1
Tech Clinic / Virus Alert wont go away
« on: June 18, 2007, 11:53:18 PM »
Ok! So what does this added protection do? keep things like what I have just experienced away or at bay?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
Tech Clinic / Virus Alert wont go away
« on: June 09, 2007, 07:48:29 PM »
Actually, things are running quite smoothly once again! ah thank you again for your help!
3
Tech Clinic / Virus Alert wont go away
« on: June 09, 2007, 07:11:40 PM »
SmitFraudFix v2.195
Scan done at 5:01:26.39, Sat 06/09/2007
Run from C:\Documents and Settings\user1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\wincom27.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 5:01:26.39, Sat 06/09/2007
Run from C:\Documents and Settings\user1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\wincom27.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
4
Tech Clinic / Virus Alert wont go away
« on: June 09, 2007, 03:58:50 PM »
I got this i don't know if that was supposed to happen
5
Tech Clinic / Virus Alert wont go away
« on: June 09, 2007, 01:00:57 PM »
I hope that fixed it, I'm not getting the instant contravirus software download every time I reboot
6
Tech Clinic / Virus Alert wont go away
« on: June 09, 2007, 12:59:21 PM »
Hijackthis log[/u]
Logfile of HijackThis v1.99.1
Scan saved at 10:57:10 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Smitfradfix rapport[/u]
SmitFraudFix v2.194
Scan done at 10:50:24.55, Sat 06/09/2007
Run from C:\Documents and Settings\user1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Documents and Settings\user1\Application Data\AdProtect NoSpam\ Deleted
C:\Program Files\ContraVirus\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 10:57:10 AM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Smitfradfix rapport[/u]
SmitFraudFix v2.194
Scan done at 10:50:24.55, Sat 06/09/2007
Run from C:\Documents and Settings\user1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Documents and Settings\user1\Application Data\AdProtect NoSpam\ Deleted
C:\Program Files\ContraVirus\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
7
Hardware / PCI, AGP and PCI Express
« on: June 08, 2007, 01:03:57 PM »
Lame. i figured lol my video card denied me
8
Tech Clinic / Virus Alert wont go away
« on: June 08, 2007, 01:01:46 PM »
I think your smitfraudfix link is broken, i couldn't download it from there so I found it via google lol 
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
9
Tech Clinic / Virus Alert wont go away
« on: June 08, 2007, 01:00:32 PM »
hijackthis Uninstall list
Abexo Free Registry Cleaner
Active Virus Shield
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
AOL Instant Messenger
AOL Security Toolbar
AOL Uninstaller (Choose which Products to Remove)
AVG Anti-Spyware 7.5
CA Pest Patrol Realtime Protection
C-Media WDM Audio Driver
Data Lifeguard Tools
Guild Wars
iTunes
Java(tm) SE Runtime Environment 6 Update 1
LimeWire 4.12.11
MaxBlast 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.4)
MSXML 6.0 Parser
Nero - Burning Rom
NVIDIA Drivers
QuickTime
Ragnarok Sakray
RealPlayer
Realtek AC'97 Audio
Safety and Security Center Uninstaller
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Spybot - Search & Destroy 1.4
Tales of Pirates Online 1.33
Trickster Online
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Viewpoint Media Player
Winamp (remove only)
Windows Communication Foundation
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
ZNRO Client 0505
Zune Desktop Theme
Smitfraudfix rapport
SmitFraudFix v2.192
Scan done at 10:53:05.63, Fri 06/08/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\xpuupdate.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\My Documents\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video ActiveX Access\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA PCI 10/100Mb Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 68.87.76.178
DNS Server Search Order: 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Combofix log[/u]
"user1" - 2007-06-08 10:53:44 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Program Files\Mozilla Firefox\"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\video activex access
((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))
2007-06-08 10:53 2,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-08 10:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-08 10:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-08 10:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-06 18:12 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-06 18:11 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-06-06 18:11 8,704 --a------ C:\WINDOWS\system32\MPFApi.dll
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\McAfee.com Personal Firewall
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\mcafee.com personal firewall
2007-06-06 18:10 <DIR> d-------- C:\Program Files\mcafee.com
2007-06-06 18:10 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-06 18:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-06 18:09 <DIR> d-------- C:\Program Files\CA
2007-06-06 18:09 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\AOL
2007-06-06 18:08 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-06-06 18:08 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-06 17:58 <DIR> d-------- C:\Program Files\MRBDG
2007-06-06 17:31 <DIR> d-------- C:\BFU
2007-06-06 12:00 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\AdProtect NoSpam
2007-06-06 11:58 <DIR> d-------- C:\Program Files\ContraVirus
2007-06-06 11:57 54,784 --a------ C:\WINDOWS\system32\xpuupdate.exe
2007-06-06 11:37 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Apple Computer
2007-06-06 11:36 <DIR> d-------- C:\Program Files\QuickTime
2007-06-06 11:36 <DIR> d-------- C:\Program Files\iTunes
2007-06-06 11:36 <DIR> d-------- C:\Program Files\iPod
2007-06-06 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-06 11:31 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-06 11:31 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-06 11:31 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-06 11:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-06 10:39 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-06 10:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-06 08:55 90,624 --a------ C:\WINDOWS\system32\3D Wormhole.scr
2007-06-02 19:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-02 19:00 <DIR> d-------- C:\Program Files\Real
2007-06-02 19:00 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-02 19:00 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Real
2007-05-31 17:48 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-31 17:46 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Leadertech
2007-05-31 17:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-27 09:47 <DIR> d-------- C:\Program Files\Abexo
2007-05-22 12:51 <DIR> d-------- C:\Program Files\Tales of Pirates Online
2007-05-20 12:42 <DIR> d-------- C:\Program Files\Granado Espada
2007-05-18 22:36 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Viewpoint
2007-05-12 14:06 23,552 --a------ C:\WINDOWS\system32\sstunins.exe
2007-05-12 10:30 <DIR> d-------- C:\Program Files\VVSN
2007-05-10 23:20 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-05-10 23:20 <DIR> d-------- C:\Program Files\Gravity
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-07 01:06:11 335 ----a-w C:\WINDOWS\nsreg.dat
2007-06-06 18:31:46 -------- d-----w C:\Program Files\Winamp
2007-06-06 17:09:07 1,290 ----a-w C:\WINDOWS\mozver.dat
2007-05-26 21:06:48 -------- d-----w C:\Program Files\LimeWire
2007-05-19 17:23:52 -------- d--h--w C:\Program Files\InstallJammer Registry
2007-05-17 02:38:49 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-05-17 02:38:41 -------- d-----w C:\Program Files\Trickster Online
2007-05-13 00:35:32 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\IMVU
2007-05-08 02:44:03 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\MusicIP
2007-05-06 16:56:18 -------- d-----w C:\Program Files\ModernDesktop
2007-05-02 05:05:10 -------- d-----w C:\Program Files\Viewpoint
2007-05-02 00:44:10 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\Aim
2007-05-02 00:44:08 -------- d-----w C:\Program Files\AIM
2007-05-02 00:43:33 -------- d-----w C:\Program Files\AOD
2007-04-29 23:18:03 213,148 ----a-w C:\WINDOWS\INSTALL.scr
2007-04-29 17:35:52 -------- d-----w C:\Program Files\Enigma Software Group
2007-04-28 15:25:01 -------- d-----w C:\Program Files\AOL Security Toolbar
2007-04-28 05:45:58 -------- d-----w C:\Program Files\Guild Wars
2007-04-28 00:50:34 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\GetRightToGo
2007-04-27 06:08:26 9,728 ----a-w C:\WINDOWS\system32\UnInstall DestroyPokemon.exe
2007-04-27 05:24:18 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-27 05:14:24 -------- d-----w C:\Program Files\plus!
