Infected With Party Poker Popups

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Infected With Party Poker Popups, do not know how to remove it

Options

ymonkee View Member Profile	Apr 30 2007, 05:26 AM Post #1
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Note: it's not just Party Poker but other IE7 hijacks. even when i use Firefox My "hijackthis" log Logfile of HijackThis v1.99.1 Scan saved at 7:51:58 PM, on 30/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sttray.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe D:\Program Files\Nero 7\InCD\NBHGui.exe D:\Program Files\Nero 7\InCD\InCD.exe C:\Program Files\Azureus Installer\Azureus-Installer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\STacSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\iRemote\iRemote.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Azureus\Azureus.exe C:\WINDOWS\system32\ping.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe This post has been edited by ymonkee: Apr 30 2007, 05:35 AM

SifuMike View Member Profile	May 4 2007, 09:44 PM Post #2
malware expert Group: HJT Team Posts: 12,479 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hello ymonkee, I am SifuMike and I will be helping you. I am not seeing much in your log so lets dig deeper. You will need to use Internet Explorer for this scan. Disable your antivirus program and go here to run BitDefender Online Scan. Click on I Agree. Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner. When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log. **************** Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the program AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection. Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc. 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on AVG antispyware in the system tray and uncheck "Start with Windows". 7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the AVG Antispyware Full database installer from here. 8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". 1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program. 2.) At the top, under Main choose: Select All 3.) Click the Empty Selected button. If you use the Firefox browser: 1.) At the top, click Firefox and choose: Select All 2.) Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. If you use the Opera browser: 1.) At the top, click Opera and choose: Select All 2.) Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click NO at the prompt. Scan with AVG Anti-Spyware 7.5 as follows: 1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab. Under "How to act?", click on "Recommended actions" and choose [b]"Quarantine" to set default action for detected malware. Under "How to Scan?" check all (default). Under "Possibly unwanted software" check all (default). Under "What to Scan?" make sure "Scan every file" is selected (default). Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found". 2. Click the "Scan" tab to return to scanning options. 3. Click "Complete System Scan" to start. 4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button. Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2) At the bottom of the window click on the Apply all Actions button. (3) When done, click the Save Scan Report button. (4) Click the Save Report as button. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\ Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes. Reboot to Normal Mode. ************** Let's look in a different place for signs. Open HijackThis Go to 'config' Go to 'misc tools' Press the button 'open uninstall manager' Press 'save list' A notepad file will open. Post the content here in your reply. Close HijackThis. ************** I need you to rename Hijackthis because I believe that you may have an infection that can hide some entries in your log. Please go to the folder where you saved Hijackthis.exe: C:\Program Files\HijackThis\HijackThis.exe Right-click on it, then select Rename. Name it something like: AnalyzeThis.exe (or whatever you want) Then double-click AnalyzeThis.exe to scan and then post the new logfile. When done, submit the BitDefender log, the AVG Anti-Spyware 7.5 log, the uninstall listing and a fresh Hijackthis log. This post has been edited by SifuMike: May 4 2007, 09:48 PM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.**

ymonkee View Member Profile	May 5 2007, 05:25 AM Post #3
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Thank you very much for coming to my aid SifuMike. If i hadn't found this site i would've had to reformat my hard drive.... ur a real life saver. Here is my bit defender log BitDefender Online Scanner Scan report generated at: Sat, May 05, 2007 - 17:32:40 Scan path: A:\;C:\;D:\;E:\;F:\;G:\; Statistics Time 00:42:01 Files 373335 Folders 6829 Boot Sectors 5 Archives 3611 Packed Files 40023 Results Identified Viruses 1 Infected Files 2 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 2 Engines Info Virus Definitions 504254 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions ; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm Infected with: Trojan.Clicker.CM C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm Disinfection failed C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm Deleted C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm Infected with: Trojan.Clicker.CM C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm Disinfection failed C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm Deleted Here is my AVG log. The scan found nothing. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:25:10 PM 5/05/2007 + Scan result: Nothing found. ::Report end Here is my uninstall list* Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player ActiveX Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Software Update AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Azureus Azureus Installer Diskeeper Home Edition DVD Decrypter (Remove Only) Grand Theft Auto GTA2 GTA2 Game Hunter Hamachi 1.0.2.1 High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections iRemote 1.9 Beta iTunes Java™ SE Runtime Environment 6 Update 1 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.3) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 Parser and SDK Nero 7 Ultra Edition neroxml PDF Settings QuickTime Real Alternative 1.52 Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 8 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) SigmaTel Audio Skype 3.1 Skype Plugin Manager Sony Ericsson Themes Creator 3.11 Sound Blaster Live! Sound Blaster Live! Web 2K/XP Spybot - Search & Destroy 1.4 Star Downloader Free Update for Office 2007 (KB932080) Update for Outlook 2007 Junk Email Filter (KB932338) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB931836) Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver And finally, here is my hijack this log Logfile of HijackThis v1.99.1 Scan saved at 7:42:49 PM, on 5/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sttray.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe D:\Program Files\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\STacSV.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe D:\Program Files\Nero 7\InCD\NBHGui.exe D:\Program Files\Nero 7\InCD\InCD.exe D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Azureus Installer\Azureus-Installer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WatchThis\WatchThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe This post has been edited by ymonkee: May 5 2007, 05:29 AM

SifuMike View Member Profile	May 5 2007, 12:20 PM Post #4
malware expert Group: HJT Team Posts: 12,479 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi ymonkee, I am not seeing much to remove in your log. You will need to disable Spybot Teatimer, as it will stop registry changes by Hijackthis. Refer to this site to disable it. http://www.russelltexas.com/malware/teatimer.htm After we are done with the Hijackthis fix, you can enable it. Since we are done with AVG antispyware, you can uninstall it. Download CCleaner and install it. (default location is best). Do not run it yet! CCleaner Tutorial ***************************************** In Normal , select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix." O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) These are optinal fixes. The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources. O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE (Description: CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it ) O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.) O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\" (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.) O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.) *************************************** NOTE CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups. Let's empty the temp files: Run CCleaner. CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system. 1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build. 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab: • Clean all entries in the "Internet Explorer" section except Cookies. • Clean all the entries in the "Windows Explorer" section. • Clean all entries in the "System" section. • Clean all entries in the "Advanced" section. • Clean any others that you choose. In the Applications Tab: • Clean all except cookies in the Firefox/Mozilla section if you use it. • Clean all in the Opera section if you use it. • Clean Sun Java in the Internet Section. • Clean any others that you choose. 4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. If it asks you to reboot at the end, click NO. CCleaner should be run with the above settings for each User Account! *************************************** Finally, reboot your computer, post a new Hijackthis log, and tell me how your computer is running. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.**

ymonkee View Member Profile	May 7 2007, 12:18 PM Post #5
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Hi sifumike, After monitoring my computer usage for a day, I've noticed that i only appear to be getting the popup hijacks when i use my internet. It happens mostly when i'm surfing with the more i'm surfing, the more frequently it pops up. When i use my computer for other activities it appears much less. i've followed all those instructions but i still appear to be getting them. ... What happens is that after i follow ur posts the frequency of the hijacks comes up less, but after a while it comes back more frequently. so i think ur sorta on the right track (i'm guessing). here's my new hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 2:40:21 AM, on 8/05/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe D:\Program Files\Nero 7\InCD\NBHGui.exe C:\WINDOWS\system32\igfxsrvc.exe D:\Program Files\Nero 7\InCD\InCD.exe C:\Program Files\Azureus Installer\Azureus-Installer.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Nero 7\InCD\InCDsrv.exe C:\WINDOWS\system32\STacSV.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\WatchThis\WatchThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe - thanks again for helping me out

