Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Party Poker Popups


  • Please log in to reply
10 replies to this topic

#1 ymonkee

ymonkee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 30 April 2007 - 05:26 AM

Note: it's not just Party Poker but other IE7 hijacks. even when i use Firefox

My "hijackthis" log

Logfile of HijackThis v1.99.1
Scan saved at 7:51:58 PM, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero 7\InCD\InCD.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iRemote\iRemote.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

Edited by ymonkee, 30 April 2007 - 05:35 AM.


BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:02 PM

Posted 04 May 2007 - 09:44 PM

Hello ymonkee,

I am SifuMike and I will be helping you. :thumbsup:

I am not seeing much in your log so lets dig deeper.

You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


******************

Download ATF (Atribune Temp File) Cleaner© by Atribune DO NOT run it yet.

Download and install AVG Anti-Spyware 7.5 (formerly Ewido)
This is a 30 day trial of the program

AVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.
Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.


1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on AVG antispyware in the system tray and uncheck "Start with Windows".
7. Select the "Update" button and click "Start update".
If you are having problems with the updater, manually update with the AVG Antispyware Full database installer from here.
8. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes.
To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly.
A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

1.) Double-click the small BLUE Garbage Can ATF-Cleaner.exe file to run the program.
2.) At the top, under Main choose: Select All
3.) Click the Empty Selected button.

If you use the Firefox browser:
1.) At the top, click Firefox and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use the Opera browser:
1.) At the top, click Opera and choose: Select All
2.) Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Scan with AVG Anti-Spyware 7.5 as follows:

1. Launch AVG Anti-Spyware 7.5, click on the "Scanner" button and choose the "Settings" tab.

Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.

Under "How to Scan?" check all (default).

Under "Possibly unwanted software" check all (default).

Under "What to Scan?" make sure "Scan every file" is selected (default).

Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.

4. IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Make sure that Set all elements to: shows Quarantine
(1)
, if not click on the link and choose Quarantine from the popup menu.
(2) At the bottom of the window click on the Apply all Actions button.
(3) When done, click the Save Scan Report button.
(4) Click the Save Report as button.
Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt.
Save to your desktop.
A copy of each report will also be saved in C:\Program Files\AVG Anti-Spyware 7.5\Reports\
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot to Normal Mode.

******************

Let's look in a different place for signs.

Open HijackThis
Go to 'config'
Go to 'misc tools'
Press the button 'open uninstall manager'
Press 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.

******************

I need you to rename Hijackthis because I believe that you may have an infection that can hide some entries in your log.
  • Please go to the folder where you saved Hijackthis.exe:
    C:\Program Files\HijackThis\HijackThis.exe
  • Right-click on it, then select Rename.
  • Name it something like: AnalyzeThis.exe (or whatever you want)
  • Then double-click AnalyzeThis.exe to scan and then post the new logfile.
When done, submit the BitDefender log, the AVG Anti-Spyware 7.5 log, the [b]uninstall listing
and a fresh Hijackthis log.

Edited by SifuMike, 04 May 2007 - 09:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ymonkee

ymonkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 05 May 2007 - 05:25 AM

Thank you very much for coming to my aid SifuMike. If i hadn't found this site i would've had to reformat my hard drive.... ur a real life saver.

Here is my bit defender log


BitDefender Online Scanner

Scan report generated at: Sat, May 05, 2007 - 17:32:40
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;

Statistics

Time
00:42:01

Files


373335

Folders


6829

Boot Sectors


5

Archives


3611

Packed Files


40023







Results

Identified Viruses


1

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


504254

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm


Infected with: Trojan.Clicker.CM

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm


Disinfection failed

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\39F9IE23\popup[2].htm


Deleted

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm


Infected with: Trojan.Clicker.CM

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm


Disinfection failed

C:\Documents and Settings\Sam n\Local Settings\Temporary Internet Files\Content.IE5\YVJZR0VT\popup[1].htm


Deleted


Here is my AVG log. The scan found nothing.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:10 PM 5/05/2007

+ Scan result:



Nothing found.



::Report end

Here is my uninstall list
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
Azureus
Azureus Installer
Diskeeper Home Edition
DVD Decrypter (Remove Only)
Grand Theft Auto
GTA2
GTA2 Game Hunter
Hamachi 1.0.2.1
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections
iRemote 1.9 Beta
iTunes
Java™ SE Runtime Environment 6 Update 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Ultra Edition
neroxml
PDF Settings
QuickTime
Real Alternative 1.52
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SigmaTel Audio
Skype 3.1
Skype Plugin Manager
Sony Ericsson Themes Creator 3.11
Sound Blaster Live!
Sound Blaster Live! Web 2K/XP
Spybot - Search & Destroy 1.4
Star Downloader Free
Update for Office 2007 (KB932080)
Update for Outlook 2007 Junk Email Filter (KB932338)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver

And finally, here is my hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 7:42:49 PM, on 5/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero 7\InCD\InCD.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WatchThis\WatchThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

Edited by ymonkee, 05 May 2007 - 05:29 AM.


#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:02 PM

Posted 05 May 2007 - 12:20 PM

Hi ymonkee,

I am not seeing much to remove in your log.

You will need to disable Spybot Teatimer, as it will stop registry changes by Hijackthis.
Refer to this site to disable it. http://www.russelltexas.com/malware/teatimer.htm
After we are done with the Hijackthis fix, you can enable it. :thumbsup:

Since we are done with AVG antispyware, you can uninstall it.


Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial


*******************************************

In Normal , select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


These are optinal fixes. The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
(Description: CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it )

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
(Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.

In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Finally, reboot your computer, post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ymonkee

ymonkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 07 May 2007 - 12:18 PM

Hi sifumike,

After monitoring my computer usage for a day, I've noticed that i only appear to be getting the popup hijacks when i use my internet. It happens mostly when i'm surfing with the more i'm surfing, the more frequently it pops up.

