AVG keeps coming up that it has detected A trojan Horse when ever svchost.exe opens. I have choosen to clean the file, put in vault... But it keeps coming back. I have run several online scanners and nothing comes up...

I have run Hijack this and here is my log file any assisntace would be much appreciated:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:10 PM, on 6/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\PCTOOL~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202981587468
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat,avgrsstx.dll
O20 - Winlogon Notify: cdblvqtf - cdblvqtf.dll (file missing)
O20 - Winlogon Notify: fccbabx - fccbabx.dll (file missing)
O20 - Winlogon Notify: ljjbtskk - ljJBtSkK.dll (file missing)
O21 - SSODL: SetupSetup - {d173b567-239a-463b-b8c2-d214f2f6aec1} - C:\WINDOWS\Resources\SetupSetup.dll (file missing)
O21 - SSODL: wdpoefan - {46DAE6BA-D6BF-45FD-BEF8-6CA6B0ED61EA} - (no file)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9184 bytes

Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Not quite sure what this is, here is one trojan:
http://www.castlecops.com/tk43598-full_path_to_file.htmlBut it looks to be gone?

AVG keeps coming up that it has detected A trojan Horse when ever svchost.exe opensI need to know where AVG 8 says this trojan is at, it might be in System Restore. Do you have the last log from AVG or MBAM, If so post them.

Let's try to remove the junk manually and see what happens.

1) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

4) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: C:\WINDOWS\system32\jfiehayd.dll - {c5af49a2-94f3-42bd-f434-2604812c897d} - C:\WINDOWS\system32\jfiehayd.dll (file missing)
O20 - Winlogon Notify: cdblvqtf - cdblvqtf.dll (file missing)
O20 - Winlogon Notify: fccbabx - fccbabx.dll (file missing)
O21 - SSODL: SetupSetup - {d173b567-239a-463b-b8c2-d214f2f6aec1} - C:\WINDOWS\Resources\SetupSetup.dll (file missing) G
O21 - SSODL: wdpoefan - {46DAE6BA-D6BF-45FD-BEF8-6CA6B0ED61EA} - (no file)
O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - C:\WINDOWS\system32\jfiehayd.dll (file missing

Close all programs but HJT and all browser windows, then click on "Fix Checked"

5) Right click Start > Explore and navigate to these files/folders and delete them if there.

cru629.dat <<< search for that one and delete it.

6) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart and post a new HJT log with the information I requested. Tell me about any malware symptoms.

Thanks

Well I think AVG finally nabbed all the Trojan's, Cause I have about 12 of them in my Virus Vault. But attached is a list of the Viruses AVG Resident Shield Detected and what it did with them. I have not gotten any more pop ups that svchost.exe has any more viruses. But all these are still in my virus vault should I leave them there or delete them.

Also did everything on your list and here is my HJT Log after all that was done. Also thanx for your help on all this...

******************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:04 PM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {c5af49a2-94f3-42bd-f434-2604812c897d} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\PCTOOL~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202981587468
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat,avgrsstx.dll
O20 - Winlogon Notify: ljjbtskk - ljJBtSkK.dll (file missing)
O21 - SSODL: wdpoefan - {46DAE6BA-D6BF-45FD-BEF8-6CA6B0ED61EA} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8563 bytes

Attachment did not work but here it is:

Thanks for returning your information and the feedback. I don't usually open attachments (safety) but I opened this one and it looks like all of that which AVG is finding is infected System Restore files. Those files are protected and though AVG may try, it can not clean them, read a little about System Restore here:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

and let's clean the infected System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Your next AVG scan should have none of those now.

We still have a little work to do in this HJT log.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:04 PM, on 6/29/2008

C:\Program Files\Java\jre1.6.0_05\ <<< check your Java program for an update, my records show you should have one:
http://forums.spybot.info/showpost.php?p=12880&postcount=2

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {c5af49a2-94f3-42bd-f434-2604812c897d} - (no file)
O20 - Winlogon Notify: ljjbtskk - ljJBtSkK.dll (file missing)
O21 - SSODL: wdpoefan - {46DAE6BA-D6BF-45FD-BEF8-6CA6B0ED61EA} - (no file)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Right click Start > Explore and navigate to these files/folders and delete them if there.

cru629.dat <<< I have this item marked for deletion in the last instructions, did you delete it? See the google on that junk.
See this: http://www.google.com/search?hl=en&q=cru629.dat&btnG=Google+Search

Use Search Companion, first make sure all files and folders are still visiable from the first instructions.
Now click Start > Search > All files and folders > copy cru629.dat into the search box and click Search. It can take a while, so be patient. Once you know where that file is, go there and delete it.

When all is finished, post a new HJT log and tell me how the computer is running.

Thanks

OK First on the cru629.dat file I searched last time and again this time and I can not find that file on my PC. I made sure all the Hidden options were unchecked and show hidden files and folders were checked. That file is no where on my computer.

second I updated my java and installed new version as your request.

third I removed the three options from HJT.

Then I ran the SDFIX in Safe mode and then ran the combofix per the instructions on the web site from Google...

The Log files from those programs are attached in ZIP file...

How my Computer is running I am not really noticing a Diff performance wise...
Play alot of games and nothing seems any different...



***********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:50:55 PM, on 6/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\PCTOOL~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202981587468
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat,avgrsstx.dll
O20 - Winlogon Notify: cdblvqtf - C:\WINDOWS\
O20 - Winlogon Notify: fccbabx - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8413 bytes

Let's take moment to review the instructions, including this one:
http://forums.spybot.info/showthread.php?t=288

Please do not attach or link to infected files!
If a helper requests files they will give you a link to upload them.

All logs should be copy/pasted into topic and not attached unless requested by helper in that format.

I asked that TeaTimer be disabled in my first instruction and
(leave TT disabled until we finish)

TeaTimer is running in this HJT log?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:50:55 PM, on 6/30/2008
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Then I ran the SDFIX in Safe mode and then ran the combofix per the instructions on the web site from Google...
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
I have not requested that either of those tools be run. I may have done that at some point, but knowing these tools well, I use them only when I believe they must be used.

If you wish to continue the clean up yourself, that is fine with me, there are many folks waiting for help. If you want my assistance, you will need to follow my directions.

Please let me know if you wish to proceed.

Thanks

Yes I would like to continue. Sorry about the TeaTimer I took off till we are finnished, as the list of instructions in that post.

Now as to your Post:
**********************
cru629.dat <<< I have this item marked for deletion in the last instructions, did you delete it? See the google on that junk. See this: http://www.google.com/search?hl=en&q...=Google+Search
**********************

You said you wanted that file deleted. I could not find that file anywhere on my computer with multiple searches and I took that as there were instructions on how to get rid of that file / virus off web sites in that search on Google.

I am not blamming you for anything I am appreciative for all your help on this issue.

When I get home I will Turn off TeaTimer and Reboot and await your Next steps.

I thank you again I do not mean to over step your instructions.

Posted so we can view the results of these scans:

ComboFix 08-06-20.4 - Administrator 2008-06-30 14:38:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2741 [GMT -4:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\edum.db
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\edupubunyc.reg
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\mijeca.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\qebege.scr
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\tirynuka.com
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\yryr.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\zepysiz._dl
C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\dtcxssls.ini
C:\WINDOWS\system32\jduvkvqj.ini2
C:\WINDOWS\system32\jduvkvqj.tmp
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\SsuFLkkj.ini
C:\WINDOWS\system32\SsuFLkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.