SifuMike View Member Profile	May 7 2007, 12:31 PM Post #6
malware expert Group: HJT Team Posts: 12,479 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi ymonkee, QUOTE I've noticed that i only appear to be getting the popup hijacks when i use my internet. It happens mostly when i'm surfing with the more i'm surfing, the more frequently it pops up. Please tell me about the popups you are getting? What do the popups say? Any details would be helpful. Are they messenger popups? I am not seeing any malware in your log, so lets dig deeper. 1. Download this file - combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix. To disable Norton AntiVirus Script Blocking Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program. Click Options. If you see a menu, click Norton AntiVirus. In the left pane, click Script Blocking. In the right pane, uncheck Enable Script Blocking (recommended). Click OK Trojan Hunter has been reported to detect combofix as Worm.Qiv.100. -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

ymonkee View Member Profile	May 10 2007, 07:16 AM Post #7
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Hello SifuMike. Since using combotfix, i'm pleased to report i've not had a single pop-up in the past 2 days. :D i'm not sure if this means that i'm cured. .... Anyway, prior to using combot fix, i copied the popups' address as they came up on ie7. sometimes b4 they loaded properly. http://www.partypoker.com/marketing/cm.htm?wm=2819465 http://latino.nylonstarz.com/1/ http://gest.ivefound.com/cont/_paypopup/pop.htm http://www.grandhotelcasino.com/home.asp?b...102_c3211_b2191 http://ad.doubleclick.net/adi/N1684.YesUp/...;sz=800x600;kw=[keyword];ord=[timestamp]? http://ad.jamster.com.au/landingpages/camp...752030080705536 http://adnetserver.com/?dest=ck-48232&...lid=os&mpt=[CACHEBUSTER] http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0 http://popunder.adsrevenue.net/links.php?d...file=popnetwork http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0 http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0 http://www.cheaptraffic.com.au/adsredirect...com.au%2Fexcom1 http://www.myshoppingpage.com/ppc/index1.php http://popunder.adsrevenue.net/links.php?d...file=popnetwork http://trafficadmin.net/out/send_out_n_ook...p;cidtor=106432 http://popunder.adsrevenue.net/links.php?d...file=popnetwork http://popunder.adsrevenue.net/links.php?d...file=popnetwork http://www.clicksor.com/ http://popunder.adsrevenue.net/links.php?d...file=popnetwork http://www.partypoker.com/marketing/cm.htm?wm=2819465 Here is my combotfix log ... i had a problem when combotfix automatically restarted after it detected a problem and was preparing a problem. So i had re-restart. But i've since done 2 combotfix logs and haven't noticed any difference between the two. I'll just post up the first one that came up after i re-restarted. "Sam n" - 2007-05-09 1:21:32 Service Pack 2 ComboFix 07-05.07.3.V - Running from: "F:\Sam\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-06 22:22 <DIR> d-------- C:\Program Files\CCleaner 2007-05-06 20:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-05-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-05-03 01:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Media Player Classic 2007-04-30 19:41 <DIR> d-------- C:\Program Files\WatchThis 2007-04-30 13:56 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-30 00:51 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys 2007-04-30 00:51 94,208 --a------ C:\WINDOWS\DEVREG.DLL 2007-04-30 00:51 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys 2007-04-30 00:51 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL 2007-04-30 00:51 65,536 --a------ C:\WINDOWS\system32\a3d.dll 2007-04-30 00:51 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL 2007-04-30 00:51 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE 2007-04-30 00:51 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL 2007-04-30 00:51 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE 2007-04-30 00:51 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\sfman32.dll 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL 2007-04-30 00:51 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL 2007-04-30 00:51 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL 2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80651102}.dat 2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80651102}.dat 2007-04-30 00:51 213,860 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys 2007-04-30 00:51 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys 2007-04-30 00:51 184,320 --a------ C:\WINDOWS\PSCONV.EXE 2007-04-30 00:51 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat 2007-04-30 00:51 176,128 --a------ C:\WINDOWS\READREG.EXE 2007-04-30 00:51 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat 2007-04-30 00:51 156,604 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys 2007-04-30 00:51 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL 2007-04-30 00:51 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL 2007-04-30 00:51 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys 2007-04-30 00:51 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat 2007-04-30 00:51 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT 2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL 2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL 2007-04-30 00:51 11,068 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys 2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL 2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL 2007-04-29 22:53 <DIR> d-------- C:\Program Files\directx 2007-04-26 16:35 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-24 17:34 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Ahead 2007-04-24 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-04-24 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero 2007-04-24 01:32 204,800 --a------ C:\WINDOWS\system32\igfxCoIn_v4785.dll 2007-04-24 01:32 <DIR> d-------- C:\Intel 2007-04-24 00:46 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-24 00:46 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Hamachi 2007-04-23 21:40 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-04-23 21:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-04-23 21:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-04-23 21:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-04-23 21:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-23 21:40 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-04-23 21:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-04-23 21:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-23 21:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-04-23 21:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-04-23 21:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-04-23 21:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-04-23 21:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-04-23 21:40 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-04-23 21:35 626,688 --a------ C:\WINDOWS\system\msvcr80.dll 2007-04-23 21:24 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-04-23 20:32 <DIR> d-------- C:\DOCUME~1\SAMN~1\WINDOWS 2007-04-23 20:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2007-04-23 20:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-04-23 20:15 <DIR> d-------- C:\Program Files\Microsoft Works 2007-04-23 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-04-23 20:12 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro 2007-04-23 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help 2007-04-23 20:11 <DIR> dr-h----- C:\MSOCache 2007-04-23 17:19 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-04-23 17:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-23 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet 2007-04-23 16:44 <DIR> d-------- C:\Program Files\Bonjour 2007-04-23 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-04-23 15:40 <DIR> d-------- C:\Program Files\Star Downloader 2007-04-23 13:27 <DIR> d-------- C:\Program Files\Real Alternative 2007-04-23 13:27 <DIR> d-------- C:\Program Files\Media Player Classic 2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Real 2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real 2007-04-23 13:23 <DIR> d-------- C:\Program Files\VLC Media Player 2007-04-23 13:23 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\vlc 2007-04-23 13:22 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Media Player Classic 2007-04-23 13:05 <DIR> d-------- C:\Program Files\iRemote 2007-04-23 12:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-23 12:49 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-23 04:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-23 04:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys 2007-04-23 04:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-23 04:10 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-23 04:10 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-04-23 04:10 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-23 04:10 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-23 04:10 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-23 04:10 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-23 04:10 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-23 04:10 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-04-23 04:10 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-23 04:10 69,120 --a------ C:\WINDOWS\notepad.exe 2007-04-23 04:10 68,768 --a------ C:\WINDOWS\system\mmsystem.