When i use my computer for other activities it appears much less.

i've followed all those instructions but i still appear to be getting them. ... What happens is that after i follow ur posts the frequency of the hijacks comes up less, but after a while it comes back more frequently. so i think ur sorta on the right track (i'm guessing).

here's my new hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 2:40:21 AM, on 8/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Nero 7\InCD\InCD.exe
C:\Program Files\Azureus Installer\Azureus-Installer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WatchThis\WatchThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [Azureus Installer] "C:\Program Files\Azureus Installer\Azureus-Installer.exe" hmw
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe

- thanks again for helping me out :thumbsup:

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:02 PM

Posted 07 May 2007 - 12:31 PM

Hi ymonkee,

I've noticed that i only appear to be getting the popup hijacks when i use my internet. It happens mostly when i'm surfing with the more i'm surfing, the more frequently it pops up.


Please tell me about the popups you are getting?
What do the popups say? Any details would be helpful. :thumbsup:
Are they messenger popups?


I am not seeing any malware in your log, so lets dig deeper.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
Disable script blocking if you have Norton Antivirus installed so it will not interfere with the fix.

To disable Norton AntiVirus Script Blocking
Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program.
Click Options. If you see a menu, click Norton AntiVirus.
In the left pane, click Script Blocking.
In the right pane, uncheck Enable Script Blocking (recommended).
Click OK

Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 ymonkee

ymonkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 10 May 2007 - 07:16 AM

Hello SifuMike.

Since using combotfix, i'm pleased to report i've not had a single pop-up in the past 2 days. :D

i'm not sure if this means that i'm cured. ....

Anyway, prior to using combot fix, i copied the popups' address as they came up on ie7. sometimes b4 they loaded properly.

http://www.partypoker.com/marketing/cm.htm?wm=2819465
http://latino.nylonstarz.com/1/
http://gest.ivefound.com/cont/_paypopup/pop.htm
http://www.grandhotelcasino.com/home.asp?b...102_c3211_b2191
http://ad.doubleclick.net/adi/N1684.YesUp/...;sz=800x600;kw=[keyword];ord=[timestamp]?
http://ad.jamster.com.au/landingpages/camp...752030080705536
http://adnetserver.com/?dest=ck-48232&...lid=os&mpt=[CACHEBUSTER]
http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0
http://popunder.adsrevenue.net/links.php?d...file=popnetwork
http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0
http://serving.adsrevenue.clicksor.net/ser...etwork&bk=0
http://www.cheaptraffic.com.au/adsredirect...com.au%2Fexcom1
http://www.myshoppingpage.com/ppc/index1.php
http://popunder.adsrevenue.net/links.php?d...file=popnetwork
http://trafficadmin.net/out/send_out_n_ook...p;cidtor=106432
http://popunder.adsrevenue.net/links.php?d...file=popnetwork
http://popunder.adsrevenue.net/links.php?d...file=popnetwork
http://www.clicksor.com/
http://popunder.adsrevenue.net/links.php?d...file=popnetwork
http://www.partypoker.com/marketing/cm.htm?wm=2819465

Here is my combotfix log ... i had a problem when combotfix automatically restarted after it detected a problem and was preparing a problem. So i had re-restart. But i've since done 2 combotfix logs and haven't noticed any difference between the two. I'll just post up the first one that came up after i re-restarted.