2008-06-30 14:26 . 2008-06-30 14:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-30 14:21 . 2008-06-30 14:35 <DIR> d-------- C:\SDFix
2008-06-30 14:00 . 2008-06-30 14:00 <DIR> d-------- C:\Program Files\Sun
2008-06-30 14:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-30 13:58 . 2008-06-30 13:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 12:22 . 2008-06-29 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-21 15:11 . 2008-06-21 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 13:27 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-06-20 13:21 . 2008-06-20 13:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-18 22:36 . 2008-06-22 20:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-18 11:42 . 2008-06-30 09:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-18 11:42 . 2008-06-18 11:42 <DIR> d-------- C:\Program Files\AVG
2008-06-18 11:42 . 2008-06-18 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 11:42 . 2008-06-20 13:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-18 11:42 . 2008-06-18 11:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-18 11:42 . 2008-06-18 11:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-18 11:42 . 2008-06-18 11:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-11 03:16 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:16 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-05 22:07 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-05 22:06 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 19:22 . 2008-05-30 19:22 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 19:22 . 2008-05-30 19:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 19:22 . 2008-05-30 19:22 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-05-30 19:22 . 2008-05-30 19:22 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 19:22 . 2008-05-30 19:22 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-05-30 19:22 . 2008-05-30 19:22 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2008-05-30 19:22 . 2008-05-30 19:22 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2008-05-23 11:47 . 2008-05-23 12:36 <DIR> d-------- C:\Temp\Jeffs Drivers
2008-05-22 18:22 . 2008-05-22 18:22 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:22 . 2008-05-22 18:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 18:22 . 2008-05-22 18:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 18:20 . 2008-05-22 18:20 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-22 18:20 . 2008-05-22 18:20 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-22 18:19 . 2008-05-22 18:19 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2008-05-22 18:19 . 2008-05-22 18:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 18:19 . 2008-05-22 18:19 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 18:19 . 2008-05-22 18:19 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 18:18 . 2008-05-22 18:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 01:29 . 2008-05-19 01:29 <DIR> d-------- C:\Program Files\Razer
2008-05-19 01:29 . 2005-11-10 09:15 69,632 --a------ C:\WINDOWS\system32\copperhd.cpl
2008-05-19 00:47 . 2005-11-02 10:54 11,596 --a------ C:\WINDOWS\system32\drivers\copperhd.sys
2008-05-11 14:55 . 2008-05-11 14:55 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-11 14:48 . 2008-05-11 14:48 1 --a------ C:\WINDOWS\system32\SI.bin
2008-05-11 12:59 . 2008-05-11 12:59 <DIR> d-------- C:\Program Files\DVD Shrink
2008-05-11 12:59 . 2008-05-11 13:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-11 12:58 . 2008-05-11 14:24 <DIR> d-------- C:\Temp\DVD's
2008-05-11 12:57 . 2008-05-11 12:57 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-05-07 22:05 . 2008-05-07 22:17 <DIR> d-------- C:\Temp\Dell Diagnostic
2008-05-07 01:12 . 2008-05-07 01:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 12:40 . 2008-05-14 14:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-02 12:23 . 2008-05-02 12:23 <DIR> d-------- C:\Temp\Nero Images
2008-05-02 12:01 . 2008-05-02 12:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nero
2008-05-02 11:59 . 2008-05-14 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-02 11:12 . 2008-05-02 12:20 <DIR> d-------- C:\Temp\Bears Drivers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 18:42 --------- d-----w C:\Program Files\Steam
2008-06-30 18:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-30 18:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-06-30 18:00 --------- d-----w C:\Program Files\Java
2008-06-30 17:54 138,408 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-29 15:26 --------- d-----w C:\Program Files\Trillian
2008-06-18 15:54 --------- d-----w C:\Program Files\AVG7
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 03:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 16:31 --------- d-----w C:\Program Files\DivX
2008-05-19 05:05 --------- d-----w C:\Program Files\PC Tools
2008-05-19 01:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-05-19 00:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 00:12 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 00:12 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 00:12 32,866 ----a-w C:\WINDOWS\slrundll.exe
2008-04-14 00:12 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 00:12 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 00:12 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 00:12 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 00:11 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 00:11 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 00:11 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 00:11 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-07 19:59 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-19 03:54 17,565 ----a-w C:\Documents and Settings\All Users\Application Data\tywowog.dat
2008-02-19 03:54 17,240 ----a-w C:\Program Files\Common Files\samize.vbs
2008-02-19 03:54 16,718 ----a-w C:\Documents and Settings\Administrator\Application Data\zymoqedy.dll
2008-02-19 03:54 16,508 ----a-w C:\Program Files\Common Files\yfanawewe.ban
2008-02-19 03:54 15,029 ----a-w C:\Documents and Settings\All Users\Application Data\nevowanefu.bin
2008-02-19 03:54 14,449 ----a-w C:\Documents and Settings\All Users\Application Data\vyzuz.vbs
2008-02-19 01:19 18,814 ----a-w C:\Documents and Settings\All Users\Application Data\nexu.reg
2008-02-19 01:19 17,446 ----a-w C:\Program Files\Common Files\ijamy.ban
2008-02-19 01:19 17,048 ----a-w C:\Documents and Settings\Administrator\Application Data\ywer.pif
2008-02-19 01:19 16,768 ----a-w C:\Documents and Settings\All Users\Application Data\ugypabiti.bin
2008-02-19 01:19 16,124 ----a-w C:\Program Files\Common Files\jazyp.com
2008-02-19 01:19 15,842 ----a-w C:\Program Files\Common Files\iponudu.bin
2008-02-19 01:19 14,454 ----a-w C:\Program Files\Common Files\ekamiha.db
2008-02-19 01:19 11,494 ----a-w C:\Program Files\Common Files\evizoxovam.sys
2008-02-19 00:24 17,869 ----a-w C:\Documents and Settings\All Users\Application Data\uloleta.dat
2008-02-19 00:24 17,471 ----a-w C:\Program Files\Common Files\aqajosuj.lib
2008-02-16 02:54 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-31 23:30 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 22:07 289088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34 122880]
"CTHelper"="CTHELPER.EXE" [2006-08-17 12:32 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 12:32 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"NBKeyScan"="C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe" [ ]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-18 11:42 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdblvqtf]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbabx]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=cru629.dat,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Steam\\steamapps\\budaboobs\\team fortress 2\\hl2.exe"=
"C:\\Games\\World in Conflict\\wic.exe"=
"C:\\Games\\World in Conflict\\wic_online.exe"=
"C:\\Games\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"G:\\LeechFTP\\Leechftp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-18 11:42]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-18 11:42]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-18 11:42]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-18 11:42]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 12:16]
R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54]
S1 njqzpir;njqzpir;C:\WINDOWS\njqzpir.sys []
S3 Memctl;Memctl;C:\Program Files\ABIT\BlackBox\Memctl.sys [2001-11-29 05:49]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 14:42:02
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTXFISPI.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
.
**************************************************************************
.
Completion time: 2008-06-30 14:45:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 18:45:43

Pre-Run: 53,698,957,312 bytes free
Post-Run: 53,608,251,392 bytes free

253 --- E O F --- 2008-06-20 17:36:06

SDFix: Version 1.199
Run by Administrator on Mon 06/30/2008 at 02:29 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found

Please post a new HJT log and tell me about any malware issues.