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-23 04:10 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-23 04:10 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-23 04:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-23 04:10 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-23 04:10 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-23 04:10 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-23 04:10 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-23 04:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-23 04:10 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-23 04:10 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-23 04:10 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-23 04:10 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-23 04:10 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents 2007-04-23 03:49 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2007-04-23 03:48 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2007-04-23 03:48 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll 2007-04-23 03:48 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2007-04-23 03:48 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2007-04-23 03:48 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll 2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll 2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101.dll 2007-04-23 03:48 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll 2007-04-23 03:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-04-23 03:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-04-23 03:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-04-23 03:38 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-04-23 03:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\provisioning 2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\peernet 2007-04-23 03:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-04-23 03:17 <DIR> d-------- C:\WINDOWS\EHome 2007-04-23 03:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Azureus 2007-04-23 03:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-23 03:10 <DIR> d-------- C:\Program Files\Adaware 2007-04-23 03:10 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Lavasoft 2007-04-23 03:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy 2007-04-23 03:04 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-23 03:04 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-04-23 03:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AntiVir PersonalEdition Classic 2007-04-23 02:59 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-04-23 02:59 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-04-23 02:59 <DIR> d-------- C:\Program Files\ASf to MPG 2007-04-23 02:58 <DIR> d-------- C:\Program Files\Skype 2007-04-23 02:58 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Skype 2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype 2007-04-23 02:45 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-04-23 02:45 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-04-23 02:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-04-23 02:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1.WIN\ntuser.dat 2007-04-23 02:42 947,472 --a------ C:\WINDOWS\system32\msjava.dll 2007-04-23 02:42 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll 2007-04-23 02:42 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-04-23 02:42 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2007-04-23 02:42 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-04-23 02:42 404,752 --a------ C:\WINDOWS\system32\javart.dll 2007-04-23 02:42 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2007-04-23 02:42 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll 2007-04-23 02:42 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll 2007-04-23 02:42 187,152 --a------ C:\WINDOWS\system32\javacypt.dll 2007-04-23 02:42 172,304 --a------ C:\WINDOWS\system32\jview.exe 2007-04-23 02:42 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2007-04-23 02:42 171,280 --a------ C:\WINDOWS\system32\jit.dll 2007-04-23 02:42 154,384 --a------ C:\WINDOWS\system32\msawt.dll 2007-04-23 02:42 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe 2007-04-23 02:42 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-04-23 02:41 <DIR> d-------- C:\Program Files\Azureus 2007-04-23 02:37 36 --a------ C:\WINDOWS\system32\azi.dat 2007-04-23 02:37 <DIR> d-------- C:\Program Files\Azureus Installer 2007-04-23 02:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll 2007-04-23 02:14 <DIR> d-------- C:\WINDOWS\system32\bits 2007-04-23 02:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-04-23 02:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-04-23 02:11 1,416 --a------ C:\WINDOWS\mozver.dat 2007-04-23 02:06 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-04-23 02:06 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-04-23 02:06 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-04-23 02:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-04-23 02:01 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-23 02:01 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-23 02:01 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-23 02:01 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-23 02:01 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-23 02:01 127,256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-23 02:01 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-23 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage 2007-04-23 01:49 <DIR> d-------- C:\Program Files\Winamp 2007-04-23 01:47 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-23 01:47 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Talkback 2007-04-23 01:42 <DIR> d-------- C:\Program Files\iPod 2007-04-23 01:42 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Apple Computer 2007-04-23 01:41 <DIR> d-------- C:\Program Files\QuickTime 2007-04-23 01:41 <DIR> d-------- C:\Program Files\iTunes 2007-04-23 01:41 <DIR> d-------- C:\Program Files\Apple Software Update 2007-04-23 01:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer 2007-04-23 01:39 <DIR> d--hs---- C:\RECYCLER 2007-04-23 01:38 <DIR> d-------- C:\DOCUME~1\SAMN~1\Contacts 2007-04-23 01:37 <DIR> d-------- C:\Program Files\MSN Messenger 2007-04-23 01:36 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-04-23 01:36 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL 2007-04-23 01:36 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL 2007-04-23 01:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-23 01:36 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL 2007-04-23 01:36 53,552 --------- C:\WINDOWS\CTCCW.DLL 2007-04-23 01:36 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL 2007-04-23 01:36 24,976 --------- C:\WINDOWS\CTRES.DLL 2007-04-23 01:36 20,480 --a------ C:\WINDOWS\INRES.DLL 2007-04-23 01:36 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL 2007-04-23 01:36 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL 2007-04-23 01:36 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-04-23 01:36 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT 2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Defaults 2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Data 2007-04-23 01:35 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL 2007-04-23 01:35 49,152 --a------ C:\WINDOWS\CTDCRES.DLL 2007-04-23 01:35 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL 2007-04-23 01:35 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE 2007-04-23 01:35 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2007-04-23 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Creative 2007-04-23 01:31 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS 2007-04-23 01:31 41,984 --------- C:\WINDOWS\CTRegRun.exe 2007-04-23 01:31 <DIR> d-------- C:\Program Files\Creative 2007-04-23 01:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-04-23 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Symantec 2007-04-23 01:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-04-23 01:16 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2007-04-23 01:15 <DIR> d-------- C:\WINDOWS\Profiles 2007-04-23 01:14 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-04-23 01:14 172,032 --a------ C:\WINDOWS\system32\igfxres.dll 2007-04-23 01:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\InterTrust 2007-04-23 01:12 701,840 --a------ C:\WINDOWS\system32\igmedkrn.dll 2007-04-23 01:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll 2007-04-23 01:12 528,384 --a------ C:\WINDOWS\system32\igfxcfg.exe 2007-04-23 01:12 5,700,096 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys 2007-04-23 01:12 47,616 --a------ C:\WINDOWS\system32\igfxsrvc.dll 2007-04-23 01:12 393,216 --a------ C:\WINDOWS\system32\igxpun.exe 2007-04-23 01:12 319,456 --a------ C:\WINDOWS\system32\difxapi.dll 2007-04-23 01:12 309,760 -ra------ C:\WINDOWS\system32\difx32.dll 2007-04-23 01:12 3,293,184 --a------ C:\WINDOWS\system32\igfxress.dll 2007-04-23 01:12 245,760 --a------ C:\WINDOWS\system32\igfxsrvc.exe 2007-04-23 01:12 24,576 --a------ C:\WINDOWS\system32\igfxexps.dll 2007-04-23 01:12 204,800 --a------ C:\WINDOWS\system32\igfxdev.dll 2007-04-23 01:12 200,704 --a------ C:\WINDOWS\system32\igfxpph.dll 2007-04-23 01:12 2,555,904 --a------ C:\WINDOWS\system32\igxpdx32.dll 2007-04-23 01:12 2,383,872 --a------ C:\WINDOWS\system32\ig4icd32.dll 2007-04-23 01:12 192,512 -ra------ C:\WINDOWS\system32\igfxCoIn_v4624.dll 2007-04-23 01:12 163,840 --a------ C:\WINDOWS\system32\igfxzoom.exe 2007-04-23 01:12 159,744 --a------ C:\WINDOWS\system32\igfxext.exe 2007-04-23 01:12 155,648 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-04-23 01:12 149,504 --a------ C:\WINDOWS\system32\igxpgd32.dll 2007-04-23 01:12 135,168 --a------ C:\WINDOWS\system32\igfxdo.dll 2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe 2007-04-23 01:12 102,400 --a------ C:\WINDOWS\system32\hccutils.dll 2007-04-23 01:12 1,612,576 --a------ C:\WINDOWS\system32\igxpdv32.dll 2007-04-23 01:12 1,486,848 --a------ C:\WINDOWS\system32\ig4dev32.dll 2007-04-23 01:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-04-23 01:12 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-04-23 01:09 86,016 --------- C:\WINDOWS\system32\stacsv.exe 2007-04-23 01:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-23 01:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-23 01:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-23 01:09 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-23 01:09 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-04-23 01:09 41,728 --a------ C:\WINDOWS\system32\drivers\sfng32.sys 2007-04-23 01:09 282,624 --a------ C:\WINDOWS\sttray.exe 2007-04-23 01:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-23 01:09 217,088 --a------ C:\WINDOWS\system32\stacapi.dll 2007-04-23 01:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-23 01:09 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-23 01:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-23 01:09 117,248 --a------ C:\WINDOWS\system32\staco.dll 2007-04-23 01:09 1,177,032 --a------ C:\WINDOWS\system32\drivers\sthda.sys 2007-04-23 01:09 1,069,056 --a------ C:\WINDOWS\system32\stlang.dll 2007-04-23 01:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-04-23 01:09 <DIR> d-------- C:\Program Files\SigmaTel 2007-04-23 01:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-04-23 01:07 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll 2007-04-23 01:07 21,504 -ra------ C:\WINDOWS\system32\NicCo.dll 2007-04-23 01:07 20,992 -ra------ C:\WINDOWS\system32\NicInst.dll 2007-04-23 01:07 163,328 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys 2007-04-23 01:07 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe 2007-04-23 01:06 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-04-23 01:06 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-04-23 01:06 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-04-23 01:06 82,432 --a------ C:\WINDOWS\system32\dmscript.dll 2007-04-23 01:06 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-04-23 01:06 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-04-23 01:06 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-04-23 01:06 70,656 --a------ C:\WINDOWS\system32\amstream.dll 2007-04-23 01:06 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-04-23 01:06 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-04-23 