"Sam n" - 2007-05-09 1:21:32 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "F:\Sam\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-06 22:22 <DIR> d-------- C:\Program Files\CCleaner
2007-05-06 20:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-03 01:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Media Player Classic
2007-04-30 19:41 <DIR> d-------- C:\Program Files\WatchThis
2007-04-30 13:56 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-30 00:51 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-04-30 00:51 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2007-04-30 00:51 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-04-30 00:51 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-04-30 00:51 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-30 00:51 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2007-04-30 00:51 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-04-30 00:51 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2007-04-30 00:51 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-04-30 00:51 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2007-04-30 00:51 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2007-04-30 00:51 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80651102}.dat
2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80651102}.dat
2007-04-30 00:51 213,860 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-30 00:51 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-30 00:51 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2007-04-30 00:51 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat
2007-04-30 00:51 176,128 --a------ C:\WINDOWS\READREG.EXE
2007-04-30 00:51 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-04-30 00:51 156,604 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-04-30 00:51 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2007-04-30 00:51 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2007-04-30 00:51 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
2007-04-30 00:51 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat
2007-04-30 00:51 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2007-04-30 00:51 11,068 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2007-04-29 22:53 <DIR> d-------- C:\Program Files\directx
2007-04-26 16:35 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-24 17:34 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Ahead
2007-04-24 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-24 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-04-24 01:32 204,800 --a------ C:\WINDOWS\system32\igfxCoIn_v4785.dll
2007-04-24 01:32 <DIR> d-------- C:\Intel
2007-04-24 00:46 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-24 00:46 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Hamachi
2007-04-23 21:40 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-23 21:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-23 21:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-04-23 21:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-23 21:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-23 21:40 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-04-23 21:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-23 21:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-23 21:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-23 21:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-23 21:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-23 21:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-23 21:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-23 21:40 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-04-23 21:35 626,688 --a------ C:\WINDOWS\system\msvcr80.dll
2007-04-23 21:24 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-23 20:32 <DIR> d-------- C:\DOCUME~1\SAMN~1\WINDOWS
2007-04-23 20:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-04-23 20:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-23 20:15 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-23 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-23 20:12 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-04-23 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-04-23 20:11 <DIR> dr-h----- C:\MSOCache
2007-04-23 17:19 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-23 17:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
2007-04-23 16:44 <DIR> d-------- C:\Program Files\Bonjour
2007-04-23 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-23 15:40 <DIR> d-------- C:\Program Files\Star Downloader
2007-04-23 13:27 <DIR> d-------- C:\Program Files\Real Alternative
2007-04-23 13:27 <DIR> d-------- C:\Program Files\Media Player Classic
2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Real
2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real
2007-04-23 13:23 <DIR> d-------- C:\Program Files\VLC Media Player
2007-04-23 13:23 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\vlc
2007-04-23 13:22 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Media Player Classic
2007-04-23 13:05 <DIR> d-------- C:\Program Files\iRemote
2007-04-23 12:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-23 12:49 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 04:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-23 04:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-04-23 04:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-23 04:10 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-23 04:10 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-23 04:10 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-23 04:10 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-23 04:10 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-23 04:10 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-23 04:10 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-23 04:10 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-23 04:10 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-23 04:10 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-23 04:10 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-23 04:10 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-23 04:10 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-23 04:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 04:10 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-23 04:10 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-23 04:10 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-23 04:10 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-23 04:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-23 04:10 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-23 04:10 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-23 04:10 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-23 04:10 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-23 04:10 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-04-23 03:49 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-04-23 03:48 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-04-23 03:48 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-04-23 03:48 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-04-23 03:48 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-04-23 03:48 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-04-23 03:48 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-04-23 03:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-23 03:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-23 03:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-23 03:38 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-23 03:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\peernet
2007-04-23 03:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-23 03:17 <DIR> d-------- C:\WINDOWS\EHome
2007-04-23 03:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Azureus
2007-04-23 03:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-23 03:10 <DIR> d-------- C:\Program Files\Adaware
2007-04-23 03:10 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Lavasoft
2007-04-23 03:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-04-23 03:04 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-23 03:04 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-23 03:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AntiVir PersonalEdition Classic
2007-04-23 02:59 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-04-23 02:59 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-23 02:59 <DIR> d-------- C:\Program Files\ASf to MPG
2007-04-23 02:58 <DIR> d-------- C:\Program Files\Skype
2007-04-23 02:58 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Skype
2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
2007-04-23 02:45 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-23 02:45 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-23 02:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-23 02:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1.WIN\ntuser.dat
2007-04-23 02:42 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-23 02:42 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-23 02:42 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-23 02:42 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-23 02:42 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-23 02:42 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-23 02:42 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-23 02:42 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-23 02:42 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-23 02:42 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-23 02:42 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-23 02:42 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-23 02:42 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-23 02:42 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-23 02:42 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-23 02:42 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-23 02:41 <DIR> d-------- C:\Program Files\Azureus
2007-04-23 02:37 36 --a------ C:\WINDOWS\system32\azi.dat
2007-04-23 02:37 <DIR> d-------- C:\Program Files\Azureus Installer
2007-04-23 02:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-04-23 02:14 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-23 02:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-23 02:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-23 02:11 1,416 --a------ C:\WINDOWS\mozver.dat
2007-04-23 02:06 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-23 02:06 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-23 02:06 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-23 02:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-23 02:01 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-23 02:01 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-23 02:01 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-23 02:01 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-23 02:01 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-23 02:01 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-23 02:01 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-23 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-04-23 01:49 <DIR> d-------- C:\Program Files\Winamp
2007-04-23 01:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-23 01:47 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Talkback
2007-04-23 01:42 <DIR> d-------- C:\Program Files\iPod
2007-04-23 01:42 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Apple Computer
2007-04-23 01:41 <DIR> d-------- C:\Program Files\QuickTime
2007-04-23 01:41 <DIR> d-------- C:\Program Files\iTunes
2007-04-23 01:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-23 01:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-04-23 01:39 <DIR> d--hs---- C:\RECYCLER
2007-04-23 01:38 <DIR> d-------- C:\DOCUME~1\SAMN~1\Contacts
2007-04-23 01:37 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-23 01:36 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-23 01:36 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2007-04-23 01:36 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2007-04-23 01:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-23 01:36 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2007-04-23 01:36 53,552 --------- C:\WINDOWS\CTCCW.DLL
2007-04-23 01:36 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2007-04-23 01:36 24,976 --------- C:\WINDOWS\CTRES.DLL
2007-04-23 01:36 20,480 --a------ C:\WINDOWS\INRES.DLL
2007-04-23 01:36 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2007-04-23 01:36 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2007-04-23 01:36 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-23 01:36 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-23 01:35 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-04-23 01:35 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2007-04-23 01:35 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2007-04-23 01:35 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2007-04-23 01:35 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-04-23 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Creative
2007-04-23 01:31 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-04-23 01:31 41,984 --------- C:\WINDOWS\CTRegRun.exe
2007-04-23 01:31 <DIR> d-------- C:\Program Files\Creative
2007-04-23 01:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-23 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Symantec
2007-04-23 01:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-23 01:16 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-04-23 01:15 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-23 01:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-23 01:14 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-23 01:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\InterTrust
2007-04-23 01:12 701,840 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-04-23 01:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-04-23 01:12 528,384 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-04-23 01:12 5,700,096 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-04-23 01:12 47,616 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-04-23 01:12 393,216 --a------ C:\WINDOWS\system32\igxpun.exe
2007-04-23 01:12 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2007-04-23 01:12 309,760 -ra------ C:\WINDOWS\system32\difx32.dll
2007-04-23 01:12 3,293,184 --a------ C:\WINDOWS\system32\igfxress.dll
2007-04-23 01:12 245,760 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-04-23 01:12 24,576 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-04-23 01:12 204,800 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-04-23 01:12 200,704 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-04-23 01:12 2,555,904 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-04-23 01:12 2,383,872 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-04-23 01:12 192,512 -ra------ C:\WINDOWS\system32\igfxCoIn_v4624.dll
2007-04-23 01:12 163,840 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-04-23 01:12 159,744 --a------ C:\WINDOWS\system32\igfxext.exe