2007-04-27 02:00:24 -------- d-----w C:\Program Files\ReflexiveArcade
2007-04-27 00:43:52 3 ----a-w C:\WINDOWS\system32\Dino.dll
2007-04-27 00:37:42 1 ----a-w C:\WINDOWS\system32\Shark.dll
2007-04-26 23:26:49 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\MSN6
2007-04-26 02:17:22 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\Lavasoft
2007-04-26 02:17:19 -------- d-----w C:\Program Files\Lavasoft
2007-04-26 02:17:06 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 01:30:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 01:30:15 -------- d-----w C:\Program Files\Western Digital
2007-04-25 14:37:39 -------- d-----w C:\Program Files\VIA
2007-04-25 08:01:18 -------- d-----w C:\Program Files\MSXML 6.0
2007-04-25 08:00:03 -------- d-----w C:\Program Files\MSBuild
2007-04-25 07:40:21 -------- d-----w C:\Program Files\Reference Assemblies
2007-04-25 06:21:15 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-25 06:09:27 -------- d-----w C:\Program Files\Maxtor
2007-04-25 05:58:57 -------- d-----w C:\Program Files\Messenger
2007-04-25 03:53:22 -------- d-----w C:\Program Files\Movie Maker
2007-04-25 03:51:45 -------- d-----w C:\Program Files\Windows NT
2007-04-25 03:42:06 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-25 01:15:59 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-25 00:54:23 -------- d-----w C:\Program Files\Ahead
2007-04-25 00:27:18 -------- d-----w C:\Program Files\Realtek Sound Manager
2007-04-25 00:27:18 -------- d-----w C:\Program Files\AvRack
2007-04-25 00:14:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-25 00:13:35 0 --sha-r C:\MSDOS.SYS
2007-04-25 00:13:35 0 --sha-r C:\IO.SYS
2007-04-25 00:13:35 0 ----a-w C:\CONFIG.SYS
2007-04-25 00:13:35 0 ----a-w C:\AUTOEXEC.BAT
2007-04-25 00:12:21 -------- d-----w C:\Program Files\Online Services
2007-04-25 00:11:07 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-25 00:10:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-25 00:09:54 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-24 17:05:32 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-24 17:05:29 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}=C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll [2006-08-15 07:58]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 01:54 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-02-12 06:27]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-02 19:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"HostManager"="C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe" [2006-09-25 17:52]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 14:34]
"sscRun"="C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe" [2007-01-25 14:34]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 10:55:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-08 10:56:06
C:\ComboFix-quarantined-files.txt ... 2007-06-08 10:55
C:\ComboFix2.txt ... 2007-05-01 18:23
--- E O F ---
Abexo Free Registry Cleaner
Active Virus Shield
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
AOL Instant Messenger
AOL Security Toolbar
AOL Uninstaller (Choose which Products to Remove)
AVG Anti-Spyware 7.5
CA Pest Patrol Realtime Protection
C-Media WDM Audio Driver
Data Lifeguard Tools
Guild Wars
iTunes
Java(tm) SE Runtime Environment 6 Update 1
LimeWire 4.12.11
MaxBlast 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.4)
MSXML 6.0 Parser
Nero - Burning Rom
NVIDIA Drivers
QuickTime
Ragnarok Sakray
RealPlayer
Realtek AC'97 Audio
Safety and Security Center Uninstaller
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Spybot - Search & Destroy 1.4
Tales of Pirates Online 1.33
Trickster Online
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Viewpoint Media Player
Winamp (remove only)
Windows Communication Foundation
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
WinRAR archiver
ZNRO Client 0505
Zune Desktop Theme
Smitfraudfix rapport
SmitFraudFix v2.192
Scan done at 10:53:05.63, Fri 06/08/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\xpuupdate.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user1\My Documents\HijackThis.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user1\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video ActiveX Access\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA PCI 10/100Mb Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
DNS Server Search Order: 68.87.76.178
DNS Server Search Order: 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{7F2E9061-8A90-474F-82E3-EC14AB1573DF}: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 68.87.76.178 68.87.78.130
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Combofix log[/u]
"user1" - 2007-06-08 10:53:44 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Program Files\Mozilla Firefox\"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\video activex access
((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 )))))))))))))))))))))))))))))))
2007-06-08 10:53 2,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-08 10:52 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-06-08 10:52 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-06-08 10:52 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-06-06 18:12 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-06-06 18:11 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2007-06-06 18:11 8,704 --a------ C:\WINDOWS\system32\MPFApi.dll
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\McAfee.com Personal Firewall
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
2007-06-06 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\mcafee.com personal firewall
2007-06-06 18:10 <DIR> d-------- C:\Program Files\mcafee.com
2007-06-06 18:10 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-06-06 18:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-06-06 18:09 <DIR> d-------- C:\Program Files\CA
2007-06-06 18:09 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\AOL
2007-06-06 18:08 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-06-06 18:08 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-06 17:58 <DIR> d-------- C:\Program Files\MRBDG
2007-06-06 17:31 <DIR> d-------- C:\BFU
2007-06-06 12:00 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\AdProtect NoSpam
2007-06-06 11:58 <DIR> d-------- C:\Program Files\ContraVirus
2007-06-06 11:57 54,784 --a------ C:\WINDOWS\system32\xpuupdate.exe
2007-06-06 11:37 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Apple Computer
2007-06-06 11:36 <DIR> d-------- C:\Program Files\QuickTime
2007-06-06 11:36 <DIR> d-------- C:\Program Files\iTunes
2007-06-06 11:36 <DIR> d-------- C:\Program Files\iPod
2007-06-06 11:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-06 11:31 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-06 11:31 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-06 11:31 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-06 11:31 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-06-06 10:39 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-06 10:39 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-06 08:55 90,624 --a------ C:\WINDOWS\system32\3D Wormhole.scr
2007-06-02 19:01 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-06-02 19:00 <DIR> d-------- C:\Program Files\Real
2007-06-02 19:00 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-02 19:00 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Real
2007-05-31 17:48 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-05-31 17:46 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Leadertech
2007-05-31 17:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-27 09:47 <DIR> d-------- C:\Program Files\Abexo
2007-05-22 12:51 <DIR> d-------- C:\Program Files\Tales of Pirates Online
2007-05-20 12:42 <DIR> d-------- C:\Program Files\Granado Espada
2007-05-18 22:36 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Viewpoint
2007-05-12 14:06 23,552 --a------ C:\WINDOWS\system32\sstunins.exe
2007-05-12 10:30 <DIR> d-------- C:\Program Files\VVSN
2007-05-10 23:20 65,536 --a------ C:\WINDOWS\IFinst27.exe
2007-05-10 23:20 <DIR> d-------- C:\Program Files\Gravity
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-07 01:06:11 335 ----a-w C:\WINDOWS\nsreg.dat
2007-06-06 18:31:46 -------- d-----w C:\Program Files\Winamp
2007-06-06 17:09:07 1,290 ----a-w C:\WINDOWS\mozver.dat
2007-05-26 21:06:48 -------- d-----w C:\Program Files\LimeWire
2007-05-19 17:23:52 -------- d--h--w C:\Program Files\InstallJammer Registry
2007-05-17 02:38:49 141,612 ----a-w C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-05-17 02:38:41 -------- d-----w C:\Program Files\Trickster Online
2007-05-13 00:35:32 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\IMVU
2007-05-08 02:44:03 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\MusicIP
2007-05-06 16:56:18 -------- d-----w C:\Program Files\ModernDesktop
2007-05-02 05:05:10 -------- d-----w C:\Program Files\Viewpoint
2007-05-02 00:44:10 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\Aim
2007-05-02 00:44:08 -------- d-----w C:\Program Files\AIM
2007-05-02 00:43:33 -------- d-----w C:\Program Files\AOD
2007-04-29 23:18:03 213,148 ----a-w C:\WINDOWS\INSTALL.scr
2007-04-29 17:35:52 -------- d-----w C:\Program Files\Enigma Software Group
2007-04-28 15:25:01 -------- d-----w C:\Program Files\AOL Security Toolbar
2007-04-28 05:45:58 -------- d-----w C:\Program Files\Guild Wars
2007-04-28 00:50:34 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\GetRightToGo
2007-04-27 06:08:26 9,728 ----a-w C:\WINDOWS\system32\UnInstall DestroyPokemon.exe
2007-04-27 05:24:18 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-27 05:14:24 -------- d-----w C:\Program Files\plus!
2007-04-27 02:00:24 -------- d-----w C:\Program Files\ReflexiveArcade
2007-04-27 00:43:52 3 ----a-w C:\WINDOWS\system32\Dino.dll
2007-04-27 00:37:42 1 ----a-w C:\WINDOWS\system32\Shark.dll
2007-04-26 23:26:49 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\MSN6
2007-04-26 02:17:22 -------- d-----w C:\DOCUME~1\user1\APPLIC~1\Lavasoft
2007-04-26 02:17:19 -------- d-----w C:\Program Files\Lavasoft
2007-04-26 02:17:06 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 01:30:15 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-26 01:30:15 -------- d-----w C:\Program Files\Western Digital
2007-04-25 14:37:39 -------- d-----w C:\Program Files\VIA
2007-04-25 08:01:18 -------- d-----w C:\Program Files\MSXML 6.0
2007-04-25 08:00:03 -------- d-----w C:\Program Files\MSBuild
2007-04-25 07:40:21 -------- d-----w C:\Program Files\Reference Assemblies
2007-04-25 06:21:15 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-25 06:09:27 -------- d-----w C:\Program Files\Maxtor
2007-04-25 05:58:57 -------- d-----w C:\Program Files\Messenger
2007-04-25 03:53:22 -------- d-----w C:\Program Files\Movie Maker
2007-04-25 03:51:45 -------- d-----w C:\Program Files\Windows NT
2007-04-25 03:42:06 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-25 01:15:59 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-25 00:54:23 -------- d-----w C:\Program Files\Ahead
2007-04-25 00:27:18 -------- d-----w C:\Program Files\Realtek Sound Manager
2007-04-25 00:27:18 -------- d-----w C:\Program Files\AvRack
2007-04-25 00:14:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-25 00:13:35 0 --sha-r C:\MSDOS.SYS
2007-04-25 00:13:35 0 --sha-r C:\IO.SYS
2007-04-25 00:13:35 0 ----a-w C:\CONFIG.SYS
2007-04-25 00:13:35 0 ----a-w C:\AUTOEXEC.BAT
2007-04-25 00:12:21 -------- d-----w C:\Program Files\Online Services
2007-04-25 00:11:07 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-25 00:10:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-25 00:09:54 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-24 17:05:32 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-24 17:05:29 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-03-23 13:07:56 1,683,280 ------w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 13:07:54 583,504 ------w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-23 03:25:02 124,928 ------w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 19:23:16 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
2007-03-15 19:19:58 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}=C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll [2006-08-15 07:58]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 01:54 C:\WINDOWS\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-02-12 06:27]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"@"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-02 19:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 15:22]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"HostManager"="C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe" [2006-09-25 17:52]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 14:34]
"sscRun"="C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe" [2007-01-25 14:34]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
**************************************************************************
catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-08 10:55:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-08 10:56:06
C:\ComboFix-quarantined-files.txt ... 2007-06-08 10:55
C:\ComboFix2.txt ... 2007-05-01 18:23
--- E O F ---
10
Tech Clinic / Virus Alert wont go away
« on: June 06, 2007, 10:56:34 PM »
So my better half was doing some searching and downloaded a virus. yes I know. lame. But now windows is giving me this warning that says "your computer is infected!" I go to click the "X" in the corner of the pop up notification and it installs this contravirus program that does a scan everytime then tells me I need to pay for it to do anything. Various tries to remove this contravirus with the add remove programs section of the computer and it still shows up with the same pop up. I'm thinkin its the virus playin with my computer http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'
\' />
Any Idea on how to kill this infestation? Heres the log.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:14 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\xpuupdate.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
c:\program files\common files\aol\1181178493\ee\aolssc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOLDOW~1\SSC_SU~1\21054~1.4\suite\setup.exe
C:\Documents and Settings\user1\My Documents\user1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IEExtension Class - {DBE5BEE8-F032-11DB-826A-C4BB56D89593} - C:\Program Files\ContraVirus\secieaddin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: Ad-Protect Toolbar - {EA038DDD-0FE0-41f5-BA60-FC3660529E71} - C:\Program Files\ContraVirus\ToolBand.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [SSCSUD] regsvr32.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
\' /> Any Idea on how to kill this infestation? Heres the log.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:14 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\xpuupdate.exe
C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1181178493\ee\aolsoftware.exe
c:\program files\common files\aol\1181178493\ee\aolssc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOLDOW~1\SSC_SU~1\21054~1.4\suite\setup.exe
C:\Documents and Settings\user1\My Documents\user1.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IEExtension Class - {DBE5BEE8-F032-11DB-826A-C4BB56D89593} - C:\Program Files\ContraVirus\secieaddin.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O3 - Toolbar: Ad-Protect Toolbar - {EA038DDD-0FE0-41f5-BA60-FC3660529E71} - C:\Program Files\ContraVirus\ToolBand.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Updater Servc] C:\WINDOWS\system32\xpuupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181178493\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1181178493\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1181178493\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [SSCSUD] regsvr32.exe /S
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
12
Tech Clinic / Computer Restarting
« on: May 23, 2007, 03:41:30 PM »
It was very simple and odd, all I did was turn the automatic updates off for the computer itself. The problem stopped and the computer returned to its regular functioning place in my house lol My apologies for the elongated wait for a response http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
13
Tech Clinic / hi
« on: May 07, 2007, 05:56:13 PM »
You can't really learn photo shop in 4 tries or an hour. You just kinda have to mess with everything the program offers.
14
Tech Clinic / Computer Restarting
« on: May 07, 2007, 05:53:22 PM »
I actually corrected the problem, and everything is running fine. thanks to you of course http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> I will post a new log when I return from the work place.
15
Tech Clinic / Computer Restarting
« on: May 02, 2007, 04:14:59 PM »
Like I said before in the first few posts, it is fairly new. It doesn't seem to be very old at all, and its nice and spotless. Its a customized computer, and all the wiring and stuff is neatly out of the way and not in a jumble like my other pc. I'll check if some connections are loose and whatnot. I really do appreciate your help guestolo, even if it this pc never gets repaired and is still loopy. You're like a pc god lol. I really do appreciate your help on this matter. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />
16
Tech Clinic / Computer Restarting
« on: May 02, 2007, 08:19:03 AM »
I left it on last night to see if maybe you were right with the over heating thing. Well, it turned itself off as I expected, then it waited about an hour to turn itself on and its been on since then. I'm just confused, im not going to get upset about it. I wish to go through this however long it takes D: silly computer. It also makes noises like its doing something but its obviously sitting there being idle. so I dunno
17
Tech Clinic / Computer Restarting
« on: May 02, 2007, 12:07:17 AM »
Oh sorry haha, the computer already had its setting checked off on the auto restart. and if it is over heating, what would be the solution? another fan or a new PU? well heres the log. and it seems to power off when its idle sometimes.
05/01/07 21:59:54 [Info]: BlackLight Engine 1.0.61 initialized
05/01/07 21:59:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/07 21:59:54 [Note]: 7019 4
05/01/07 21:59:54 [Note]: 7005 0
05/01/07 22:00:05 [Note]: 7006 0
05/01/07 22:00:05 [Note]: 7011 300
05/01/07 22:00:05 [Note]: 7026 0
05/01/07 22:00:06 [Note]: 7026 0
05/01/07 22:00:07 [Note]: FSRAW library version 1.7.1021
05/01/07 22:03:33 [Note]: 7007 0
05/01/07 21:59:54 [Info]: BlackLight Engine 1.0.61 initialized
05/01/07 21:59:54 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/07 21:59:54 [Note]: 7019 4
05/01/07 21:59:54 [Note]: 7005 0
05/01/07 22:00:05 [Note]: 7006 0
05/01/07 22:00:05 [Note]: 7011 300
05/01/07 22:00:05 [Note]: 7026 0
05/01/07 22:00:06 [Note]: 7026 0
05/01/07 22:00:07 [Note]: FSRAW library version 1.7.1021
05/01/07 22:03:33 [Note]: 7007 0
18
Tech Clinic / Computer Restarting
« on: May 01, 2007, 08:30:03 PM »
The problem before was that it had a trojan on it and it was removed with a program called "Trojan Remover" but the problems persisted. I'm not sure if this program hid the trojan from my scans or it was the spyware that was effecting it. I've been disconecting the entire computer everynight to make sure no further threats enter while it is in its current condition. Oh, and no i did not purposely set that as my home page it was like that already when i got it
19
Tech Clinic / Computer Restarting
« on: May 01, 2007, 08:25:37 PM »
"user1" - 07-05-01 18:21:18 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\user1\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\install.exe
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Iprip
-------\LEGACY_IPRIP
((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))
2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Aim
2007-05-01 17:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-01 17:43 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-01 17:43 <DIR> d-------- C:\Program Files\Viewpoint
2007-05-01 17:43 <DIR> d-------- C:\Program Files\AOD
2007-05-01 17:43 <DIR> d-------- C:\Program Files\AIM
2007-05-01 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-01 17:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-29 16:18 213,148 --a------ C:\WINDOWS\INSTALL.scr
2007-04-29 10:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-28 22:23 <DIR> d--h----- C:\Program Files\InstallJammer Registry
2007-04-28 22:08 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-04-28 08:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-27 22:36 <DIR> d-------- C:\Program Files\Guild Wars
2007-04-27 18:50 <DIR> d-------- C:\Program Files\AOL Security Toolbar
2007-04-27 18:48 18,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-27 18:48 1,809,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-27 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-27 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-04-27 17:53 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-27 17:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-27 17:52 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-27 17:52 <DIR> d-------- C:\Program Files\Trojan Remover
2007-04-27 17:52 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Simply Super Software
2007-04-27 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-04-27 17:50 <DIR> d-------- C:\Downloads
2007-04-27 17:50 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\GetRightToGo
2007-04-26 23:14 <DIR> d-------- C:\Shockwave
2007-04-26 23:10 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-04-26 23:08 9,728 --a------ C:\WINDOWS\system32\UnInstall DestroyPokemon.exe
2007-04-26 22:14 <DIR> d-------- C:\Program Files\plus!
2007-04-26 19:23 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-26 19:00 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-04-26 17:43 3 --a------ C:\WINDOWS\system32\Dino.dll
2007-04-26 17:37 1 --a------ C:\WINDOWS\system32\Shark.dll
2007-04-26 17:13 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\IMVU
2007-04-26 17:12 <DIR> d-------- C:\Program Files\IMVU
2007-04-26 16:26 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\MSN6
2007-04-26 16:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-04-25 20:58 <DIR> d-------- C:\DOCUME~1\user1\Shared
2007-04-25 20:58 <DIR> d-------- C:\DOCUME~1\user1\Incomplete
2007-04-25 20:56 <DIR> d-------- C:\Program Files\LimeWire
2007-04-25 20:55 <DIR> d-------- C:\DOCUME~1\user1\.limewire
2007-04-25 20:52 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-25 20:52 141,612 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-25 20:33 <DIR> d-------- C:\Program Files\Trickster Online
2007-04-25 19:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-25 19:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-25 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 19:17 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Lavasoft
2007-04-25 19:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-25 18:30 <DIR> d-------- C:\Program Files\Western Digital
2007-04-25 07:37 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-04-25 07:37 203,648 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2007-04-25 07:36 <DIR> d--hs---- C:\RECYCLER
2007-04-25 01:07 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-04-25 01:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-04-25 01:00 <DIR> d-------- C:\Program Files\MSBuild
2007-04-25 00:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-25 00:40 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-25 00:39 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-25 00:39 <DIR> d-------- C:\4c95fae7a481e7e3398a3828bf
2007-04-25 00:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-25 00:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-25 00:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-25 00:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-25 00:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-25 00:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-04-25 00:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 00:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-04-24 23:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-24 23:21 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-24 23:21 <DIR> d-------- C:\NVIDIA
2007-04-24 23:09 <DIR> d-------- C:\Program Files\Maxtor
2007-04-24 22:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-24 22:03 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-24 21:11 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-24 20:57 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-24 20:53 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-24 20:53 <DIR> d-------- C:\WINDOWS\peernet
2007-04-24 20:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-24 20:48 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-24 20:46 <DIR> d-------- C:\WINDOWS\EHome
2007-04-24 20:42 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-24 20:33 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-24 20:33 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-24 20:33 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-24 20:33 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-24 20:33 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-24 20:33 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-24 20:33 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-24 20:33 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-24 20:33 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-24 20:33 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-04-24 20:33 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-24 20:33 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-24 20:33 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-24 20:33 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-24 20:33 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-24 20:33 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-24 20:33 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-24 20:33 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-24 20:33 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-24 20:33 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-24 20:33 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-24 20:33 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-24 20:33 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-24 20:33 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-24 20:33 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-24 20:33 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-24 20:33 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-24 20:33 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-24 20:33 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-24 20:33 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-24 20:33 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-24 20:33 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-24 20:33 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-24 20:33 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-24 20:33 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-24 20:33 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-24 20:33 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-24 20:33 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-24 20:33 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-04-24 20:33 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-24 20:33 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-24 20:33 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-04-24 20:33 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-24 20:33 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-24 20:33 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-24 20:33 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-24 20:33 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-24 20:33 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-24 20:33 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-24 20:33 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-24 20:33 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-24 20:33 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-24 20:33 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-24 20:33 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-24 20:33 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-24 20:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-04-24 20:32 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-24 20:32 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-04-24 20:32 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-04-24 20:32 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-24 20:32 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-24 20:32 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-04-24 20:32 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-24 20:32 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-24 20:32 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-04-24 20:32 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-24 20:32 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-24 20:32 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-24 20:32 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-24 20:32 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2007-04-24 20:32 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-24 20:32 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-24 20:32 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-24 20:32 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-24 20:32 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-24 20:32 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-24 20:32 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-24 20:32 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-04-24 20:32 58,880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-24 20:32 553,984 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-04-24 20:32 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-24 20:32 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-24 20:32 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-24 20:32 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-24 20:32 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-24 20:32 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-24 20:32 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-24 20:32 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-24 20:32 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-24 20:32 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-24 20:32 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2007-04-24 20:32 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-24 20:32 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-24 20:32 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-24 20:32 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-24 20:32 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-24 20:32 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-04-24 20:32 313,344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-04-24 20:32 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-24 20:32 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-24 20:32 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-24 20:32 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-24 20:32 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-24 20:32 270,848 --------- C:\WINDOWS\system32\sbe.dll
2007-04-24 20:32 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-04-24 20:32 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-24 20:32 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-24 20:32 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-24 20:32 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-04-24 20:32 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-24 20:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-24 20:32 227,328 --------- C:\WINDOWS\system32\wmerror.dll
2007-04-24 20:32 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-24 20:32 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-24 20:32 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-04-24 20:32 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2007-04-24 20:32 20,480 --------- C:\WINDOWS\system32\encapi.dll
2007-04-24 20:32 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-04-24 20:32 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2007-04-24 20:32 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-24 20:32 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-24 20:32 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-04-24 20:32 186,368 --------- C:\WINDOWS\system32\encdec.dll
2007-04-24 20:32 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-24 20:32 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-24 20:32 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-24 20:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-24 20:32 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2007-04-24 20:32 153,088 --a------ C:\WINDOWS\system32\p2p.dll
2007-04-24 20:32 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-24 20:32 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-24 20:32 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-24 20:32 134,656 --------- C:\WINDOWS\system32\mssap.dll
2007-04-24 20:32 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-24 20:32 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-24 20:32 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-24 20:32 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-24 20:32 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-24 20:32 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-24 20:32 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-24 20:32 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-24 20:32 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-24 20:32 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-24 20:32 12,416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-24 20:32 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-24 20:32 116,224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-04-24 20:32 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-24 20:32 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-24 20:32 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-24 20:32 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-24 20:32 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-24 20:32 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-24 20:32 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-24 20:32 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-24 20:32 104,960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-04-24 20:32 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-24 20:32 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-24 20:32 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2007-04-24 20:32 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-24 20:32 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-24 18:42 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-24 18:32 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-24 18:31 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-24 18:31 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-24 18:31 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-24 18:31 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-24 18:30 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-24 18:30 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-24 18:30 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-24 18:30 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-24 18:30 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-24 18:30 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-24 18:30 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-24 18:30 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-24 18:30 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-24 18:30 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-04-24 18:30 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-24 18:30 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-24 18:30 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-24 18:30 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-24 18:30 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-24 18:30 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-24 18:29 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-24 18:29 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-24 18:29 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-24 18:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-24 18:29 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-24 18:29 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-24 18:29 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-24 18:29 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-24 18:29 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-24 18:29 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-24 18:29 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-24 18:29 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-24 18:29 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-24 18:29 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-24 18:29 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-24 18:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-24 18:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-24 18:27 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-24 18:25 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-24 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-24 18:17 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-24 18:17 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-24 18:17 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-24 18:17 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-24 18:17 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-24 18:17 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-24 18:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-24 18:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-24 18:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-24 18:15 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-24 18:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-24 18:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-24 18:15 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-24 18:14 <DIR> d--hs---- C:\DOCUME~1\user1\UserData
2007-04-24 18:10 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2007-04-24 18:10 26,624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-24 18:07 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-24 18:07 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-24 18:07 4,736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2007-04-24 18:07 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-24 18:07 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-24 18:07 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-24 18:01 17,664 --a------ C:\WINDOWS\system32\drivers\sermouse.sys
2007-04-24 17:54 9,344 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2007-04-24 17:54 7,582 --------- C:\WINDOWS\system32\drivers\incdrm.sys
2007-04-24 17:54 389,504 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2007-04-24 17:54 1,134,592 --------- C:\WINDOWS\NuNinst.exe
2007-04-24 17:54 1,130,496 --------- C:\WINDOWS\UNNMP.exe
2007-04-24 17:54 1,069,056 --------- C:\WINDOWS\UNMRW.exe
2007-04-24 17:53 937,984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2007-04-24 17:53 757,248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2007-04-24 17:53 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-04-24 17:53 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-24 17:53 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-04-24 17:53 11,264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2007-04-24 17:53 100,864 --a------ C:\WINDOWS\system32\logagent.exe
2007-04-24 17:53 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-04-24 17:53 1,117,696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2007-04-24 17:52 991,744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-04-24 17:52 96,768 --a------ C:\WINDOWS\system32\drmstor.dll
2007-04-24 17:52 542,720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-04-24 17:52 258,296 --a------ C:\WINDOWS\system32\drmclien.dll
2007-04-24 17:52 222,208 --a------ C:\WINDOWS\system32\WMASF.dll
2007-04-24 17:52 179,712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-04-24 17:52 <DIR> d-------- C:\Program Files\Ahead
2007-04-24 17:34 <DIR> d-------- C:\WINDOWS\nview
2007-04-24 17:27 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-24 17:27 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-04-24 17:27 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-04-24 17:27 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-24 17:27 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-24 17:27 65,024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-24 17:27 610,988 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-24 17:27 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-24 17:27 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-24 17:27 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-24 17:27 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-24 17:27 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-24 17:27 5,867,008 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-24 17:27 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-24 17:27 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-24 17:27 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-24 17:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-24 17:27 391,424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-24 17:27 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-24 17:27 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-24 17:27 155,648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-24 17:27 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-24 17:27 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-24 17:27 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-24 17:27 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-04-24 17:27 <DIR> d-------- C:\Program Files\AvRack
2007-04-24 17:26 640 --------- C:\WINDOWS\system32\drivers\alcxinit.dat
2007-04-24 17:26 208,896 --------- C:\WINDOWS\alcupd.exe
2007-04-24 17:26 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-04-24 17:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-24 17:26 <DIR> d-------- C:\Program Files\VIA
2007-04-24 17:25 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-24 17:25 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-24 17:25 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-24 17:25 <DIR> d-------- C:\DOCUME~1\user1\WINDOWS
2007-04-24 17:24 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-04-24 17:24 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-24 17:22 92,160 --a------ C:\WINDOWS\system32\evntwin.exe
2007-04-24 17:22 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-04-24 17:22 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-04-24 17:22 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-04-24 17:22 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-04-24 17:22 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-04-24 17:22 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-04-24 17:22 55,296 --a------ C:\WINDOWS\system32\fxsevent.dll
2007-04-24 17:22 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-04-24 17:22 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-04-24 17:22 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-04-24 17:22 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-04-24 17:22 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2007-04-24 17:22 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-04-24 17:22 33,280 -ra------ C:\WINDOWS\system32\snmp.exe
2007-04-24 17:22 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-04-24 17:22 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-04-24 17:22 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-04-24 17:22 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-04-24 17:22 246,272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-04-24 17:22 24,064 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-04-24 17:22 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll
2007-04-24 17:22 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll
2007-04-24 17:22 229,376 --a------ C:\WINDOWS\system32\fxscover.exe
2007-04-24 17:22 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-04-24 17:22 192,512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2007-04-24 17:22 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-04-24 17:22 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2007-04-24 17:22 154,112 --a------ C:\WINDOWS\system32\fxsui.dll
2007-04-24 17:22 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-04-24 17:22 132,608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2007-04-24 17:22 111,104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2007-04-24 17:22 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2007-04-24 17:22 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-04-24 17:22 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2007-04-24 17:19 2,359,296 --ah----- C:\DOCUME~1\user1\NTUSER.DAT
2007-04-24 17:19 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-24 17:19 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-24 17:18 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-24 17:18 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-24 17:18 <DIR> d--hs---- C:\System Volume Information
2007-04-24 17:14 5,473,872 --a------ C:\WINDOWS\system32\MSJAVX86.EXE
2007-04-24 17:14 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-24 17:14 2,515,312 --a------ C:\WINDOWS\system32\IE60~1.EXE
2007-04-24 17:14 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-24 17:14 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-24 17:14 <DIR> d-------- C:\DELL
2007-04-24 17:13 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-24 17:13 0 -rahs---- C:\MSDOS.SYS
2007-04-24 17:13 0 -rahs---- C:\IO.SYS
2007-04-24 17:13 0 --a------ C:\CONFIG.SYS
2007-04-24 17:13 0 --a------ C:\AUTOEXEC.BAT
2007-04-24 17:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-24 17:12 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-24 17:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-24 17:11 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-24 17:11 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-24 17:11 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-24 17:11 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-24 17:11 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-24 17:11 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-24 17:11 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-24 17:11 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-24 17:11 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-24 17:11 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-24 17:11 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-24 17:11 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-24 17:11 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-24 17:11 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-24 17:11 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-24 17:11 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-24 17:11 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-24 17:11 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-24 17:11 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-24 17:11 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-24 17:11 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-24 17:11 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-24 17:11 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-24 17:11 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-24 17:11 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-24 17:11 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-24 17:11 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-24 17:11 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-24 17:11 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-24 17:11 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-24 17:11 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-24 17:11 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-24 17:11 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-24 17:11 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-24 17:10 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-24 17:10 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-24 17:10 <DIR> d-------- C:\WINDOWS\Registration
2007-04-24 17:10 <DIR> d-------- C:\Program Files\Online Services
2007-04-24 17:10 <DIR> d-------- C:\Program Files\Messenger
2007-04-24 17:09 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-24 17:09 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-24 17:09 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-24 17:09 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-24 17:09 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-24 17:09 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-24 17:09 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-24 17:09 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-24 17:09 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-24 17:09 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-24 17:09 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-24 17:09 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-24 17:09 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-24 17:09 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-24 17:09 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-24 17:09 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-24 17:09 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-24 17:09 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-24 17:09 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-24 17:09 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-24 17:09 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-24 17:09 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-24 17:09 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-24 17:09 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-24 17:09 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-24 17:09 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-24 17:09 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-24 17:09 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-24 17:09 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-24 17:09 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-24 17:09 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-24 17:09 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-24 17:09 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-24 17:09 295,424 -ra------ C:\WINDOWS\system32\termsrv.dll
2007-04-24 17:09 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-24 17:09 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-24 17:09 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-24 17:09 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-24 17:09 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-24 17:09 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-24 17:09 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-24 17:09 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-24 17:09 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-24 17:09 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-24 17:09 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-24 17:09 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-24 17:09 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-24 17:09 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-24 17:09 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-24 17:09 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-24 17:09 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-24 17:09 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-24 17:09 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-24 17:09 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-24 17:09 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-24 17:09 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-24 17:09 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-24 17:09 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-24 17:09 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-24 17:09 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-24 17:09 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-24 17:09 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-24 17:09 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-24 17:09 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-24 17:09 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-24 17:09 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-24 17:09 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-24 17:09 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-24 17:09 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-24 17:09 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-24 17:09 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-24 17:09 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-24 17:09 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-24 17:09 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-24 17:09 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-24 17:09 <DIR> d-------- C:\Program Files\Windows NT
2007-04-24 17:09 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-24 10:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-24 10:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-24 10:05 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-24 10:05 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-24 10:05 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-24 10:05 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-24 10:05 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-24 10:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-24 10:05 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-24 10:05 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-24 10:05 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-24 10:05 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-24 10:05 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-24 10:05 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-24 10:05 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-24 10:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-24 10:05 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-24 10:05 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-24 10:05 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-24 10:05 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-24 10:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-24 10:05 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-24 10:05 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-24 10:05 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-24 10:05 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-24 10:05 <DIR> dr------- C:\Program Files
2007-04-24 10:05 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-24 10:05 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-24 10:05 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-24 10:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-24 10:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-24 10:04 <DIR> d-------- C:\Documents and Settings
2007-04-24 10:00 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-24 10:00 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-24 10:00 <DIR> dr------- C:\WINDOWS\Web
2007-04-24 10:00 <DIR> d--h----- C:\WINDOWS\inf
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\security
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Resources
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\repair
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\mui
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\msapps
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\msagent
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Media
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\ime
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Help
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Debug
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Config
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\addins
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-24 10:05 62 --ahs---- C:\DOCUME~1\user1\APPLIC~1\desktop.ini
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AudioDeck"="C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe 1"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest
Notification Packages REG_MULTI_SZ scecli
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 18:23:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1?
??
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-01 18:23:44
C:\ComboFix-quarantined-files.txt ... 07-05-01 18:23
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\user1\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\install.exe
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\Iprip
-------\LEGACY_IPRIP
((((((((((((((((((((((((((((((( Files Created from 2007-04-01 to 2007-05-01 ))))))))))))))))))))))))))))))))))
2007-05-01 17:44 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Aim
2007-05-01 17:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-01 17:43 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-01 17:43 <DIR> d-------- C:\Program Files\Viewpoint
2007-05-01 17:43 <DIR> d-------- C:\Program Files\AOD
2007-05-01 17:43 <DIR> d-------- C:\Program Files\AIM
2007-05-01 17:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-05-01 17:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
2007-04-29 16:18 213,148 --a------ C:\WINDOWS\INSTALL.scr
2007-04-29 10:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-28 22:23 <DIR> d--h----- C:\Program Files\InstallJammer Registry
2007-04-28 22:08 <DIR> d-------- C:\Program Files\Astro Gemini Software
2007-04-28 08:30 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-27 22:36 <DIR> d-------- C:\Program Files\Guild Wars
2007-04-27 18:50 <DIR> d-------- C:\Program Files\AOL Security Toolbar
2007-04-27 18:48 18,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-27 18:48 1,809,952 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-27 18:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-27 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-04-27 17:53 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-04-27 17:52 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-27 17:52 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-27 17:52 <DIR> d-------- C:\Program Files\Trojan Remover
2007-04-27 17:52 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Simply Super Software
2007-04-27 17:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-04-27 17:50 <DIR> d-------- C:\Downloads
2007-04-27 17:50 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\GetRightToGo
2007-04-26 23:14 <DIR> d-------- C:\Shockwave
2007-04-26 23:10 71,680 --a------ C:\WINDOWS\ST5UNST.EXE
2007-04-26 23:08 9,728 --a------ C:\WINDOWS\system32\UnInstall DestroyPokemon.exe
2007-04-26 22:14 <DIR> d-------- C:\Program Files\plus!
2007-04-26 19:23 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-26 19:00 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-04-26 17:43 3 --a------ C:\WINDOWS\system32\Dino.dll
2007-04-26 17:37 1 --a------ C:\WINDOWS\system32\Shark.dll
2007-04-26 17:13 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\IMVU
2007-04-26 17:12 <DIR> d-------- C:\Program Files\IMVU
2007-04-26 16:26 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\MSN6
2007-04-26 16:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
2007-04-25 20:58 <DIR> d-------- C:\DOCUME~1\user1\Shared
2007-04-25 20:58 <DIR> d-------- C:\DOCUME~1\user1\Incomplete
2007-04-25 20:56 <DIR> d-------- C:\Program Files\LimeWire
2007-04-25 20:55 <DIR> d-------- C:\DOCUME~1\user1\.limewire
2007-04-25 20:52 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-25 20:52 141,612 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-25 20:33 <DIR> d-------- C:\Program Files\Trickster Online
2007-04-25 19:20 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-25 19:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-25 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-25 19:17 <DIR> d-------- C:\DOCUME~1\user1\APPLIC~1\Lavasoft
2007-04-25 19:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-25 18:30 <DIR> d-------- C:\Program Files\Western Digital
2007-04-25 07:37 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2007-04-25 07:37 203,648 -ra------ C:\WINDOWS\system32\drivers\vinyl97.sys
2007-04-25 07:36 <DIR> d--hs---- C:\RECYCLER
2007-04-25 01:07 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-04-25 01:01 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-04-25 01:00 <DIR> d-------- C:\Program Files\MSBuild
2007-04-25 00:55 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-25 00:40 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-25 00:39 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-25 00:39 <DIR> d-------- C:\4c95fae7a481e7e3398a3828bf
2007-04-25 00:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-25 00:37 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-25 00:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-25 00:32 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-25 00:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-25 00:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-04-25 00:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-04-25 00:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-04-24 23:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-24 23:21 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-24 23:21 <DIR> d-------- C:\NVIDIA
2007-04-24 23:09 <DIR> d-------- C:\Program Files\Maxtor
2007-04-24 22:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-04-24 22:03 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-24 21:11 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-04-24 20:57 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-24 20:53 <DIR> d-------- C:\WINDOWS\provisioning
2007-04-24 20:53 <DIR> d-------- C:\WINDOWS\peernet
2007-04-24 20:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-24 20:48 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-24 20:46 <DIR> d-------- C:\WINDOWS\EHome
2007-04-24 20:42 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-04-24 20:33 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-04-24 20:33 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-24 20:33 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-04-24 20:33 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-24 20:33 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-04-24 20:33 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-24 20:33 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-04-24 20:33 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-04-24 20:33 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-24 20:33 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-04-24 20:33 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-04-24 20:33 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-04-24 20:33 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-04-24 20:33 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-04-24 20:33 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-04-24 20:33 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-24 20:33 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-04-24 20:33 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-04-24 20:33 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-04-24 20:33 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-04-24 20:33 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-04-24 20:33 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-04-24 20:33 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-04-24 20:33 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-04-24 20:33 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-04-24 20:33 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-04-24 20:33 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-04-24 20:33 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-24 20:33 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-24 20:33 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-24 20:33 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-24 20:33 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-24 20:33 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-24 20:33 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-04-24 20:33 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-04-24 20:33 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-04-24 20:33 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-04-24 20:33 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-24 20:33 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-04-24 20:33 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-04-24 20:33 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-24 20:33 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-04-24 20:33 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-04-24 20:33 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-04-24 20:33 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-24 20:33 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-04-24 20:33 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-04-24 20:33 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-04-24 20:33 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-04-24 20:33 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-24 20:33 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-04-24 20:33 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-04-24 20:33 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-04-24 20:33 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-24 20:33 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-24 20:33 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-04-24 20:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-04-24 20:32 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-04-24 20:32 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-04-24 20:32 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2007-04-24 20:32 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-04-24 20:32 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-04-24 20:32 8,192 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2007-04-24 20:32 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-04-24 20:32 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-04-24 20:32 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-04-24 20:32 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-04-24 20:32 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-04-24 20:32 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-04-24 20:32 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-04-24 20:32 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-04-24 20:32 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2007-04-24 20:32 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-04-24 20:32 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-04-24 20:32 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-04-24 20:32 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-04-24 20:32 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-04-24 20:32 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-04-24 20:32 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-04-24 20:32 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-04-24 20:32 59,392 --------- C:\WINDOWS\system32\logman.exe