01:06 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-04-23 01:06 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-04-23 01:06 59,904 --a------ C:\WINDOWS\system32\devenum.dll 2007-04-23 01:06 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-04-23 01:06 562,176 --a------ C:\WINDOWS\system32\qedit.dll 2007-04-23 01:06 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-04-23 01:06 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-04-23 01:06 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-04-23 01:06 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-04-23 01:06 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-04-23 01:06 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-04-23 01:06 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-04-23 01:06 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll 2007-04-23 01:06 385,024 --a------ C:\WINDOWS\system32\qdvd.dll 2007-04-23 01:06 375,296 --a------ C:\WINDOWS\system32\dpnet.dll 2007-04-23 01:06 367,616 --a------ C:\WINDOWS\system32\dsound.dll 2007-04-23 01:06 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-04-23 01:06 35,840 --a------ C:\WINDOWS\system32\dmloader.dll 2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-04-23 01:06 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-04-23 01:06 28,672 --a------ C:\WINDOWS\system32\dmband.dll 2007-04-23 01:06 279,040 --a------ C:\WINDOWS\system32\qdv.dll 2007-04-23 01:06 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-04-23 01:06 266,240 --a------ C:\WINDOWS\system32\ddraw.dll 2007-04-23 01:06 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-04-23 01:06 229,888 --a------ C:\WINDOWS\system32\dplayx.dll 2007-04-23 01:06 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-04-23 01:06 211,456 --a------ C:\WINDOWS\system32\qasf.dll 2007-04-23 01:06 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-04-23 01:06 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-04-23 01:06 20,480 --a------ C:\WINDOWS\system32\encapi.dll 2007-04-23 01:06 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-04-23 01:06 192,512 --a------ C:\WINDOWS\system32\qcap.dll 2007-04-23 01:06 19,456 --a------ C:\WINDOWS\system32\dswave.dll 2007-04-23 01:06 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-04-23 01:06 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-04-23 01:06 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-04-23 01:06 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-04-23 01:06 17,408 --a------ C:\WINDOWS\system32\msyuv.dll 2007-04-23 01:06 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-04-23 01:06 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-04-23 01:06 14,336 --a------ C:\WINDOWS\system32\msdmo.dll 2007-04-23 01:06 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-04-23 01:06 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-04-23 01:06 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-04-23 01:06 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-04-23 01:06 104,448 --a------ C:\WINDOWS\system32\dmusic.dll 2007-04-23 01:06 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-04-23 01:06 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-04-23 01:06 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll 2007-04-23 01:06 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-04-23 01:06 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-04-23 01:06 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-04-23 01:06 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll 2007-04-23 01:06 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-04-23 01:06 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll 2007-04-23 01:06 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-04-23 01:05 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-04-23 01:05 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-23 01:05 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-04-23 01:05 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2007-04-23 01:05 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-04-23 01:05 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2007-04-23 01:05 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-04-23 01:05 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-04-23 01:05 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2007-04-23 01:05 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-04-23 01:05 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-23 01:05 <DIR> d-------- C:\Program Files\Intel 2007-04-23 01:03 <DIR> d-------- C:\TempEI4 2007-04-23 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-04-23 00:34 <DIR> dr------- C:\Program Files 2007-04-23 00:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents 2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-04-23 00:33 <DIR> d-------- C:\Documents and Settings 2007-04-23 00:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-04-23 00:30 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-04-23 00:30 <DIR> dr------- C:\WINDOWS\Web 2007-04-23 00:30 <DIR> d--h----- C:\WINDOWS\inf 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\WinSxS 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\twain_32 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wins 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\spool 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ras 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\npp 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\mui 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\IME 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ias 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\export 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\config 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3076 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\2052 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1054 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1042 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1041 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1037 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1033 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1031 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1028 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1025 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\security 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Resources 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\repair 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\mui 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msapps 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msagent 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Media 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\ime 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Help 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Debug 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Cursors 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Config 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\AppPatch 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\addins 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS 2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT 2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT 2007-04-22 18:48 4,456,448 --a------ C:\DOCUME~1\SAMN~1\NTUSER.DAT 2007-04-22 18:45 229,376 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT 2007-04-22 18:45 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-22 18:45 0 -rahs---- C:\MSDOS.SYS 2007-04-22 18:45 0 -rahs---- C:\IO.SYS 2007-04-22 18:45 0 --a------ C:\CONFIG.SYS 2007-04-22 18:45 0 --a------ C:\AUTOEXEC.BAT 2007-04-22 18:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM 2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-22 18:44 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-22 18:44 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-22 18:44 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-22 18:44 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-22 18:44 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-22 18:44 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-22 18:44 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-22 18:44 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-22 18:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-22 18:44 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-22 18:44 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-22 18:44 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-22 18:44 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-22 18:44 274,944 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-22 18:44 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-22 18:44 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-22 18:44 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-22 18:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-22 18:44 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-22 18:44 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-22 18:44 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-22 18:44 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-22 18:44 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-22 18:43 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-22 18:43 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-22 18:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-22 18:43 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-22 18:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-22 18:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-22 18:43 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-22 18:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-22 18:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-22 18:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-22 18:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-22 18:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-22 18:43 60,416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-22 18:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-22 18:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-22 18:43 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-04-22 18:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-22 18:43 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-22 18:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-22 18:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-22 18:43 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-04-22 18:43 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-22 18:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-22 18:43 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-22 18:43 407,552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-22 18:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-22 18:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-22 18:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-22 18:43 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-22 18:43 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-22 