2007-04-23 01:12 155,648 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-04-23 01:12 149,504 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-04-23 01:12 135,168 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-04-23 01:12 102,400 --a------ C:\WINDOWS\system32\hccutils.dll
2007-04-23 01:12 1,612,576 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-04-23 01:12 1,486,848 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-04-23 01:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-23 01:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-04-23 01:09 86,016 --------- C:\WINDOWS\system32\stacsv.exe
2007-04-23 01:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-23 01:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-23 01:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-23 01:09 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-23 01:09 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-23 01:09 41,728 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
2007-04-23 01:09 282,624 --a------ C:\WINDOWS\sttray.exe
2007-04-23 01:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-23 01:09 217,088 --a------ C:\WINDOWS\system32\stacapi.dll
2007-04-23 01:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-23 01:09 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-23 01:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-23 01:09 117,248 --a------ C:\WINDOWS\system32\staco.dll
2007-04-23 01:09 1,177,032 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2007-04-23 01:09 1,069,056 --a------ C:\WINDOWS\system32\stlang.dll
2007-04-23 01:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-23 01:09 <DIR> d-------- C:\Program Files\SigmaTel
2007-04-23 01:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-23 01:07 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-04-23 01:07 21,504 -ra------ C:\WINDOWS\system32\NicCo.dll
2007-04-23 01:07 20,992 -ra------ C:\WINDOWS\system32\NicInst.dll
2007-04-23 01:07 163,328 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-04-23 01:07 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-04-23 01:06 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-23 01:06 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-23 01:06 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-23 01:06 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-23 01:06 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-23 01:06 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-23 01:06 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-23 01:06 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-23 01:06 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-23 01:06 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-23 01:06 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-23 01:06 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-23 01:06 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-23 01:06 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-23 01:06 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-23 01:06 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-23 01:06 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-23 01:06 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-23 01:06 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-23 01:06 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-23 01:06 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-23 01:06 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-23 01:06 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll
2007-04-23 01:06 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-23 01:06 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-23 01:06 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-23 01:06 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-23 01:06 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-23 01:06 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-23 01:06 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-23 01:06 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-23 01:06 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-23 01:06 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-23 01:06 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-23 01:06 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-23 01:06 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-23 01:06 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-23 01:06 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-23 01:06 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-23 01:06 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-23 01:06 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-23 01:06 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-23 01:06 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-23 01:06 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-23 01:06 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-23 01:06 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-23 01:06 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-23 01:06 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-23 01:06 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-23 01:06 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-23 01:06 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-23 01:06 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-23 01:06 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-23 01:06 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-23 01:06 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-23 01:06 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-23 01:06 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-23 01:06 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-23 01:06 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-23 01:06 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-23 01:06 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-23 01:06 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-23 01:06 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-23 01:06 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-23 01:06 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-23 01:06 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-23 01:05 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2007-04-23 01:05 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-23 01:05 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-04-23 01:05 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-23 01:05 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-23 01:05 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-04-23 01:05 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-23 01:05 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-04-23 01:05 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-23 01:05 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-23 01:05 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-23 01:05 <DIR> d-------- C:\Program Files\Intel
2007-04-23 01:03 <DIR> d-------- C:\TempEI4
2007-04-23 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-23 00:34 <DIR> dr------- C:\Program Files
2007-04-23 00:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-23 00:33 <DIR> d-------- C:\Documents and Settings
2007-04-23 00:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-23 00:30 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-23 00:30 <DIR> dr------- C:\WINDOWS\Web
2007-04-23 00:30 <DIR> d--h----- C:\WINDOWS\inf
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\security
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Resources
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\repair
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\mui
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msapps
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msagent
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Media
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\ime
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Help
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Debug
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Config
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\addins
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS
2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-04-22 18:48 4,456,448 --a------ C:\DOCUME~1\SAMN~1\NTUSER.DAT
2007-04-22 18:45 229,376 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-04-22 18:45 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-22 18:45 0 -rahs---- C:\MSDOS.SYS
2007-04-22 18:45 0 -rahs---- C:\IO.SYS
2007-04-22 18:45 0 --a------ C:\CONFIG.SYS
2007-04-22 18:45 0 --a------ C:\AUTOEXEC.BAT
2007-04-22 18:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-22 18:44 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-22 18:44 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-22 18:44 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-22 18:44 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-22 18:44 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-22 18:44 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-22 18:44 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-22 18:44 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-22 18:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-22 18:44 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-22 18:44 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-22 18:44 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-22 18:44 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-22 18:44 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-22 18:44 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-22 18:44 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-22 18:44 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-22 18:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-22 18:44 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-22 18:44 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-22 18:44 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-22 18:44 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-22 18:44 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-22 18:43 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-22 18:43 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-22 18:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-22 18:43 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-22 18:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-22 18:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-22 18:43 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-22 18:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-22 18:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-22 18:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-22 18:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-22 18:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-22 18:43 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-22 18:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-22 18:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-22 18:43 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-22 18:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-22 18:43 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-22 18:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-22 18:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-22 18:43 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-22 18:43 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-22 18:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-22 18:43 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-22 18:43 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-22 18:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-22 18:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-22 18:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-22 18:43 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-22 18:43 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-22 18:43 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-22 18:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-22 18:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-22 18:43 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-22 18:43 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-22 18:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-22 18:43 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-22 18:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-22 18:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-22 18:43 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-22 18:43 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-22 18:43 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-22 18:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-22 18:43 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-22 18:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-22 18:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-22 18:43 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-22 18:43 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-22 18:43 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-22 18:43 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-22 18:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-22 18:43 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-22 18:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-22 18:43 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-22 18:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-22 18:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-22 18:43 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-22 18:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-22 18:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-22 18:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-22 18:43 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-22 18:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-22 18:43 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-22 16:44 524,288 --ah----- C:\DOCUME~1\SAMNGA~1\NTUSER.DAT
2007-04-22 16:44 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-22 16:43 <DIR> d--hs---- C:\System Volume Information
2007-04-22 16:41 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-22 16:41 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-22 16:41 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-22 16:41 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-22 16:41 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-22 16:41 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-22 16:40 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\PCHealth
2007-04-22 16:40 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-22 16:40 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-22 16:39 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\Registration
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Windows NT
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Online Services
2007-04-22 16:39 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Messenger