Thanks

Not really seeing any pop ups or Maleware activity when running anything.
But do notice about a 10x higher ping rate when playing COD4 online...


************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:05 AM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\PCTOOL~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202981587468
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat,avgrsstx.dll
O20 - Winlogon Notify: cdblvqtf - C:\WINDOWS\
O20 - Winlogon Notify: fccbabx - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8191 bytes

Follow these directions:

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\cru629.dat

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cdblvqtf]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbabx]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=cru629.dat

Folder::
C:\SDFix

Save this as CFScript

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif

Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O20 - Winlogon Notify: cdblvqtf - C:\WINDOWS\
O20 - Winlogon Notify: fccbabx - C:\WINDOWS\

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run Clean Manager
http://spyware-free.us/tutorials/cleanmgr/

Post the combofix log from CFScript and a new HJT log.


But do notice about a 10x higher ping rate when playing COD4 online...
http://www.totalgamingnetwork.com/main/forumdisplay.php?f=197
If this is what you are talking about, try asking at the forum, this is not something I would know about.

Thanks

OK did the CFScript onto combofix it did its thing then It rebooted and came back up and generated the Log file that is in next post. Then when I ran HJT Scan Only:

O20 - Winlogon Notify: cdblvqtf - C:\WINDOWS\
O20 - Winlogon Notify: fccbabx - C:\WINDOWS\

Those were not in there to check, only one that was in there to check was:

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

I closed all Programs and Fix Checked. Then ran Clean Manager.

Then closed all Programs and ran HJT and that Log is below as well.

*************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:37 PM, on 7/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\PCTOOL~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202981587468
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7689 bytes

ComboFix 08-06-20.4 - Administrator 2008-07-01 12:12:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2733 [GMT -4:00]
Running from: C:\Downloads\ComboFix.exe
Command switches used :: C:\Downloads\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\cru629.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\SDFix
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\ComboFix.txt
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\W2K.exe
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\XP.exe
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\backups\backupreg.zip
C:\SDFix\backups\catchme.log
C:\SDFix\backups\HOSTS
C:\SDFix\catchme.exe
C:\SDFix\ComboFix-quarantined-files.txt
C:\SDFix\ComboFix.txt
C:\SDFix\dummy.sys
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX & COMBOFIX LOGS.zip
C:\SDFix\SDFIX Report.txt
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\W2K_CodecRepair.inf
C:\SDFix\XP_CodecRepair.inf

.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.

2008-07-01 11:29 . 2008-07-01 12:15 54,568 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000003-00000000-00000009-00001102-00000005-00211102}.rfx
2008-07-01 11:29 . 2008-07-01 12:15 54,568 --a------ C:\WINDOWS\system32\BMXState-{00000003-00000000-00000009-00001102-00000005-00211102}.rfx
2008-07-01 11:29 . 2008-07-01 12:15 788 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000009-00001102-00000005-00211102}.rfx
2008-07-01 11:27 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll
2008-07-01 11:22 . 2008-07-01 11:22 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-01 11:21 . 2008-07-01 11:25 <DIR> d-------- C:\WINDOWS\NV3824548.TMP
2008-07-01 11:12 . 2008-07-01 11:12 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-01 11:12 . 2008-07-01 11:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-06-30 14:26 . 2008-06-30 14:26 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-30 14:00 . 2008-06-30 14:00 <DIR> d-------- C:\Program Files\Sun
2008-06-30 14:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-30 13:58 . 2008-06-30 13:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-29 12:22 . 2008-06-29 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-21 15:11 . 2008-06-21 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 13:27 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
2008-06-20 13:21 . 2008-06-20 13:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-06-18 22:36 . 2008-06-22 20:09 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-18 11:42 . 2008-07-01 09:58 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-18 11:42 . 2008-06-18 11:42 <DIR> d-------- C:\Program Files\AVG
2008-06-18 11:42 . 2008-06-18 11:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-18 11:42 . 2008-06-20 13:32 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2008-06-18 11:42 . 2008-06-18 11:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-18 11:42 . 2008-06-18 11:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-18 11:42 . 2008-06-18 11:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-11 03:16 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 03:16 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-05 22:17 . 2008-06-05 23:04 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-05 22:07 . 2008-04-13 20:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-06-05 22:06 . 2008-04-13 20:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 16:17 --------- d-----w C:\Program Files\Steam
2008-07-01 16:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DNA
2008-07-01 15:37 136,888 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-01 15:37 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-01 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-07-01 15:27 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-01 15:27 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-01 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 15:12 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 14:56 --------- d-----w C:\Program Files\Trillian
2008-06-30 18:00 --------- d-----w C:\Program Files\Java
2008-06-18 15:54 --------- d-----w C:\Program Files\AVG7
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 16:31 --------- d-----w C:\Program Files\DivX
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 05:29 --------- d-----w C:\Program Files\Razer
2008-05-19 05:05 --------- d-----w C:\Program Files\PC Tools
2008-05-19 01:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-05-19 00:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
2008-05-14 18:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-11 18:55 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-11 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-05-11 16:59 --------- d-----w C:\Program Files\DVD Shrink
2008-05-11 16:57 --------- d-----w C:\Program Files\DVD Decrypter
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 16:01 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Nero
2008-04-30 21:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-07 19:59 17,144 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2008-02-19 03:54 17,565 ----a-w C:\Documents and Settings\All Users\Application Data\tywowog.dat
2008-02-19 03:54 17,240 ----a-w C:\Program Files\Common Files\samize.vbs
2008-02-19 03:54 16,718 ----a-w C:\Documents and Settings\Administrator\Application Data\zymoqedy.dll
2008-02-19 03:54 16,508 ----a-w C:\Program Files\Common Files\yfanawewe.ban
2008-02-19 03:54 15,029 ----a-w C:\Documents and Settings\All Users\Application Data\nevowanefu.bin
2008-02-19 03:54 14,449 ----a-w C:\Documents and Settings\All Users\Application Data\vyzuz.vbs
2008-02-19 01:19 18,814 ----a-w C:\Documents and Settings\All Users\Application Data\nexu.reg
2008-02-19 01:19 17,446 ----a-w C:\Program Files\Common Files\ijamy.ban
2008-02-19 01:19 17,048 ----a-w C:\Documents and Settings\Administrator\Application Data\ywer.pif
2008-02-19 01:19 16,768 ----a-w C:\Documents and Settings\All Users\Application Data\ugypabiti.bin
2008-02-19 01:19 16,124 ----a-w C:\Program Files\Common Files\jazyp.com
.