18:43 295,424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-22 18:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-22 18:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-22 18:43 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-22 18:43 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-22 18:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-22 18:43 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-22 18:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-22 18:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-22 18:43 185,344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-22 18:43 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-22 18:43 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-22 18:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-22 18:43 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-22 18:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-22 18:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-22 18:43 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-22 18:43 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-22 18:43 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-22 18:43 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-22 18:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-22 18:43 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-22 18:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-22 18:43 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-22 18:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-22 18:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-22 18:43 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-04-22 18:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-22 18:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-22 18:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-22 18:43 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-22 18:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-22 18:43 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-22 16:44 524,288 --ah----- C:\DOCUME~1\SAMNGA~1\NTUSER.DAT 2007-04-22 16:44 <DIR> d--hs---- C:\WINDOWS\Installer 2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-22 16:43 <DIR> d--hs---- C:\System Volume Information 2007-04-22 16:41 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-22 16:41 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-04-22 16:41 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-04-22 16:41 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-22 16:41 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-04-22 16:41 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-04-22 16:40 <DIR> d---s---- C:\WINDOWS\Tasks 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\srchasst 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\PCHealth 2007-04-22 16:40 <DIR> d-------- C:\Program Files\Movie Maker 2007-04-22 16:40 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-04-22 16:39 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\Com 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\Registration 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Windows NT 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Online Services 2007-04-22 16:39 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Messenger (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-08 08:16:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Azureus 2007-05-07 14:45:46 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Skype 2007-05-06 06:58:05 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Ahead 2007-04-29 13:23:23 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Hamachi 2007-04-26 06:09:40 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-04-23 12:07:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-23 06:23:45 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Apple Computer 2007-04-23 03:57:25 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Real 2007-04-23 03:53:49 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\vlc 2007-04-23 03:53:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Media Player Classic 2007-04-22 17:40:32 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Lavasoft 2007-04-22 16:17:35 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Talkback 2007-04-22 15:44:57 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\InterTrust 2007-03-21 11:24:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL 2007-03-21 11:24:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE 2007-03-21 11:24:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 02:53:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll 2007-03-15 02:49:58 526,184 ----a-w C:\WI

SifuMike View Member Profile	May 10 2007, 11:19 AM Post #8
malware expert Group: HJT Team Posts: 12,479 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi ymonkee, I looks like you posted a partial ComboFix log, as it is much longer. Please post the entire log. It should be in c:\combofix.txt This post has been edited by SifuMike: May 10 2007, 11:39 AM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

ymonkee View Member Profile	May 11 2007, 08:11 AM Post #9
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Hi sifumike. i think my post got cut off bcos i reached the word limit (?). Here's the same log, re-posted. "Sam n" - 2007-05-09 1:21:32 Service Pack 2 ComboFix 07-05.07.3.V - Running from: "F:\Sam\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 )))))))))))))))))))))))))))))))))) 2007-05-06 22:22 <DIR> d-------- C:\Program Files\CCleaner 2007-05-06 20:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-05-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-05-03 01:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Media Player Classic 2007-04-30 19:41 <DIR> d-------- C:\Program Files\WatchThis 2007-04-30 13:56 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-30 00:51 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys 2007-04-30 00:51 94,208 --a------ C:\WINDOWS\DEVREG.DLL 2007-04-30 00:51 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys 2007-04-30 00:51 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL 2007-04-30 00:51 65,536 --a------ C:\WINDOWS\system32\a3d.dll 2007-04-30 00:51 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL 2007-04-30 00:51 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE 2007-04-30 00:51 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL 2007-04-30 00:51 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE 2007-04-30 00:51 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\sfman32.dll 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE 2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL 2007-04-30 00:51 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL 2007-04-30 00:51 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL 2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80651102}.dat 2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80651102}.dat 2007-04-30 00:51 213,860 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys 2007-04-30 00:51 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys 2007-04-30 00:51 184,320 --a------ C:\WINDOWS\PSCONV.EXE 2007-04-30 00:51 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat 2007-04-30 00:51 176,128 --a------ C:\WINDOWS\READREG.EXE 2007-04-30 00:51 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat 2007-04-30 00:51 156,604 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys 2007-04-30 00:51 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL 2007-04-30 00:51 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL 2007-04-30 00:51 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys 2007-04-30 00:51 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat 2007-04-30 00:51 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT 2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL 2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL 2007-04-30 00:51 11,068 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys 2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL 2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL 2007-04-29 22:53 <DIR> d-------- C:\Program Files\directx 2007-04-26 16:35 737,280 --a------ C:\WINDOWS\iun6002.exe 2007-04-24 17:34 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Ahead 2007-04-24 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-04-24 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero 2007-04-24 01:32 204,800 --a------ C:\WINDOWS\system32\igfxCoIn_v4785.dll 2007-04-24 01:32 <DIR> d-------- C:\Intel 2007-04-24 00:46 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-04-24 00:46 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Hamachi 2007-04-23 21:40 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-04-23 21:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-04-23 21:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-04-23 21:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-04-23 21:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-04-23 21:40 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-04-23 21:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-04-23 21:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-04-23 21:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-04-23 21:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-04-23 21:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-04-23 21:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-04-23 21:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-04-23 21:40 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-04-23 21:35 626,688 --a------ C:\WINDOWS\system\msvcr80.dll 2007-04-23 21:24 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-04-23 20:32 <DIR> d-------- C:\DOCUME~1\SAMN~1\WINDOWS 2007-04-23 20:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll 2007-04-23 20:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-04-23 20:15 <DIR> d-------- C:\Program Files\Microsoft Works 2007-04-23 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-04-23 20:12 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro 2007-04-23 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help 2007-04-23 20:11 <DIR> dr-h----- C:\MSOCache 2007-04-23 17:19 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-04-23 17:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-04-23 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet 2007-04-23 16:44 <DIR> d-------- C:\Program Files\Bonjour 2007-04-23 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-04-23 15:40 <DIR> d-------- C:\Program Files\Star Downloader 2007-04-23 13:27 <DIR> d-------- C:\Program Files\Real Alternative 2007-04-23 13:27 <DIR> d-------- C:\Program Files\Media Player Classic 2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Real 2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real 2007-04-23 13:23 <DIR> d-------- C:\Program Files\VLC Media Player 2007-04-23 13:23 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\vlc 2007-04-23 13:22 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Media Player Classic 2007-04-23 13:05 <DIR> d-------- C:\Program Files\iRemote 2007-04-23 12:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-23 12:49 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-23 04:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-23 04:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys 2007-04-23 04:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-23 04:10 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-23 04:10 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-04-23 04:10 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-23 04:10 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-23 04:10 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-23 04:10 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-23 04:10 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-23 04:10 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-04-23 04:10 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-23 04:10 69,120 --a------ C:\WINDOWS\notepad.exe 2007-04-23 04:10 68,768 --a------ C:\WINDOWS\system\mmsystem.