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 08:16:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Azureus
2007-05-07 14:45:46 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Skype
2007-05-06 06:58:05 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Ahead
2007-04-29 13:23:23 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Hamachi
2007-04-26 06:09:40 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-04-23 12:07:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-23 06:23:45 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Apple Computer
2007-04-23 03:57:25 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Real
2007-04-23 03:53:49 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\vlc
2007-04-23 03:53:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Media Player Classic
2007-04-22 17:40:32 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Lavasoft
2007-04-22 16:17:35 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Talkback
2007-04-22 15:44:57 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\InterTrust
2007-03-21 11:24:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-21 11:24:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 11:24:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 02:53:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 02:49:58 526,184 ----a-w C:\WI

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:02 PM

Posted 10 May 2007 - 11:19 AM

Hi ymonkee,

I looks like you posted a partial ComboFix log, as it is much longer.
Please post the entire log. It should be in c:\combofix.txt

Edited by SifuMike, 10 May 2007 - 11:39 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 ymonkee

ymonkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 11 May 2007 - 08:11 AM

Hi sifumike.

i think my post got cut off bcos i reached the word limit (?).

Here's the same log, re-posted.

"Sam n" - 2007-05-09 1:21:32 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "F:\Sam\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-06 22:22 <DIR> d-------- C:\Program Files\CCleaner
2007-05-06 20:31 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-05-05 16:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-03 01:06 <DIR> d-------- C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\Media Player Classic
2007-04-30 19:41 <DIR> d-------- C:\Program Files\WatchThis
2007-04-30 13:56 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-30 00:51 998,004 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
2007-04-30 00:51 94,208 --a------ C:\WINDOWS\DEVREG.DLL
2007-04-30 00:51 837,548 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
2007-04-30 00:51 77,824 --a------ C:\WINDOWS\system32\EAXAC3.DLL
2007-04-30 00:51 65,536 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-30 00:51 643,072 --a------ C:\WINDOWS\system32\CTSBLFX.DLL
2007-04-30 00:51 61,440 --a------ C:\WINDOWS\MIDIDEF.EXE
2007-04-30 00:51 53,248 --a------ C:\WINDOWS\system32\AC3API.DLL
2007-04-30 00:51 49,152 --a------ C:\WINDOWS\system32\KILLAPPS.EXE
2007-04-30 00:51 44,055 --a------ C:\WINDOWS\system32\ctdaught.dat
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\REGPLIB.EXE
2007-04-30 00:51 36,864 --a------ C:\WINDOWS\system32\CTEMUPIA.DLL
2007-04-30 00:51 319,488 --a------ C:\WINDOWS\system32\CTDEVCON.DLL
2007-04-30 00:51 270,336 --a------ C:\WINDOWS\system32\SFMS32.DLL
2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000002-80651102}.dat
2007-04-30 00:51 24 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000002-80651102}.dat
2007-04-30 00:51 213,860 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-30 00:51 195,432 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-30 00:51 184,320 --a------ C:\WINDOWS\PSCONV.EXE
2007-04-30 00:51 179,669 --a------ C:\WINDOWS\system32\ctstatic.dat
2007-04-30 00:51 176,128 --a------ C:\WINDOWS\READREG.EXE
2007-04-30 00:51 164,044 --a------ C:\WINDOWS\system32\ctdlang.dat
2007-04-30 00:51 156,604 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
2007-04-30 00:51 155,648 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
2007-04-30 00:51 135,168 --a------ C:\WINDOWS\system32\OPENAL32.DLL
2007-04-30 00:51 127,948 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
2007-04-30 00:51 113,373 --a------ C:\WINDOWS\system32\ctbasicw.dat
2007-04-30 00:51 113,273 --a------ C:\WINDOWS\system32\CTBAS2W.DAT
2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
2007-04-30 00:51 110,592 --a------ C:\WINDOWS\system32\COMMONFX.DLL
2007-04-30 00:51 11,068 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
2007-04-30 00:51 106,496 --a------ C:\WINDOWS\system32\CTASIO.DLL
2007-04-29 22:53 <DIR> d-------- C:\Program Files\directx
2007-04-26 16:35 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-04-24 17:34 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Ahead
2007-04-24 17:32 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-24 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Nero
2007-04-24 01:32 204,800 --a------ C:\WINDOWS\system32\igfxCoIn_v4785.dll
2007-04-24 01:32 <DIR> d-------- C:\Intel
2007-04-24 00:46 26,056 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-04-24 00:46 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Hamachi
2007-04-23 21:40 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-04-23 21:40 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-04-23 21:40 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-04-23 21:40 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-04-23 21:40 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-04-23 21:40 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-04-23 21:40 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-04-23 21:40 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-04-23 21:40 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-04-23 21:40 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-04-23 21:40 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-04-23 21:40 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-04-23 21:40 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-04-23 21:40 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-04-23 21:35 626,688 --a------ C:\WINDOWS\system\msvcr80.dll
2007-04-23 21:24 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-04-23 20:32 <DIR> d-------- C:\DOCUME~1\SAMN~1\WINDOWS
2007-04-23 20:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-04-23 20:24 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-23 20:15 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-23 20:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-23 20:12 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2007-04-23 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Microsoft Help
2007-04-23 20:11 <DIR> dr-h----- C:\MSOCache
2007-04-23 17:19 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-04-23 17:12 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-23 16:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\FLEXnet
2007-04-23 16:44 <DIR> d-------- C:\Program Files\Bonjour
2007-04-23 16:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-04-23 15:40 <DIR> d-------- C:\Program Files\Star Downloader
2007-04-23 13:27 <DIR> d-------- C:\Program Files\Real Alternative
2007-04-23 13:27 <DIR> d-------- C:\Program Files\Media Player Classic
2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Real
2007-04-23 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Real
2007-04-23 13:23 <DIR> d-------- C:\Program Files\VLC Media Player
2007-04-23 13:23 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\vlc
2007-04-23 13:22 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Media Player Classic
2007-04-23 13:05 <DIR> d-------- C:\Program Files\iRemote
2007-04-23 12:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-23 12:52 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-23 12:49 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-23 04:11 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-23 04:11 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-04-23 04:11 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-23 04:10 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-23 04:10 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-23 04:10 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-23 04:10 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-23 04:10 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-23 04:10 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-23 04:10 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-23 04:10 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-23 04:10 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-23 04:10 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-23 04:10 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-23 04:10 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-23 04:10 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-23 04:10 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-23 04:10 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-23 04:10 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-23 04:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-23 04:10 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-23 04:10 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-23 04:10 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-23 04:10 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-23 04:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-23 04:10 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-23 04:10 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-23 04:10 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-23 04:10 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-23 04:10 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-04-23 03:49 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-04-23 03:48 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-04-23 03:48 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-04-23 03:48 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-04-23 03:48 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-04-23 03:48 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-04-23 03:48 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-04-23 03:48 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-04-23 03:48 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-04-23 03:48 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-04-23 03:39 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-23 03:39 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-23 03:39 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-23 03:39 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-23 03:38 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-23 03:21 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-23 03:21 <DIR> d-------- C:\WINDOWS\peernet
2007-04-23 03:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-23 03:17 <DIR> d-------- C:\WINDOWS\EHome
2007-04-23 03:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Azureus
2007-04-23 03:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-23 03:10 <DIR> d-------- C:\Program Files\Adaware
2007-04-23 03:10 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Lavasoft
2007-04-23 03:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-04-23 03:04 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-23 03:04 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-23 03:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AntiVir PersonalEdition Classic
2007-04-23 02:59 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-04-23 02:59 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-23 02:59 <DIR> d-------- C:\Program Files\ASf to MPG
2007-04-23 02:58 <DIR> d-------- C:\Program Files\Skype
2007-04-23 02:58 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Skype
2007-04-23 02:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Skype
2007-04-23 02:45 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-23 02:45 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-23 02:45 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-23 02:44 262,144 --a------ C:\DOCUME~1\ALLUSE~1.WIN\ntuser.dat
2007-04-23 02:42 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-23 02:42 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-23 02:42 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-23 02:42 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-23 02:42 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-23 02:42 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-23 02:42 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-23 02:42 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-23 02:42 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-23 02:42 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-23 02:42 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-23 02:42 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-23 02:42 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-23 02:42 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-23 02:42 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-23 02:42 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-23 02:42 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-23 02:41 <DIR> d-------- C:\Program Files\Azureus
2007-04-23 02:37 36 --a------ C:\WINDOWS\system32\azi.dat
2007-04-23 02:37 <DIR> d-------- C:\Program Files\Azureus Installer
2007-04-23 02:34 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-04-23 02:14 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-23 02:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-23 02:13 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-23 02:11 1,416 --a------ C:\WINDOWS\mozver.dat
2007-04-23 02:06 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-23 02:06 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-23 02:06 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-23 02:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-23 02:03 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-23 02:01 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-23 02:01 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-23 02:01 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-23 02:01 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-23 02:01 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-23 02:01 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-23 02:01 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-23 02:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-04-23 01:49 <DIR> d-------- C:\Program Files\Winamp
2007-04-23 01:47 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-23 01:47 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Talkback
2007-04-23 01:42 <DIR> d-------- C:\Program Files\iPod
2007-04-23 01:42 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\Apple Computer
2007-04-23 01:41 <DIR> d-------- C:\Program Files\QuickTime
2007-04-23 01:41 <DIR> d-------- C:\Program Files\iTunes
2007-04-23 01:41 <DIR> d-------- C:\Program Files\Apple Software Update
2007-04-23 01:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Apple Computer
2007-04-23 01:39 <DIR> d--hs---- C:\RECYCLER
2007-04-23 01:38 <DIR> d-------- C:\DOCUME~1\SAMN~1\Contacts
2007-04-23 01:37 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-23 01:36 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-23 01:36 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
2007-04-23 01:36 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
2007-04-23 01:36 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-23 01:36 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
2007-04-23 01:36 53,552 --------- C:\WINDOWS\CTCCW.DLL
2007-04-23 01:36 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
2007-04-23 01:36 24,976 --------- C:\WINDOWS\CTRES.DLL
2007-04-23 01:36 20,480 --a------ C:\WINDOWS\INRES.DLL
2007-04-23 01:36 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
2007-04-23 01:36 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
2007-04-23 01:36 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-04-23 01:36 1,048,576 --------- C:\WINDOWS\system32\SFMAN.DAT
2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Defaults
2007-04-23 01:36 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-23 01:35 61,440 --a------ C:\WINDOWS\system32\CTAGENT.DLL
2007-04-23 01:35 49,152 --a------ C:\WINDOWS\CTDCRES.DLL
2007-04-23 01:35 28,672 --a------ C:\WINDOWS\system32\CTSPKHLP.DLL
2007-04-23 01:35 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2007-04-23 01:35 12,288 --a------ C:\WINDOWS\system32\AHQCpURes.dll
2007-04-23 01:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Creative
2007-04-23 01:31 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS
2007-04-23 01:31 41,984 --------- C:\WINDOWS\CTRegRun.exe
2007-04-23 01:31 <DIR> d-------- C:\Program Files\Creative
2007-04-23 01:17 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-23 01:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Symantec
2007-04-23 01:16 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-23 01:16 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2007-04-23 01:15 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-23 01:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-23 01:14 172,032 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-23 01:14 <DIR> d-------- C:\DOCUME~1\SAMN~1\APPLIC~1\InterTrust
2007-04-23 01:12 701,840 --a------ C:\WINDOWS\system32\igmedkrn.dll
2007-04-23 01:12 57,344 --a------ C:\WINDOWS\system32\igxprd32.dll
2007-04-23 01:12 528,384 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-04-23 01:12 5,700,096 --a------ C:\WINDOWS\system32\drivers\igxpmp32.sys
2007-04-23 01:12 47,616 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-04-23 01:12 393,216 --a------ C:\WINDOWS\system32\igxpun.exe
2007-04-23 01:12 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2007-04-23 01:12 309,760 -ra------ C:\WINDOWS\system32\difx32.dll
2007-04-23 01:12 3,293,184 --a------ C:\WINDOWS\system32\igfxress.dll
2007-04-23 01:12 245,760 --a------ C:\WINDOWS\system32\igfxsrvc.exe
2007-04-23 01:12 24,576 --a------ C:\WINDOWS\system32\igfxexps.dll
2007-04-23 01:12 204,800 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-04-23 01:12 200,704 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-04-23 01:12 2,555,904 --a------ C:\WINDOWS\system32\igxpdx32.dll
2007-04-23 01:12 2,383,872 --a------ C:\WINDOWS\system32\ig4icd32.dll
2007-04-23 01:12 192,512 -ra------ C:\WINDOWS\system32\igfxCoIn_v4624.dll
2007-04-23 01:12 163,840 --a------ C:\WINDOWS\system32\igfxzoom.exe
2007-04-23 01:12 159,744 --a------ C:\WINDOWS\system32\igfxext.exe
2007-04-23 01:12 155,648 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-04-23 01:12 149,504 --a------ C:\WINDOWS\system32\igxpgd32.dll
2007-04-23 01:12 135,168 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-04-23 01:12 131,072 --a------ C:\WINDOWS\system32\igfxpers.exe
2007-04-23 01:12 102,400 --a------ C:\WINDOWS\system32\hccutils.dll
2007-04-23 01:12 1,612,576 --a------ C:\WINDOWS\system32\igxpdv32.dll
2007-04-23 01:12 1,486,848 --a------ C:\WINDOWS\system32\ig4dev32.dll
2007-04-23 01:12 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-23 01:12 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-04-23 01:09 86,016 --------- C:\WINDOWS\system32\stacsv.exe
2007-04-23 01:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-23 01:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-23 01:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-23 01:09 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-23 01:09 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-23 01:09 41,728 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
2007-04-23 01:09 282,624 --a------ C:\WINDOWS\sttray.exe
2007-04-23 01:09 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-23 01:09 217,088 --a------ C:\WINDOWS\system32\stacapi.dll
2007-04-23 01:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-23 01:09 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-23 01:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-23 01:09 117,248 --a------ C:\WINDOWS\system32\staco.dll
2007-04-23 01:09 1,177,032 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2007-04-23 01:09 1,069,056 --a------ C:\WINDOWS\system32\stlang.dll
2007-04-23 01:09 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-23 01:09 <DIR> d-------- C:\Program Files\SigmaTel
2007-04-23 01:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-23 01:07 36,864 -ra------ C:\WINDOWS\system32\e100bmsg.dll
2007-04-23 01:07 21,504 -ra------ C:\WINDOWS\system32\NicCo.dll
2007-04-23 01:07 20,992 -ra------ C:\WINDOWS\system32\NicInst.dll
2007-04-23 01:07 163,328 -ra------ C:\WINDOWS\system32\drivers\e100b325.sys
2007-04-23 01:07 126,976 -ra------ C:\WINDOWS\system32\Prounstl.exe
2007-04-23 01:06 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-23 01:06 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-23 01:06 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-23 01:06 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-23 01:06 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-23 01:06 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-23 01:06 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-23 01:06 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-23 01:06 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-23 01:06 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-23 01:06 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-23 01:06 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-23 01:06 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-23 01:06 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-23 01:06 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-23 01:06 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-23 01:06 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-23 01:06 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-23 01:06 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-23 01:06 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-23 01:06 44,544 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-23 01:06 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-23 01:06 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-23 01:06 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll
2007-04-23 01:06 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-23 01:06 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-23 01:06 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-23 01:06 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-23 01:06 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-23 01:06 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-23 01:06 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-23 01:06 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-23 01:06 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-23 01:06 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-23 01:06 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-23 01:06 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-23 01:06 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-23 01:06 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-23 01:06 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-23 01:06 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-23 01:06 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-23 01:06 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-23 01:06 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-23 01:06 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-23 01:06 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-23 01:06 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-23 01:06 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-23 01:06 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-23 01:06 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-23 01:06 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-23 01:06 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-23 01:06 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-23 01:06 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-23 01:06 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-23 01:06 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-23 01:06 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-23 01:06 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-23 01:06 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-23 01:06 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-23 01:06 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-23 01:06 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-23 01:06 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-23 01:06 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-23 01:06 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-23 01:06 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-23 01:06 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-23 01:06 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-23 01:06 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-23 01:06 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-23 01:06 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-23 01:05 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2007-04-23 01:05 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-23 01:05 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-04-23 01:05 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-23 01:05 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-23 01:05 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-04-23 01:05 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-23 01:05 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-04-23 01:05 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-23 01:05 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-23 01:05 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-23 01:05 <DIR> d-------- C:\Program Files\Intel
2007-04-23 01:03 <DIR> d-------- C:\TempEI4
2007-04-23 01:03 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-23 00:34 <DIR> dr------- C:\Program Files
2007-04-23 00:34 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-23 00:34 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-23 00:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-23 00:33 <DIR> d-------- C:\Documents and Settings
2007-04-23 00:30 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-23 00:30 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-23 00:30 <DIR> dr------- C:\WINDOWS\Web
2007-04-23 00:30 <DIR> d--h----- C:\WINDOWS\inf
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system32
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\system
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\security
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Resources
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\repair
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\mui
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msapps
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\msagent
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Media
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\ime
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Help
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Debug
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\Config
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS\addins
2007-04-23 00:30 <DIR> d-------- C:\WINDOWS
2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\NETWOR~1.NTA\NTUSER.DAT
2007-04-22 18:48 737,280 --a------ C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-04-22 18:48 4,456,448 --a------ C:\DOCUME~1\SAMN~1\NTUSER.DAT
2007-04-22 18:45 229,376 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-04-22 18:45 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-22 18:45 0 -rahs---- C:\MSDOS.SYS
2007-04-22 18:45 0 -rahs---- C:\IO.SYS
2007-04-22 18:45 0 --a------ C:\CONFIG.SYS
2007-04-22 18:45 0 --a------ C:\AUTOEXEC.BAT
2007-04-22 18:45 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-22 18:44 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-22 18:44 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-22 18:44 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-22 18:44 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-22 18:44 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-22 18:44 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-22 18:44 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-22 18:44 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-22 18:44 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-22 18:44 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-22 18:44 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-22 18:44 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-22 18:44 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-22 18:44 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-22 18:44 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-22 18:44 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-22 18:44 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-22 18:44 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-22 18:44 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-22 18:44 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-22 18:44 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-22 18:44 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-22 18:44 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-22 18:44 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-22 18:44 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-22 18:44 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-22 18:44 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-22 18:43 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-22 18:43 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-22 18:43 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-22 18:43 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-22 18:43 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-22 18:43 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-22 18:43 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-22 18:43 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-22 18:43 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-22 18:43 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-22 18:43 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-22 18:43 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-22 18:43 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-22 18:43 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-22 18:43 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-22 18:43 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-22 18:43 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-22 18:43 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-22 18:43 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-22 18:43 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-22 18:43 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-22 18:43 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-22 18:43 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-22 18:43 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-22 18:43 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-22 18:43 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-22 18:43 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-22 18:43 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-22 18:43 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-22 18:43 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-22 18:43 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-22 18:43 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-22 18:43 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-22 18:43 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-22 18:43 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-22 18:43 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-22 18:43 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-22 18:43 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-22 18:43 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-22 18:43 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-22 18:43 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-22 18:43 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-22 18:43 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-22 18:43 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-22 18:43 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-22 18:43 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-22 18:43 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-22 18:43 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-22 18:43 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-22 18:43 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-22 18:43 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-22 18:43 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-22 18:43 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-22 18:43 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-22 18:43 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-22 18:43 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-22 18:43 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-22 18:43 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-22 18:43 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-22 18:43 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-22 18:43 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-22 18:43 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-22 18:43 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-22 18:43 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-22 18:43 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-22 18:43 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-22 18:43 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-22 18:43 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-22 18:43 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-22 18:43 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-22 18:43 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-22 16:44 524,288 --ah----- C:\DOCUME~1\SAMNGA~1\NTUSER.DAT
2007-04-22 16:44 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-22 16:43 229,376 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-22 16:43 <DIR> d--hs---- C:\System Volume Information
2007-04-22 16:41 229,376 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-22 16:41 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-22 16:41 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-22 16:41 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-22 16:41 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-22 16:41 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-22 16:40 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-22 16:40 <DIR> d-------- C:\WINDOWS\PCHealth
2007-04-22 16:40 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-22 16:40 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-22 16:39 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-22 16:39 <DIR> d-------- C:\WINDOWS\Registration
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Windows NT
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Online Services
2007-04-22 16:39 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-22 16:39 <DIR> d-------- C:\Program Files\Messenger