((((((((((((((((((((((((((((( snapshot@2008-06-30_14.45.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-30 18:41:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 16:16:22 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-08-17 16:31:42 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
+ 2008-02-21 00:58:22 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
- 2005-08-07 22:10:26 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
+ 2008-02-21 00:58:50 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
- 2006-08-17 16:33:40 11,776 ----a-w C:\WINDOWS\INRES.DLL
+ 2008-02-21 00:59:58 11,776 ----a-w C:\WINDOWS\INRES.DLL
- 2005-06-08 01:58:54 765,952 ----a-w C:\WINDOWS\system\CRLDS3D.DLL
+ 2005-06-08 00:58:54 765,952 ----a-w C:\WINDOWS\system\CRLDS3D.DLL
- 2006-08-17 16:32:46 33,792 ----a-w C:\WINDOWS\system32\a3d.dll
+ 2008-02-21 00:59:14 34,816 ----a-w C:\WINDOWS\system32\a3d.dll
- 2006-08-17 16:32:30 26,624 ----a-w C:\WINDOWS\system32\AC3API.DLL
+ 2008-02-21 00:59:02 27,648 ----a-w C:\WINDOWS\system32\ac3api.dll
+ 2006-12-05 18:52:40 48,400 ----a-w C:\WINDOWS\system32\AddCat.exe
- 2006-08-17 16:20:36 87,552 ----a-w C:\WINDOWS\system32\commonfx.dll
+ 2008-02-25 13:40:52 98,328 ----a-w C:\WINDOWS\system32\COMMONFX.DLL
- 2006-08-17 16:16:50 200,192 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2008-02-21 00:47:12 174,592 ----a-w C:\WINDOWS\system32\ct_oal.dll
+ 2008-02-21 00:55:14 10,752 ----a-w C:\WINDOWS\system32\Ct20xspi.dll
- 2006-08-17 16:22:00 158,720 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
+ 2008-02-25 13:41:44 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
- 2006-08-17 16:32:04 7,168 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
+ 2008-02-21 00:58:42 8,704 ----a-w C:\WINDOWS\system32\ctagent.dll
+ 2007-03-19 15:05:56 512,000 ----a-w C:\WINDOWS\system32\CTAPO32.dll
- 2006-08-17 16:16:44 74,752 ----a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2008-02-21 00:47:10 46,592 ----a-w C:\WINDOWS\system32\ctasio.dll
- 2006-08-17 16:20:48 536,576 ----a-w C:\WINDOWS\system32\ctaudfx.dll
+ 2008-02-25 13:40:56 551,960 ----a-w C:\WINDOWS\system32\CTAUDFX.DLL
- 2006-08-17 16:14:06 140,643 ----a-w C:\WINDOWS\system32\CTBAS2W.DAT
+ 2008-02-21 00:46:20 149,838 ----a-w C:\WINDOWS\system32\CTBAS2W.DAT
- 2006-08-17 16:11:38 113,221 ----a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2008-02-21 00:44:26 115,166 ----a-w C:\WINDOWS\system32\CTBASICW.DAT
- 2006-08-17 16:33:54 37,888 ----a-w C:\WINDOWS\system32\CTBURST.DLL
+ 2008-02-21 01:00:12 43,520 ----a-w C:\WINDOWS\system32\CTBurst.dll
- 2006-08-17 16:33:36 81,920 ----a-w C:\WINDOWS\system32\ctcoinst.dll
+ 2008-02-21 00:59:56 86,016 ----a-w C:\WINDOWS\system32\ctcoinst.dll
- 2006-08-17 16:11:10 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
+ 2008-02-21 00:44:10 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
- 2006-08-17 16:31:42 190,976 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2008-02-21 00:58:22 227,840 ----a-w C:\WINDOWS\system32\ctdc0000.dll
- 2006-08-17 16:31:44 286,208 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2008-02-21 00:58:22 335,360 ----a-w C:\WINDOWS\system32\ctdc0001.dll
- 2006-08-17 16:31:46 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2008-02-21 00:58:24 131,072 ----a-w C:\WINDOWS\system32\ctdcifce.dll
+ 2008-02-21 00:58:22 10,240 ----a-w C:\WINDOWS\system32\ctdcres.dll
- 2006-08-17 16:22:58 323,640 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2008-02-21 00:49:46 321,512 ----a-w C:\WINDOWS\system32\ctdlang.dat
- 2006-08-17 16:22:58 44,567 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
+ 2008-02-21 00:49:46 56,509 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
- 2006-08-17 16:16:38 71,680 ----a-w C:\WINDOWS\system32\CTDPROXY.DLL
+ 2008-02-21 00:47:08 49,152 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2006-08-17 16:33:36 146,432 ----a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2008-02-21 00:59:56 163,840 ----a-w C:\WINDOWS\system32\ctdvinst.dll
- 2006-08-17 16:21:12 160,768 ----a-w C:\WINDOWS\system32\cteapsfx.dll
+ 2008-02-25 13:41:06 174,104 ----a-w C:\WINDOWS\system32\CTEAPSFX.DLL
- 2006-08-17 16:16:50 47,616 ----a-w C:\WINDOWS\system32\CTEDASIO.DLL
+ 2008-02-21 00:47:12 17,920 ----a-w C:\WINDOWS\system32\ctedasio.dll
- 2006-08-17 16:17:14 269,824 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
+ 2008-02-25 13:41:10 286,232 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
- 2006-08-17 16:17:28 115,200 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
+ 2008-02-25 13:41:18 134,680 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
- 2006-08-17 16:20:32 317,952 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
+ 2008-02-25 13:41:28 329,240 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
- 2006-08-17 16:22:02 108,032 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2008-02-21 00:49:18 110,080 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2008-02-25 13:41:14 100,888 ----a-w C:\WINDOWS\system32\CTERFXFX.DLL
- 2006-08-17 16:21:44 1,170,432 ----a-w C:\WINDOWS\system32\CTEXFIFX.dll
+ 2008-02-25 13:41:36 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
+ 2008-02-21 00:58:44 19,456 ----a-w C:\WINDOWS\system32\CtHelper.exe
- 2006-08-17 16:22:02 61,952 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
+ 2008-02-25 13:41:50 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
- 2005-06-08 02:10:50 70,656 ----a-w C:\WINDOWS\system32\CTMMACTL.DLL
+ 2007-08-14 00:45:02 77,824 ----a-w C:\WINDOWS\system32\ctmmactl.dll
- 2006-08-17 16:31:58 11,776 ----a-w C:\WINDOWS\system32\CTMMEP.DLL
+ 2008-02-21 00:58:40 12,800 ----a-w C:\WINDOWS\system32\ctmmep.dll
- 2006-08-17 16:14:54 132,096 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2008-02-21 00:46:52 69,120 ----a-w C:\WINDOWS\system32\ctosuser.dll
- 2006-08-17 16:32:00 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2008-02-21 00:58:42 56,832 ----a-w C:\WINDOWS\system32\CTpcmcia.dll
+ 2007-03-19 15:06:16 45,568 ----a-w C:\WINDOWS\system32\ctppld.dll
- 2006-08-17 16:31:48 9,216 ----a-w C:\WINDOWS\system32\CTPRES.DLL
+ 2008-02-21 00:58:28 9,216 ----a-w C:\WINDOWS\system32\ctpres.dll
+ 2007-03-13 14:32:14 89,336 ----a-w C:\WINDOWS\system32\ctpxst32.exe
- 2006-08-17 16:11:52 264,526 ----a-w C:\WINDOWS\system32\CTSBAS2W.DAT
+ 2008-02-21 00:44:34 274,587 ----a-w C:\WINDOWS\system32\CTSBAS2W.DAT
- 2006-08-17 16:11:38 231,281 ----a-w C:\WINDOWS\system32\CTSBASW.DAT
+ 2008-02-21 00:44:26 241,084 ----a-w C:\WINDOWS\system32\CTSBASW.DAT
- 2006-08-17 16:21:30 548,352 ----a-w C:\WINDOWS\system32\ctsblfx.dll
+ 2008-02-25 13:41:02 566,296 ----a-w C:\WINDOWS\system32\CTSBLFX.DLL
- 2006-08-17 16:31:46 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2008-02-21 00:58:26 78,336 ----a-w C:\WINDOWS\system32\ctscal.dll
- 2005-06-30 20:24:14 121,856 ----a-w C:\WINDOWS\system32\CTSFINST.DLL
+ 2005-06-30 19:24:14 121,856 ----a-w C:\WINDOWS\system32\ctsfinst.dll
- 2006-08-17 16:32:02 23,040 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2008-02-21 00:58:42 43,520 ----a-w C:\WINDOWS\system32\ctspkhlp.dll
- 2006-08-17 16:11:10 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
+ 2008-02-21 00:44:10 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
- 2006-08-17 16:31:48 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2008-02-21 00:58:26 69,632 ----a-w C:\WINDOWS\system32\ctthxcal.dll
- 2006-08-17 16:32:14 26,112 ----a-w C:\WINDOWS\system32\CTXFIBTN.DLL
+ 2008-02-21 00:58:50 35,840 ----a-w C:\WINDOWS\system32\CTxfiBtn.dll
- 2006-08-17 16:32:10 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
+ 2008-02-21 00:58:46 19,968 ----a-w C:\WINDOWS\system32\Ctxfihlp.exe
- 2006-08-17 16:28:20 42,496 ----a-w C:\WINDOWS\system32\CTXFIREG.EXE
+ 2008-02-21 00:55:18 43,520 ----a-w C:\WINDOWS\system32\Ctxfireg.exe
- 2006-08-17 16:28:14 729,600 ----a-w C:\WINDOWS\system32\CTXFISPI.EXE
+ 2008-02-21 00:55:12 969,216 ----a-w C:\WINDOWS\system32\CTxfispi.exe
- 2006-08-17 16:32:12 25,600 ----a-w C:\WINDOWS\system32\CTXFISPK.DLL
+ 2008-02-21 00:58:48 45,056 ----a-w C:\WINDOWS\system32\CTxfiSpk.dll
- 2006-08-17 16:11:24 232,847 ----a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2008-02-21 00:44:18 235,142 ----a-w C:\WINDOWS\system32\Data\CT0060W.DAT
- 2006-08-17 16:11:10 15,899 ----a-w C:\WINDOWS\system32\Data\ctd20x.dat
+ 2008-02-21 00:44:10 26,919 ----a-w C:\WINDOWS\system32\Data\ctd20x.dat
- 2006-08-17 16:11:38 199,465 ----a-w C:\WINDOWS\system32\Data\CTEAPSW.DAT
+ 2008-02-21 00:44:26 201,502 ----a-w C:\WINDOWS\system32\Data\CTEAPSW.DAT
- 2006-08-17 16:12:24 364,238 ----a-w C:\WINDOWS\system32\Data\CTEDSP2W.DAT
+ 2008-02-21 00:44:52 374,041 ----a-w C:\WINDOWS\system32\Data\CTEDSP2W.DAT
- 2006-08-17 16:12:28 338,622 ----a-w C:\WINDOWS\system32\Data\CTEDSPHW.DAT
+ 2008-02-21 00:44:54 348,425 ----a-w C:\WINDOWS\system32\Data\CTEDSPHW.DAT
- 2006-08-17 16:12:24 284,972 ----a-w C:\WINDOWS\system32\Data\CTEDSPKW.DAT
+ 2008-02-21 00:44:50 294,775 ----a-w C:\WINDOWS\system32\Data\CTEDSPKW.DAT
- 2006-08-17 16:12:22 284,972 ----a-w C:\WINDOWS\system32\Data\CTEDSPLW.DAT
+ 2008-02-21 00:44:50 294,775 ----a-w C:\WINDOWS\system32\Data\CTEDSPLW.DAT
- 2006-08-17 16:12:26 320,862 ----a-w C:\WINDOWS\system32\Data\CTEDSPPW.DAT
+ 2008-02-21 00:44:52 330,665 ----a-w C:\WINDOWS\system32\Data\CTEDSPPW.DAT
- 2006-08-17 16:12:26 261,124 ----a-w C:\WINDOWS\system32\Data\CTEDSPTW.DAT
+ 2008-02-21 00:44:52 270,927 ----a-w C:\WINDOWS\system32\Data\CTEDSPTW.DAT
- 2006-08-17 16:12:26 261,124 ----a-w C:\WINDOWS\system32\Data\CTEDSPUW.DAT
+ 2008-02-21 00:44:52 270,927 ----a-w C:\WINDOWS\system32\Data\CTEDSPUW.DAT
- 2006-08-17 16:12:04 364,238 ----a-w C:\WINDOWS\system32\Data\CTEDSPW.DAT
+ 2008-02-21 00:44:42 374,041 ----a-w C:\WINDOWS\system32\Data\CTEDSPW.DAT
- 2006-08-17 16:11:24 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
+ 2008-02-21 00:44:18 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
- 2006-08-17 16:11:26 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
+ 2008-02-21 00:44:20 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
- 2006-08-17 16:11:42 279,348 ----a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
+ 2008-02-21 00:44:28 289,409 ----a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
- 2006-08-17 16:11:42 279,348 ----a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
+ 2008-02-21 00:44:28 289,409 ----a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
- 2006-08-17 16:11:42 266,677 ----a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
+ 2008-02-21 00:44:28 276,738 ----a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
- 2006-08-17 16:11:50 265,108 ----a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
+ 2008-02-21 00:44:34 275,169 ----a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
- 2006-08-17 16:11:46 266,677 ----a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
+ 2008-02-21 00:44:32 276,738 ----a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
- 2006-08-17 16:11:52 264,526 ----a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
+ 2008-02-21 00:44:34 274,587 ----a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
- 2006-08-17 16:11:24 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
+ 2008-02-21 00:44:20 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
- 2006-08-17 16:11:28 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
+ 2008-02-21 00:44:20 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
- 2006-08-17 16:11:26 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
+ 2008-02-21 00:44:20 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
- 2006-08-17 16:11:30 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
+ 2008-02-21 00:44:22 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
- 2006-08-17 16:11:30 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
+ 2008-02-21 00:44:22 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
- 2006-08-17 16:11:20 229,863 ----a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
+ 2008-02-21 00:44:16 232,158 ----a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
- 2006-08-17 16:11:46 265,366 ----a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
+ 2008-02-21 00:44:30 275,427 ----a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
- 2006-08-17 16:11:44 266,677 ----a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
+ 2008-02-21 00:44:30 276,738 ----a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
- 2006-08-17 16:11:32 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
+ 2008-02-21 00:44:22 235,259 ----a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
- 2006-08-17 16:11:32 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
+ 2008-02-21 00:44:22 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
- 2006-08-17 16:11:34 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
+ 2008-02-21 00:44:24 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
- 2006-08-17 16:11:34 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
+ 2008-02-21 00:44:24 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
- 2006-08-17 16:11:34 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
+ 2008-02-21 00:44:24 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
- 2006-08-17 16:11:36 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
+ 2008-02-21 00:44:24 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
- 2006-08-17 16:11:36 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
+ 2008-02-21 00:44:24 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
- 2006-08-17 16:11:36 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
+ 2008-02-21 00:44:26 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
- 2006-08-17 16:11:38 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
+ 2008-02-21 00:44:26 235,142 ----a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
- 2006-08-17 16:11:46 265,108 ----a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
+ 2008-02-21 00:44:30 275,169 ----a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
- 2006-08-17 16:11:44 266,677 ----a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
+ 2008-02-21 00:44:30 276,738 ----a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
- 2006-08-17 16:11:28 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
+ 2008-02-21 00:44:22 236,189 ----a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
- 2006-08-17 16:11:28 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
+ 2008-02-21 00:44:22 236,189 ----a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
- 2006-08-17 16:11:50 267,098 ----a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
+ 2008-02-21 00:44:32 277,159 ----a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
- 2006-08-17 16:11:48 265,755 ----a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
+ 2008-02-21 00:44:32 275,816 ----a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
- 2006-08-17 16:11:48 267,098 ----a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
+ 2008-02-21 00:44:32 277,159 ----a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
- 2006-08-17 16:11:50 265,456 ----a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
+ 2008-02-21 00:44:32 275,517 ----a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
- 2006-08-17 16:11:54 309,009 ----a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
+ 2008-02-21 00:44:36 319,070 ----a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
- 2006-08-17 16:11:56 309,669 ----a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
+ 2008-02-21 00:44:36 319,730 ----a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
- 2006-08-17 16:11:58 308,739 ----a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
+ 2008-02-21 00:44:38 318,800 ----a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
- 2006-08-17 16:11:56 309,669 ----a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
+ 2008-02-21 00:44:36 319,730 ----a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
- 2006-08-17 16:12:00 308,193 ----a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2008-02-21 00:44:38 318,254 ----a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
- 2006-08-17 16:12:02 309,669 ----a-w C:\WINDOWS\system32\Data\CTP0246W.DAT
+ 2008-02-21 00:44:38 319,730 ----a-w C:\WINDOWS\system32\Data\CTP0246W.DAT
- 2006-08-17 16:12:02 308,280 ----a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
+ 2008-02-21 00:44:40 318,341 ----a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
- 2006-08-17 16:12:02 308,193 ----a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
+ 2008-02-21 00:44:40 318,254 ----a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
- 2006-08-17 16:12:04 308,193 ----a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
+ 2008-02-21 00:44:40 318,254 ----a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
- 2006-08-17 16:12:06 313,579 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
+ 2008-02-21 00:44:42 323,640 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
- 2006-08-17 16:12:06 311,468 ----a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2008-02-21 00:44:42 321,529 ----a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
- 2006-08-17 16:12:12 312,133 ----a-w C:\WINDOWS\system32\Data\CTP0355W.DAT
+ 2008-02-21 00:44:44 322,194 ----a-w C:\WINDOWS\system32\Data\CTP0355W.DAT
- 2006-08-17 16:12:08 311,491 ----a-w C:\WINDOWS\system32\Data\CTP0358W.DAT
+ 2008-02-21 00:44:44 321,552 ----a-w C:\WINDOWS\system32\Data\CTP0358W.DAT
- 2006-08-17 16:12:10 310,561 ----a-w C:\WINDOWS\system32\Data\CTP0359W.DAT
+ 2008-02-21 00:44:44 320,622 ----a-w C:\WINDOWS\system32\Data\CTP0359W.DAT
- 2006-08-17 16:12:10 310,015 ----a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2008-02-21 00:44:44 320,076 ----a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
- 2006-08-17 16:12:14 310,015 ----a-w C:\WINDOWS\system32\Data\CTP0380W.DAT
+ 2008-02-21 00:44:46 320,076 ----a-w C:\WINDOWS\system32\Data\CTP0380W.DAT
- 2006-08-17 16:12:16 310,046 ----a-w C:\WINDOWS\system32\Data\CTP0400W.DAT
+ 2008-02-21 00:44:48 319,757 ----a-w C:\WINDOWS\system32\Data\CTP0400W.DAT
- 2006-08-17 16:14:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2008-02-21 00:46:20 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
- 2006-08-17 16:14:12 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0462W.DAT
+ 2008-02-21 00:46:24 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0462W.DAT
- 2006-08-17 16:14:12 244,765 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
+ 2008-02-21 00:46:22 277,104 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
- 2006-08-17 16:14:14 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2008-02-21 00:46:22 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
- 2006-08-17 16:14:14 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
+ 2008-02-21 00:46:22 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
- 2006-08-17 16:14:12 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
+ 2008-02-21 00:46:22 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
- 2006-08-17 16:14:14 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2008-02-21 00:46:22 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
- 2006-08-17 16:14:14 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
+ 2008-02-21 00:46:22 276,658 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
- 2006-08-17 16:14:16 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
+ 2008-02-21 00:46:24 276,330 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
- 2006-08-17 16:14:16 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
+ 2008-02-21 00:46:24 276,330 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
- 2006-08-17 16:14:16 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
+ 2008-02-21 00:46:24 276,330 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
- 2006-08-17 16:13:18 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0530L.DAT
+ 2008-02-21 00:45:36 232,116 ----a-w C:\WINDOWS\system32\Data\CTP0530L.DAT
- 2006-08-17 16:12:30 311,666 ----a-w C:\WINDOWS\system32\Data\CTP0530W.DAT
+ 2008-02-21 00:44:54 321,377 ----a-w C:\WINDOWS\system32\Data\CTP0530W.DAT
- 2006-08-17 16:14:06 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0531L.DAT
+ 2008-02-21 00:46:20 232,116 ----a-w C:\WINDOWS\system32\Data\CTP0531L.DAT
- 2006-08-17 16:13:18 311,666 ----a-w C:\WINDOWS\system32\Data\CTP0531W.DAT
+ 2008-02-21 00:45:38 321,377 ----a-w C:\WINDOWS\system32\Data\CTP0531W.DAT
- 2006-08-17 16:14:14 245,351 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2008-02-21 00:46:22 276,916 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
- 2006-08-17 16:14:16 245,023 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
+ 2008-02-21 00:46:24 276,588 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
- 2006-08-17 16:12:18 310,046 ----a-w C:\WINDOWS\system32\Data\CTP0600W.DAT
+ 2008-02-21 00:44:48 319,757 ----a-w C:\WINDOWS\system32\Data\CTP0600W.DAT
- 2006-08-17 16:12:20 310,046 ----a-w C:\WINDOWS\system32\Data\CTP0610W.DAT
+ 2008-02-21 00:44:48 319,757 ----a-w C:\WINDOWS\system32\Data\CTP0610W.DAT
- 2006-08-17 16:12:22 310,046 ----a-w C:\WINDOWS\system32\Data\CTP0669W.DAT
+ 2008-02-21 00:44:50 319,757 ----a-w C:\WINDOWS\system32\Data\CTP0669W.DAT
+ 2008-02-21 00:46:26 358,805 ----a-w C:\WINDOWS\system32\Data\CTP0678W.DAT
- 2006-08-17 16:14:12 326,466 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2008-02-21 00:46:22 358,805 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
- 2006-08-17 16:14:14 245,847 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
+ 2008-02-21 00:46:24 278,510 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
- 2006-08-17 16:14:16 245,847 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
+ 2008-02-21 00:46:24 278,510 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
+ 2008-02-21 00:46:24 276,079 ----a-w C:\WINDOWS\system32\Data\CTP0760W.DAT
+ 2008-02-21 00:46:26 278,572 ----a-w C:\WINDOWS\system32\Data\CTP0772W.DAT
+ 2008-02-21 00:46:26 278,572 ----a-w C:\WINDOWS\system32\Data\CTP0773W.DAT
+ 2008-02-21 00:46:26 278,572 ----a-w C:\WINDOWS\system32\Data\CTP0776W.DAT
+ 2008-02-21 00:46:26 278,572 ----a-w C:\WINDOWS\system32\Data\CTP0779W.DAT
- 2006-08-17 16:11:12 231,389 ----a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
+ 2008-02-21 00:44:12 233,684 ----a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
- 2006-08-17 16:11:12 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
+ 2008-02-21 00:44:10 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
- 2006-08-17 16:11:14 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
+ 2008-02-21 00:44:12 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
- 2006-08-17 16:11:12 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
+ 2008-02-21 00:44:12 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
- 2006-08-17 16:11:16 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
+ 2008-02-21 00:44:14 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
- 2006-08-17 16:11:20 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
+ 2008-02-21 00:44:16 232,158 ----a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
- 2006-08-17 16:11:40 257,538 ----a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
+ 2008-02-21 00:44:28 267,599 ----a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
- 2006-08-17 16:11:18 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
+ 2008-02-21 00:44:16 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
- 2006-08-17 16:11:18 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
+ 2008-02-21 00:44:14 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
- 2006-08-17 16:11:18 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
+ 2008-02-21 00:44:16 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
- 2006-08-17 16:11:20 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
+ 2008-02-21 00:44:16 232,158 ----a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
- 2006-08-17 16:11:14 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
+ 2008-02-21 00:44:12 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
- 2006-08-17 16:11:14 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
+ 2008-02-21 00:44:12 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
- 2006-08-17 16:11:16 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
+ 2008-02-21 00:44:14 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
- 2006-08-17 16:11:16 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
+ 2008-02-21 00:44:14 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
- 2006-08-17 16:11:14 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
+ 2008-02-21 00:44:14 233,024 ----a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
- 2006-08-17 16:11:22 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
+ 2008-02-21 00:44:18 232,158 ----a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
- 2006-08-17 16:11:22 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
+ 2008-02-21 00:44:18 232,158 ----a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
- 2006-08-17 16:11:22 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
+ 2008-02-21 00:44:18 232,158 ----a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
- 2006-08-17 16:11:26 232,847 ----a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
+ 2008-02-21 00:44:20 235,142 ----a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
- 2006-08-17 16:11:12 231,389 ----a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2008-02-21 00:44:12 233,684 ----a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
- 2006-08-17 16:11:10 2,091 ----a-w C:\WINDOWS\system32\Data\cts20x.dat
+ 2008-02-21 00:44:10 2,091 ----a-w C:\WINDOWS\system32\Data\cts20x.dat
- 2006-08-17 16:10:28 47,104 ----a-w C:\WINDOWS\system32\DEVREG.DLL
+ 2008-02-21 00:43:46 32,768 ----a-w C:\WINDOWS\system32\devreg.dll
- 2006-08-17 16:32:46 33,792 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2008-02-21 00:59:14 34,816 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2008-04-13 18:45:14 60,160 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2008-04-13 19:16:36 141,056 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2008-04-14 00:11:56 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2007-12-05 06:41:00 7,435,392 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2008-05-03 02:46:00 6,554,496 -c--a-w C:\WINDOWS\system32\dllcache\nv4_mini.sys
+ 2008-04-13 19:19:42 146,048 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2008-04-13 18:45:16 49,408 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2008-04-14 00:12:46 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2005-06-08 18:08:34 1,359,744 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
+ 2008-02-25 13:43:10 1,366,424 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
- 2006-08-17 16:14:24 502,272 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2008-02-25 13:43:16 511,000 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2006-08-17 16:17:10 500,480 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2008-02-25 13:43:24 524,312 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2006-08-17 16:23:00 340,176 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
+ 2008-02-25 13:43:30 346,856 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
- 2002-12-30 15:53:36 12,160 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2008-02-25 13:43:42 18,840 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
- 2005-06-08 02:06:06 1,298,944 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
+ 2008-02-25 13:43:50 1,372,568 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
- 2006-08-17 16:15:00 116,224 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2008-02-25 13:43:56 127,000 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2006-08-17 16:17:12 7,168 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2008-02-25 13:44:00 14,360 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2006-08-17 16:14:42 143,872 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2008-02-25 13:44:08 157,208 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
- 2006-08-17 16:14:38 78,336 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2008-02-25 13:44:22 92,696 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2006-08-17 16:15:24 765,952 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2008-02-25 13:44:30 797,720 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
- 2006-08-17 16:16:32 1,110,528 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
+ 2008-02-25 13:44:38 1,172,504 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
- 2006-08-17 16:15:32 154,112 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2008-02-25 13:44:50 162,840 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
- 2006-08-17 16:15:38 180,224 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
+ 2008-02-25 13:45:02 189,464 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
- 2007-12-05 06:41:00 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2008-05-03 02:46:00 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
- 2006-08-17 16:32:56 8,192 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
+ 2008-02-25 13:45:14 15,896 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2008-04-13 19:19:41 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2008-04-13 19:19:42 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2008-04-13 18:45:15 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2008-04-13 18:45:16 49,408 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2001-07-11 15:51:00 77,824 ----a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2001-07-11 14:51:00 77,824 ----a-w C:\WINDOWS\system32\eaxac3.dll
- 2006-08-17 16:11:08 4,096 ----a-w C:\WINDOWS\system32\ENLOCSTR.EXE
+ 2008-02-21 00:44:08 5,120 ----a-w C:\WINDOWS\system32\enlocstr.exe
- 2007-12-05 06:41:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
+ 2008-05-03 02:46:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
- 2006-08-17 16:11:02 9,216 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
+ 2008-02-21 00:44:02 10,240 ----a-w C:\WINDOWS\system32\killapps.exe
+ 2008-02-21 00:43:46 28,672 ----a-w C:\WINDOWS\system32\mididef.exe
- 2007-12-05 06:41:00 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
+ 2008-05-03 02:46:00 6,108,160 ----a-w C:\WINDOWS\system32\nv4_disp.dll
- 2007-12-05 06:41:00 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
+ 2008-05-03 02:46:00 425,984 ----a-w C:\WINDOWS\system32\nvapi.dll
- 2007-12-05 06:41:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
+ 2008-05-03 02:46:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
- 2007-12-05 06:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
+ 2008-05-03 02:46:00 41,984 ----a-w C:\WINDOWS\system32\nvcod.dll
- 2007-12-05 06:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
+ 2008-05-03 02:46:00 41,984 ----a-w C:\WINDOWS\system32\nvcodins.dll
- 2007-12-05 06:41:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
+ 2008-05-03 02:46:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
- 2007-12-05 06:41:00 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
+ 2008-05-03 02:46:00 13,529,088 ----a-w C:\WINDOWS\system32\nvcpl.dll
- 2007-11-06 23:00:00 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
+ 2008-05-03 02:46:00 768,544 ----a-w C:\WINDOWS\system32\nvcplui.exe
- 2007-12-05 06:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
+ 2008-05-03 02:46:00 1,241,088 ----a-w C:\WINDOWS\system32\nvcuda.dll
- 2007-12-05 06:41:00 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
+ 2008-05-03 02:46:00 6,582,272 ----a-w C:\WINDOWS\system32\nvdisps.dll
- 2007-12-05 06:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
+ 2008-05-03 02:46:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
- 2007-11-06 23:00:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
+ 2008-05-03 02:46:00 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll
- 2007-12-05 06:41:00 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
+ 2008-05-03 02:46:00 3,391,488 ----a-w C:\WINDOWS\system32\nvgames.dll
- 2007-12-05 06:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
+ 2008-05-03 02:46:00 1,486,848 ----a-w C:\WINDOWS\system32\nview.dll
- 2007-12-05 06:41:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
+ 2008-05-03 02:46:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
- 2007-12-05 06:41:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
+ 2008-05-03 02:46:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
- 2007-12-05 06:41:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
+ 2008-05-03 02:46:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
- 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
+ 2008-05-03 02:46:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
- 2007-12-05 06:41:00 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
+ 2008-05-03 02:46:00 1,257,472 ----a-w C:\WINDOWS\system32\nvmobls.dll
- 2007-12-05 06:41:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
+ 2008-05-03 02:46:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
- 2007-12-05 06:41:00 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
+ 2008-05-03 02:46:00 8,769,536 ----a-w C:\WINDOWS\system32\nvoglnt.dll
- 2007-12-05 06:41:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
+ 2008-05-03 02:46:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
- 2007-12-05 06:41:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
+ 2008-05-03 02:46:00 159,812 ----a-w C:\WINDOWS\system32\nvsvc32.exe
- 2007-12-05 06:41:00 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
+ 2008-05-03 02:46:00 442,368 ----a-w C:\WINDOWS\system32\nvudisp.exe
- 2007-12-05 06:41:00 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
+ 2008-05-03 02:46:00 3,776,512 ----a-w C:\WINDOWS\system32\nvvitvs.dll
- 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
+ 2008-05-03 02:46:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
- 2007-12-05 06:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
+ 2008-05-03 02:46:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
- 2007-12-05 06:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
+ 2008-05-03 02:46:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
- 2007-12-05 06:41:00 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
+ 2008-05-03 02:46:00 2,629,632 ----a-w C:\WINDOWS\system32\nvwss.dll
- 2007-12-05 06:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2008-05-03 02:46:00 1,630,208 ----a-w C:\WINDOWS\system32\nwiz.exe
- 2006-08-24 18:47:34 749,568 ----a-w C:\WINDOWS\system32\OALINST.EXE
+ 2007-07-11 06:30:34 782,336 ----a-w C:\WINDOWS\system32\OALInst.exe
- 2006-08-17 16:14:28 73,728 ----a-w C:\WINDOWS\system32\PIAPROXY.DLL
+ 2008-02-21 00:46:42 64,512 ----a-w C:\WINDOWS\system32\piaproxy.dll
+ 2008-02-21 00:58:46 37,888 ----a-w C:\WINDOWS\system32\psconv.exe
+ 2008-02-21 00:58:52 38,400 ----a-w C:\WINDOWS\system32\readreg.exe
- 2006-08-17 16:14:32 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2008-02-21 00:46:46 13,312 ----a-w C:\WINDOWS\system32\regplib.exe
+ 2007-12-05 06:41:00 5,773,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nv4_disp.dll
+ 2007-12-05 06:41:00 7,435,392 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nv4_mini.sys
+ 2007-12-05 06:41:00 385,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvapi.dll
+ 2007-12-05 06:41:00 35,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvcod.dll
+ 2007-12-05 06:41:00 8,523,776 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvcpl.dll
+ 2007-12-05 06:41:00 1,089,536 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvcuda.dll
+ 2007-12-05 06:41:00 6,549,504 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvdisps.dll
+ 2007-12-05 06:41:00 3,420,160 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvgames.dll
+ 2007-12-05 06:41:00 229,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvmccs.dll
+ 2007-12-05 06:41:00 188,416 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvmccss.dll
+ 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvmctray.dll
+ 2007-12-05 06:41:00 1,228,800 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvmobls.dll
+ 2007-12-05 06:41:00 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvnt4cpl.dll
+ 2007-12-05 06:41:00 6,901,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvoglnt.dll
+ 2007-12-05 06:41:00 155,716 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvsvc32.exe
+ 2007-12-05 06:41:00 3,710,976 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvvitvs.dll
+ 2007-12-05 06:41:00 81,920 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvwddi.dll
+ 2007-12-05 06:41:00 2,498,560 ----a-w C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvwss.dll
- 2006-08-17 16:14:50 21,504 ----a-w C:\WINDOWS\system32\sfman32.dll
+ 2008-02-21 00:46:52 6,144 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2006-08-17 16:14:46 120,832 ----a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2008-02-21 00:46:50 104,448 ----a-w C:\WINDOWS\system32\sfms32.dll
- 2008-04-14 00:12:45 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2008-04-14 00:12:46 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2008-07-01 16:18:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_a38.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\PC Tools\NVIDIA Corporation\nTune\nTuneCmd.exe" [ ]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-31 23:30 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-07 22:07 289088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15 600896]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 19:25 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-07-11 12:34 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [ ]
"NBKeyScan"="C:\Program Files\PC Tools\Nero\Nero 8\Nero BackItUp\NBKeyScan.exe" [ ]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 10:53 155648]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-18 11:42 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Uniblue RegistryBooster 2"=C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Games\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Games\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Steam\\steamapps\\budaboobs\\team fortress 2\\hl2.exe"=
"C:\\Games\\World in Conflict\\wic.exe"=
"C:\\Games\\World in Conflict\\wic_online.exe"=
"C:\\Games\\World in Conflict\\wic_ds.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"G:\\LeechFTP\\Leechftp.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Games\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14:46]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-18 11:42]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-18 11:42]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-18 11:42]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-18 11:42]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 UsbFltr;Razer Copperhead Driver;C:\WINDOWS\system32\drivers\copperhd.sys [2005-11-02 10:54]
S1 njqzpir;njqzpir;C:\WINDOWS\njqzpir.sys []
S3 Memctl;Memctl;C:\Program Files\ABIT\BlackBox\Memctl.sys [2001-11-29 05:49]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 12:16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA nTune Performance Application\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-01 12:21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-01 16:21:14
ComboFix2.txt 2008-06-30 18:45:47

Pre-Run: 52,963,143,680 bytes free
Post-Run: 53,097,623,552 bytes free

828 --- E O F --- 2008-06-20 17:36:06

That's a clean HJT log any other malware issues?

I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

Since we do not need to scan with combofix, click NO

http://img.photobucket.com/albums/v666/sUBs/RC_whatnext.gif

http://img.photobucket.com/albums/v666/sUBs/RC_AllDone.gif

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.