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-23 04:10 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-23 04:10 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-23 04:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-23 04:10 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-23 04:10 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-23 04:10 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-23 04:10 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-23 04:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-23 04:10 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-23 04:10 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-23 04:10 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-23 04:10 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-23 04:10 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents 2007-04-23 03:49 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll 2007-04-23 03:48 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll 2007-04-23 03:48 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll 2007-04-23 03:48 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll 2007-04-23 03:48 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll 2007-04-23 03:48 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll 2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll 2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll 2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll 2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101.dll 2007-04-23 03:48 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll 2007-04-23 03:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-04-23 03:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-04-23 03:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-04-23 03:38 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-04-23 03:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\provisioning 2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\peernet 2007-04-23 03:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-04-23 03:17 <DIR> d-------- C:\WINDOWS\EHome 2007-04-23 03:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Azureus 2007-04-23 03:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-23 03:10 <DIR> d-------- C:\Program Files\Adaware 2007-04-23 03:10 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Lavasoft 2007-04-23 03:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy 2007-04-23 03:04 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys 2007-04-23 03:04 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys 2007-04-23 03:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AntiVir PersonalEdition Classic 2007-04-23 02:59 4,569 --------- C:\WINDOWS\system32\secupd.dat 2007-04-23 02:59 11,776 --------- C:\WINDOWS\system32\spnpinst.exe 2007-04-23 02:59 <DIR> d-------- C:\Program Files\ASf to MPG 2007-04-23 02:58 <DIR> d-------- C:\Program Files\Skype 2007-04-23 02:58 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Skype 2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype 2007-04-23 02:45 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-04-23 02:45 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-04-23 02:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-04-23 02:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1.WIN\ntuser.dat 2007-04-23 02:42 947,472 --a------ C:\WINDOWS\system32\msjava.dll 2007-04-23 02:42 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll 2007-04-23 02:42 6,550 --a------ C:\WINDOWS\jautoexp.dat 2007-04-23 02:42 49,424 --a------ C:\WINDOWS\system32\clspack.exe 2007-04-23 02:42 46,352 --a------ C:\WINDOWS\setdebug.exe 2007-04-23 02:42 404,752 --a------ C:\WINDOWS\system32\javart.dll 2007-04-23 02:42 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2007-04-23 02:42 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll 2007-04-23 02:42 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll 2007-04-23 02:42 187,152 --a------ C:\WINDOWS\system32\javacypt.dll 2007-04-23 02:42 172,304 --a------ C:\WINDOWS\system32\jview.exe 2007-04-23 02:42 171,792 --a------ C:\WINDOWS\system32\wjview.exe 2007-04-23 02:42 171,280 --a------ C:\WINDOWS\system32\jit.dll 2007-04-23 02:42 154,384 --a------ C:\WINDOWS\system32\msawt.dll 2007-04-23 02:42 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe 2007-04-23 02:42 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedon.reg 2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedoff.reg 2007-04-23 02:41 <DIR> d-------- C:\Program Files\Azureus 2007-04-23 02:37 36 --a------ C:\WINDOWS\system32\azi.dat 2007-04-23 02:37 <DIR> d-------- C:\Program Files\Azureus Installer 2007-04-23 02:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll 2007-04-23 02:14 <DIR> d-------- C:\WINDOWS\system32\bits 2007-04-23 02:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-04-23 02:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-04-23 02:11 1,416 --a------ C:\WINDOWS\mozver.dat 2007-04-23 02:06 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll 2007-04-23 02:06 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll 2007-04-23 02:06 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-04-23 02:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-04-23 02:01 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-23 02:01 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-23 02:01 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-23 02:01 173,536 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-23 02:01 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-23 02:01 127,256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-23 02:01 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-23 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage 2007-04-23 01:49 <DIR> d-------- C:\Program Files\Winamp 2007-04-23 01:47 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-23 01:47 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Talkback 2007-04-23 01:42 <DIR> d-------- C:\Program Files\iPod 2007-04-23 01:42 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Apple Computer 2007-04-23 01:41 <DIR> d-------- C:\Program Files\QuickTime 2007-04-23 01:41 <DIR> d-------- C:\Program Files\iTunes 2007-04-23 01:41 <DIR> d-------- C:\Program Files\Apple Software Update 2007-04-23 01:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer 2007-04-23 01:39 <DIR> d--hs---- C:\RECYCLER 2007-04-23 01:38 <DIR> d-------- C:\DOCUME~1\SAMN~1\Contacts 2007-04-23 01:37 <DIR> d-------- C:\Program Files\MSN Messenger 2007-04-23 01:36 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-04-23 01:36 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL 2007-04-23 01:36 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL 2007-04-23 01:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-23 01:36 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL 2007-04-23 01:36 53,552 --------- C:\WINDOWS\CTCCW.DLL 2007-04-23 01:36 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL 2007-04-23 01:36 24,976 --------- C:\WINDOWS\CTRES.DLL 2007-04-23 01:36 20,480 --a------ C:\WINDOWS\INRES.DLL 2007-04-23 01:36 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL 2007-04-23 01:36 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL 2007-04-23 01:36 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-04-23 01:36 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT 2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Defaults 2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Data 2007-04-23 01:35 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL 2007-04-23 01:35 49,152 --a------ C:\WINDOWS\CTDCRES.DLL 2007-04-23 01:35 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL 2007-04-23 01:35 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE 2007-04-23 01:35 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll 2007-04-23 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Creative 2007-04-23 01:31 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS 2007-04-23 01:31 41,984 --------- C:\WINDOWS\CTRegRun.exe 2007-04-23 01:31 <DIR> d-------- C:\Program Files\Creative 2007-04-23 01:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-04-23 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Symantec 2007-04-23 01:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-04-23 01:16 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2007-04-23 01:15 <DIR> d-------- C:\WINDOWS\Profiles 2007-04-23 01:14 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-04-23 01:14 172,032 --a------ C:\WINDOWS\system32\igfxres.dll 2007-04-23 01:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\InterTrust 2007-04-23 01:12 701,840 --a------ C:\WINDOWS\system32\igmedkrn.dll 2007-04-23 01:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll 2007-04-23 01:12 528,384 --a------ C:\WINDOWS\system32\igfxcfg.exe 2007-04-23 01:12 5,700,096 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys 2007-04-23 01:12 47,616 --a------ C:\WINDOWS\system32\igfxsrvc.dll 2007-04-23 01:12 393,216 --a------ C:\WINDOWS\system32\igxpun.exe 2007-04-23 01:12 319,456 --a------ C:\WINDOWS\system32\difxapi.dll 2007-04-23 01:12 309,760 -ra------ C:\WINDOWS\system32\difx32.dll 2007-04-23 01:12 3,293,184 --a------ C:\WINDOWS\system32\igfxress.dll 2007-04-23 01:12 245,760 --a------ C:\WINDOWS\system32\igfxsrvc.exe 2007-04-23 01:12 24,576 --a------ C:\WINDOWS\system32\igfxexps.dll 2007-04-23 01:12 204,800 --a------ C:\WINDOWS\system32\igfxdev.dll 2007-04-23 01:12 200,704 --a------ C:\WINDOWS\system32\igfxpph.dll 2007-04-23 01:12 2,555,904 --a------ C:\WINDOWS\system32\igxpdx32.dll 2007-04-23 01:12 2,383,872 --a------ C:\WINDOWS\system32\ig4icd32.dll 2007-04-23 01:12 192,512 -ra------ C:\WINDOWS\system32\igfxCoIn_v4624.dll 2007-04-23 01:12 163,840 --a------ C:\WINDOWS\system32\igfxzoom.exe 2007-04-23 01:12 159,744 --a------ C:\WINDOWS\system32\igfxext.exe 2007-04-23 01:12 155,648 --a------ C:\WINDOWS\system32\hkcmd.exe 2007-04-23 01:12 149,504 --a------ C:\WINDOWS\system32\igxpgd32.dll 2007-04-23 01:12 135,168 --a------ C:\WINDOWS\system32\igfxdo.dll 2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxtray.exe 2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe 2007-04-23 01:12 102,400 --a------ C:\WINDOWS\system32\hccutils.dll 2007-04-23 01:12 1,612,576 --a------ C:\WINDOWS\system32\igxpdv32.dll 2007-04-23 01:12 1,486,848 --a------ C:\WINDOWS\system32\ig4dev32.dll 2007-04-23 01:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-04-23 01:12 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-04-23 01:09 86,016 --------- C:\WINDOWS\system32\stacsv.exe 2007-04-23 01:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-23 01:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-23 01:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-23 01:09 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-23 01:09 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-04-23 01:09 41,728 --a------ C:\WINDOWS\system32\drivers\sfng32.sys 2007-04-23 01:09 282,624 --a------ C:\WINDOWS\sttray.exe 2007-04-23 01:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-23 01:09 217,088 --a------ C:\WINDOWS\system32\stacapi.dll 2007-04-23 01:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-23 01:09 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-23 01:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-23 01:09 117,248 --a------ C:\WINDOWS\system32\staco.dll 2007-04-23 01:09 1,177,032 --a------ C:\WINDOWS\system32\drivers\sthda.sys 2007-04-23 01:09 1,069,056 --a------ C:\WINDOWS\system32\stlang.dll 2007-04-23 01:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-04-23 01:09 <DIR> d-------- C:\Program Files\SigmaTel 2007-04-23 01:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-04-23 01:07 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll 2007-04-23 01:07 21,504 -ra------ C:\WINDOWS\system32\NicCo.dll 2007-04-23 01:07 20,992 -ra------ C:\WINDOWS\system32\NicInst.dll 2007-04-23 01:07 163,328 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys 2007-04-23 01:07 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe 2007-04-23 01:06 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-04-23 01:06 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-04-23 01:06 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-04-23 01:06 82,432 --a------ C:\WINDOWS\system32\dmscript.dll 2007-04-23 01:06 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-04-23 01:06 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-04-23 01:06 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-04-23 01:06 70,656 --a------ C:\WINDOWS\system32\amstream.dll 2007-04-23 01:06 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-04-23 01:06 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-04-23 01:06 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-04-23 01:06 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-04-23 01:06 59,904 --a------ C:\WINDOWS\system32\devenum.dll 2007-04-23 01:06 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-04-23 01:06 562,176 --a------ C:\WINDOWS\system32\qedit.dll 2007-04-23 01:06 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-04-23 01:06 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-04-23 01:06 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-04-23 01:06 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-04-23 01:06 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-04-23 01:06 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-04-23 01:06 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-04-23 01:06 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll 2007-04-23 01:06 385,024 --a------ C:\WINDOWS\system32\qdvd.dll 2007-04-23 01:06 375,296 --a------ C:\WINDOWS\system32\dpnet.dll 2007-04-23 01:06 367,616 --a------ C:\WINDOWS\system32\dsound.dll 2007-04-23 01:06 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-04-23 01:06 35,840 --a------ C:\WINDOWS\system32\dmloader.dll 2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-04-23 01:06 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-04-23 01:06 28,672 --a------ C:\WINDOWS\system32\dmband.dll 2007-04-23 01:06 279,040 --a------ C:\WINDOWS\system32\qdv.dll 2007-04-23 01:06 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-04-23 01:06 266,240 --a------ C:\WINDOWS\system32\ddraw.dll 2007-04-23 01:06 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-04-23 01:06 229,888 --a------ C:\WINDOWS\system32\dplayx.dll 2007-04-23 01:06 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-04-23 01:06 211,456 --a------ C:\WINDOWS\system32\qasf.dll 2007-04-23 01:06 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-04-23 01:06 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-04-23 01:06 20,480 --a------ C:\WINDOWS\system32\encapi.dll 2007-04-23 01:06 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-04-23 01:06 192,512 --a------ C:\WINDOWS\system32\qcap.dll 2007-04-23 01:06 19,456 --a------ C:\WINDOWS\system32\dswave.dll 2007-04-23 01:06 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-04-23 01:06 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-04-23 01:06 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-04-23 01:06 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-04-23 01:06 17,408 --a------ C:\WINDOWS\system32\msyuv.dll 2007-04-23 01:06 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-04-23 01:06 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-04-23 01:06 14,336 --a------ C:\WINDOWS\system32\msdmo.dll 2007-04-23 01:06 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-04-23 01:06 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-04-23 01:06 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-04-23 01:06 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-04-23 01:06 104,448 --a------ C:\WINDOWS\system32\dmusic.dll 2007-04-23 01:06 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-04-23 01:06 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-04-23 01:06 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll 2007-04-23 01:06 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-04-23 01:06 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-04-23 01:06 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-04-23 01:06 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll 2007-04-23 01:06 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-04-23 01:06 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll 2007-04-23 01:06 <DIR> d-------- C:\WINDOWS\RegisteredPackages 2007-04-23 01:05 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-04-23 01:05 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-23 01:05 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-04-23 01:05 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2007-04-23 01:05 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-04-23 01:05 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2007-04-23 01:05 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys 2007-04-23 01:05 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-04-23 01:05 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2007-04-23 01:05 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-04-23 01:05 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-23 01:05 <DIR> d-------- C:\Program Files\Intel 2007-04-23 01:03 <DIR> d-------- C:\TempEI4 2007-04-23 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-04-23 00:34 <DIR> dr------- C:\Program Files 2007-04-23 00:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents 2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-04-23 00:33 <DIR> d-------- C:\Documents and Settings 2007-04-23 00:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-04-23 00:30 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-04-23 00:30 <DIR> dr------- C:\WINDOWS\Web 2007-04-23 00:30 <DIR> d--h----- C:\WINDOWS\inf 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\WinSxS 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\twain_32 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wins 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\spool 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ras 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\npp 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\mui 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\IME 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ias 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\export 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\config 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3076 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\2052 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1054 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1042 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1041 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1037 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1033 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1031 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1028 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1025 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\security 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Resources 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\repair 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\mui 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msapps 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msagent 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Media 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\ime 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Help 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Debug 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Cursors 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Config 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\AppPatch 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\addins 2007-04-23 00:30 <DIR> d-------- C:\WINDOWS 2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT 2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT 2007-04-22 18:48 4,456,448 --a------ C:\DOCUME~1\SAMN~1\NTUSER.DAT 2007-04-22 18:45 229,376 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT 2007-04-22 18:45 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-22 18:45 0 -rahs---- C:\MSDOS.SYS 2007-04-22 18:45 0 -rahs---- C:\IO.SYS 2007-04-22 18:45 0 --a------ C:\CONFIG.SYS 2007-04-22 18:45 0 --a------ C:\AUTOEXEC.BAT 2007-04-22 18:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM 2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-22 18:44 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-22 18:44 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-22 18:44 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-22 18:44 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-22 18:44 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-22 18:44 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-22 18:44 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-22 18:44 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-22 18:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-22 18:44 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-22 18:44 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-22 18:44 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-22 18:44 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-22 18:44 274,944 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-22 18:44 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-22 18:44 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-22 18:44 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-22 18:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-22 18:44 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-22 18:44 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-22 18:44 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-22 18:44 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-22 18:44 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-22 18:43 97,792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-22 18:43 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-22 18:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-22 18:43 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-22 18:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-22 18:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-22 18:43 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-22 18:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-22 18:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-22 18:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-22 18:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-22 18:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-22 18:43 60,416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-22 18:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-22 18:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-22 18:43 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-04-22 18:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-22 18:43 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-22 18:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-22 18:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-22 18:43 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-04-22 18:43 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-22 18:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-22 18:43 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-22 18:43 407,552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-22 18:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-22 18:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-22 18:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-22 18:43 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-22 18:43 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-22 18:43 295,424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-22 18:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-22 18:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-22 18:43 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-22 18:43 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-22 18:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-22 18:43 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-22 18:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-22 18:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-22 18:43 185,344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-22 18:43 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-22 18:43 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-22 18:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-22 18:43 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-22 18:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-22 18:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-22 18:43 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-22 18:43 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-22 18:43 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-22 18:43 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-22 18:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-22 18:43 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-22 18:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-22 18:43 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-22 18:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-22 18:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-22 18:43 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-04-22 18:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-22 18:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-22 18:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-22 18:43 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-22 18:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-22 18:43 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-22 16:44 524,288 --ah----- C:\DOCUME~1\SAMNGA~1\NTUSER.DAT 2007-04-22 16:44 <DIR> d--hs---- C:\WINDOWS\Installer 2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-22 16:43 <DIR> d--hs---- C:\System Volume Information 2007-04-22 16:41 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-22 16:41 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-04-22 16:41 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-04-22 16:41 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-22 16:41 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-04-22 16:41 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-04-22 16:40 <DIR> d---s---- C:\WINDOWS\Tasks 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\srchasst 2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\PCHealth 2007-04-22 16:40 <DIR> d-------- C:\Program Files\Movie Maker 2007-04-22 16:40 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-04-22 16:39 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\Com 2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\Registration 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Windows NT 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Online Services 2007-04-22 16:39 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-04-22 16:39 <DIR> d-------- C:\Program Files\Messenger (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-08 08:16:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Azureus 2007-05-07 14:45:46 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Skype 2007-05-06 06:58:05 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Ahead 2007-04-29 13:23:23 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Hamachi 2007-04-26 06:09:40 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS 2007-04-23 12:07:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-04-23 06:23:45 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Apple Computer 2007-04-23 03:57:25 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Real 2007-04-23 03:53:49 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\vlc 2007-04-23 03:53:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Media Player Classic 2007-04-22 17:40:32 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Lavasoft 2007-04-22 16:17:35 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Talkback 2007-04-22 15:44:57 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\InterTrust 2007-03-21 11:24:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL 2007-03-21 11:24:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE 2007-03-21 11:24:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-15 02:53:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll 2007-03-15 02:49:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll 2007-03-14 09:57:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe 2007-03-14 09:50:38 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-03-14 09:50:36 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-03-14 09:49:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe 2007-03-12 09:24:30 239,152 ----a-w C:\WINDOWS\NuNInst.exe 2007-03-12 09:24:10 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys 2007-03-12 09:24:00 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys 2007-03-12 09:24:00 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys 2007-03-12 09:23:50 118,064 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys 2007-03-12 04:21:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-28 11:23:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" "{FFFFFEF0-5B30-21D4-945D-000000000000}"="C:\PROGRA~1\STARDO~1\SDIEInt.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="sttray.exe" "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\"" "Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\"" "CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC" "PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName" "itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\"" "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe" "Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "SecurDisc"="D:\\Program Files\\Nero 7\\InCD\\NBHGui.exe" "InCD"="D:\\Program Files\\Nero 7\\InCD\\InCD.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Azureus Installer"="\"C:\\Program Files\\Azureus Installer\\Azureus-Installer.exe\" hmw" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater] @="" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup] "CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 WudfServiceGroup WUDFSvc\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-09 01:22:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???:???\'2???A~??A~:???????\???\???????????U?A~??A~\???\????????"`??????C@?\???\??????s:???\??????s\???@'2?A??s@'2??C@?x???`\|?w\?????@ scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 2007-05-09 1:22:37 C:\ComboFix-quarantined-files.txt ... 2007-05-09 01:22

SifuMike View Member Profile	May 11 2007, 09:56 AM Post #10
malware expert Group: HJT Team Posts: 12,479 Joined: 8-January 05 From: Vancouver (not BC) WA (Not DC) USA Member No.: 9,026	Hi ymonkee, The ComboFix log looks clean. How is your computer working? Let's reset you files so they are hidden and protected. Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading deselect Show hidden files and folders. Check the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware This post has been edited by SifuMike: May 11 2007, 09:58 AM -------------------- If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you! Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

ymonkee View Member Profile	May 12 2007, 04:01 AM Post #11
New Member Group: Members Posts: 6 Joined: 30-April 07 Member No.: 127,918	Hi sifumike. .. i'm very happy to report that my computer seems to be in good running order. i haven't had any popups and i've done Anti-virus scans, as well as Adaware and Spybot S&D scans all of which now register me with no immediate threat results. I'm ever grateful for your help and would like to extend a very big thank you to you and this forum. You've saved me from having to format my computer. You're a life saver!

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 04:12 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive