:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-22 00:59 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-22 00:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-22 00:59 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-22 00:59 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-22 00:59 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-22 00:59 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-22 00:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-22 00:59 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-22 00:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-22 00:59 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-22 00:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-22 00:59 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-22 00:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-22 00:59 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-22 00:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-22 00:59 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-22 00:59 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-22 00:59 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-22 00:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-22 00:59 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-22 00:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-22 00:59 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-22 00:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-22 00:59 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-22 00:59 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-22 00:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-22 00:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-22 00:59 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-22 00:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-22 00:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-22 00:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-22 00:59 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-22 00:59 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-22 00:59 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-22 00:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-22 00:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-22 00:59 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-22 00:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-11-22 00:59 <DIR> d-------- C:\WINDOWS\system32\Com
2006-11-22 00:59 <DIR> d-------- C:\Program Files\Windows NT
2006-11-22 00:59 <DIR> d-------- C:\Program Files\MSN
2006-11-21 17:13 49,536 -ra------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2006-11-21 17:13 23,168 -ra------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2006-11-21 17:13 22,048 -ra------ C:\WINDOWS\system32\cocpyinf.dll
2006-11-21 17:13 <DIR> d-------- C:\Program Files\Conexant
2006-11-21 17:12 <DIR> d--hs---- C:\RECYCLER
2006-11-21 17:11 <DIR> d-------- C:\WINDOWS\OPTIONS
2006-11-21 17:10 <DIR> d-------- C:\Program Files\VIA Technologies, INC
2006-11-21 17:09 667,543 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-11-21 17:09 46,592 -ra------ C:\WINDOWS\SOUNDMAN.EXE
2006-11-21 17:09 3,279 --a------ C:\WINDOWS\system32\drivers\VIAPFD.SYS
2006-11-21 17:09 27,648 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2006-11-21 17:09 208,896 -ra------ C:\WINDOWS\alcupd.exe
2006-11-21 17:09 135,168 -ra------ C:\WINDOWS\alcrmv.exe
2006-11-21 17:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-21 17:09 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-11-21 17:09 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-21 17:09 <DIR> d-------- C:\Program Files\AvRack
2006-11-21 17:09 <DIR> d-------- C:\Program Files\Avance Sound Manager
2006-11-21 17:08 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-11-21 17:08 24,064 --a------ C:\WINDOWS\autoload.exe
2006-11-21 17:08 <DIR> d-------- C:\Program Files\S3
2006-11-21 17:08 <DIR> d-------- C:\Documents and Settings\yrhc@eht\WINDOWS
2006-11-21 17:05 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2006-11-21 17:05 19,072 --a------ C:\WINDOWS\system32\drivers\usbehci.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgas"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Elephant Desktop]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ElephantDesktop"
"hkey"="HKCU"
"command"="C:\\Program Files\\ElephantDrive\\ElephantDesktop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 2200 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbvbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2200 Series\\lxbvbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNShell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSNShell"
"hkey"="HKCU"
"command"="C:\\Program Files\\MSNShell\\BIN\\MSNShell.exe autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files

#12 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 18 December 2006 - 09:29 AM

here is my new hijackthis scan log:

Logfile of HijackThis v1.99.1
Scan saved at 22:22, on 06-12-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ?3μ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用快车(FlashGet)下载 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用快车(FlashGet)下载全部链接 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &妏蚚辦陬(FlashGet)狟婥 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 设为 Messenger Live 头像 - C:\Program Files\MSNShell\Bin\SetMSNDP.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203
O9 - Extra button: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra 'Tools' menuitem: MSN Shell 4 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - C:\Program Files\MSNShell\Bin\MSNShell.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ?3μ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: ?3μ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (Omega 1.6693) (Q) (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#13 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 19 December 2006 - 05:47 PM

Thank you for the logs. I am pleased to say that there is an improvement in your HijackThis log - I am still looking at the other log.

In the meantime would you please update your installed programmes for me.

GT :thumbsup:

#14 yrhc@eht

yrhc@eht
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 20 December 2006 - 11:41 AM

here is my installed programmes list:

Adobe Flash Player 9 ActiveX
Adobe Illustrator CS2
Adobe SVG Viewer 3.0
Avance AC'97 Audio
AVG Anti-Spyware 7.5
BitComet 0.70
CCleaner (remove only)
Conexant USB Network Adapter
Counter-Strike: Condition Zero
ElephantDesktop
Eten
FlashGet(JetCar)
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Kaspersky Anti-Virus 6.0
Lexmark 2200 Series
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft Office XP Standard
Microsoft Windows 日记本查看器
MSN Shell 4
MSN
MultiRes (remove only)
Nero - Burning Rom
NVIDIA Drivers
Nvidia Omega Drivers Setup Files
PPLive 1.3.20
PPStream
RealPlayer
RTLSetup
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB926255)
Shui Hu Fantasy Online Version 3.2
Sunbelt Kerio Personal Firewall
Super Dancer Online
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Warcraft III: All Products
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo!相册,简易的上传工具 1v7
㊣阿飛㊣的RealONE解码器
妇肚
快车(FlashGet) Beta1

#15 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 22 December 2006 - 05:16 PM

Hi yrhc@eht,

I regret to inform you that I have run out of time as I am off to spend Christmas with my Daughter's family. I have advised the forum experts and it could well be that one of them will be able to take over - but I can not guarantee that as all are very busy.

Please accept my sincere apologies for leaving you in limbo but should you still require help I will definitely be back on 3rd January 2007 :flowers:

GT :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users