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 08:16:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Azureus
2007-05-07 14:45:46 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Skype
2007-05-06 06:58:05 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Ahead
2007-04-29 13:23:23 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Hamachi
2007-04-26 06:09:40 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-04-23 12:07:30 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-04-23 06:23:45 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Apple Computer
2007-04-23 03:57:25 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Real
2007-04-23 03:53:49 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\vlc
2007-04-23 03:53:17 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Media Player Classic
2007-04-22 17:40:32 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Lavasoft
2007-04-22 16:17:35 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\Talkback
2007-04-22 15:44:57 -------- d-----w C:\DOCUME~1\SAMN~1\APPLIC~1.\InterTrust
2007-03-21 11:24:16 77,312 ----a-w C:\WINDOWS\system32\TWAIN_32.DLL
2007-03-21 11:24:16 69,632 ----a-w C:\WINDOWS\system32\TWUNK_32.EXE
2007-03-21 11:24:16 48,560 ----a-w C:\WINDOWS\system32\TWUNK_16.EXE
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 02:53:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 02:49:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-14 09:57:58 972,336 ----a-w C:\WINDOWS\UNRecode.exe
2007-03-14 09:50:38 133,168 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-03-14 09:50:36 11,568 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-03-14 09:49:26 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
2007-03-12 09:24:30 239,152 ----a-w C:\WINDOWS\NuNInst.exe
2007-03-12 09:24:10 38,576 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-03-12 09:24:00 37,040 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-03-12 09:24:00 16,304 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-12 09:23:50 118,064 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-12 04:21:08 972,336 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-28 11:23:50 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{FFFFFEF0-5B30-21D4-945D-000000000000}"="C:\PROGRA~1\STARDO~1\SDIEInt.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="sttray.exe"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"CTStartup"="C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE /run"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SecurDisc"="D:\\Program Files\\Nero 7\\InCD\\NBHGui.exe"
"InCD"="D:\\Program Files\\Nero 7\\InCD\\InCD.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Azureus Installer"="\"C:\\Program Files\\Azureus Installer\\Azureus-Installer.exe\" hmw"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Program Files\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-09 01:22:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4???:???\'2???A~??A~:???????\???\???????????U?A~??A~\???\????????"`??????C@?\???\??????s:???\??????s\???@'2?A??s@'2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-09 1:22:37
C:\ComboFix-quarantined-files.txt ... 2007-05-09 01:22

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:02 PM

Posted 11 May 2007 - 09:56 AM

Hi ymonkee,

The ComboFix log looks clean. :thumbsup: How is your computer working?

Let's reset you files so they are hidden and protected.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading deselect Show hidden files and folders.
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK




Please read and follow How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware

Edited by SifuMike, 11 May 2007 - 09:58 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 ymonkee

ymonkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 12 May 2007 - 04:01 AM

Hi sifumike. ..

i'm very happy to report that my computer seems to be in good running order. i haven't had any popups and i've done Anti-virus scans, as well as Adaware and Spybot S&D scans all of which now register me with no immediate threat results.

I'm ever grateful for your help and would like to extend a very big thank you to you and this forum. You've saved me from having to format my computer. You're a life saver!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users