2007-04-24 20:32 58,880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-04-24 20:32 553,984 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-04-24 20:32 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-04-24 20:32 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-04-24 20:32 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-04-24 20:32 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-04-24 20:32 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-04-24 20:32 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-04-24 20:32 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-04-24 20:32 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-04-24 20:32 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-04-24 20:32 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-04-24 20:32 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2007-04-24 20:32 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-04-24 20:32 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-04-24 20:32 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-04-24 20:32 32,866 --------- C:\WINDOWS\slrundll.exe
2007-04-24 20:32 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-04-24 20:32 314,880 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-04-24 20:32 313,344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-04-24 20:32 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-04-24 20:32 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-04-24 20:32 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-04-24 20:32 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-04-24 20:32 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-04-24 20:32 270,848 --------- C:\WINDOWS\system32\sbe.dll
2007-04-24 20:32 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-04-24 20:32 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-04-24 20:32 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-04-24 20:32 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-04-24 20:32 242,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-04-24 20:32 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-04-24 20:32 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-24 20:32 227,328 --------- C:\WINDOWS\system32\wmerror.dll
2007-04-24 20:32 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-04-24 20:32 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-04-24 20:32 21,504 --------- C:\WINDOWS\system32\spupdwxp.exe
2007-04-24 20:32 20,992 --------- C:\WINDOWS\system32\faxpatch.exe
2007-04-24 20:32 20,480 --------- C:\WINDOWS\system32\encapi.dll
2007-04-24 20:32 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-04-24 20:32 2,113,536 --------- C:\WINDOWS\system32\dxdiagn.dll
2007-04-24 20:32 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-04-24 20:32 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-04-24 20:32 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-04-24 20:32 186,368 --------- C:\WINDOWS\system32\encdec.dll
2007-04-24 20:32 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-04-24 20:32 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-04-24 20:32 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-04-24 20:32 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-24 20:32 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2007-04-24 20:32 153,088 --a------ C:\WINDOWS\system32\p2p.dll
2007-04-24 20:32 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-04-24 20:32 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-04-24 20:32 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-04-24 20:32 134,656 --------- C:\WINDOWS\system32\mssap.dll
2007-04-24 20:32 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-04-24 20:32 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-04-24 20:32 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-04-24 20:32 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-04-24 20:32 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-04-24 20:32 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-04-24 20:32 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-24 20:32 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-04-24 20:32 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-04-24 20:32 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-04-24 20:32 12,416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2007-04-24 20:32 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-04-24 20:32 116,224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-04-24 20:32 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-04-24 20:32 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-04-24 20:32 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-04-24 20:32 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-04-24 20:32 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-04-24 20:32 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-04-24 20:32 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-04-24 20:32 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-04-24 20:32 104,960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-04-24 20:32 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-04-24 20:32 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-04-24 20:32 1,689,088 --------- C:\WINDOWS\system32\d3d9.dll
2007-04-24 20:32 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-04-24 20:32 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-04-24 18:42 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-04-24 18:32 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-24 18:31 77,312 --a------ C:\WINDOWS\system32\browser.dll
2007-04-24 18:31 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-04-24 18:31 40,960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-04-24 18:31 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-04-24 18:30 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-24 18:30 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-24 18:30 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-04-24 18:30 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-24 18:30 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-24 18:30 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-04-24 18:30 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-24 18:30 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-24 18:30 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-04-24 18:30 243,200 --a------ C:\WINDOWS\system32\es.dll
2007-04-24 18:30 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-24 18:30 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-24 18:30 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-24 18:30 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-04-24 18:30 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2007-04-24 18:30 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-24 18:29 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-24 18:29 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-24 18:29 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-24 18:29 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-24 18:29 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-24 18:29 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-24 18:29 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-24 18:29 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-24 18:29 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-24 18:29 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-24 18:29 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-24 18:29 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-24 18:29 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-24 18:29 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-24 18:29 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-24 18:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-24 18:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-24 18:27 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-24 18:25 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-04-24 18:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-24 18:17 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-24 18:17 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-24 18:17 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-24 18:17 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-24 18:17 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-24 18:17 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-24 18:15 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-24 18:15 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-24 18:15 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-24 18:15 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-24 18:15 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-24 18:15 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-24 18:15 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-24 18:14 <DIR> d--hs---- C:\DOCUME~1\user1\UserData
2007-04-24 18:10 40,960 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys
2007-04-24 18:10 26,624 -ra------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-04-24 18:07 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-24 18:07 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-04-24 18:07 4,736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2007-04-24 18:07 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-24 18:07 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-04-24 18:07 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-04-24 18:01 17,664 --a------ C:\WINDOWS\system32\drivers\sermouse.sys
2007-04-24 17:54 9,344 --------- C:\WINDOWS\system32\drivers\bsstor.sys
2007-04-24 17:54 7,582 --------- C:\WINDOWS\system32\drivers\incdrm.sys
2007-04-24 17:54 389,504 --------- C:\WINDOWS\system32\drivers\bsudf.sys
2007-04-24 17:54 1,134,592 --------- C:\WINDOWS\NuNinst.exe
2007-04-24 17:54 1,130,496 --------- C:\WINDOWS\UNNMP.exe
2007-04-24 17:54 1,069,056 --------- C:\WINDOWS\UNMRW.exe
2007-04-24 17:53 937,984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2007-04-24 17:53 757,248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2007-04-24 17:53 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-04-24 17:53 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-04-24 17:53 211,456 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-24 17:53 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-04-24 17:53 11,264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2007-04-24 17:53 100,864 --a------ C:\WINDOWS\system32\logagent.exe
2007-04-24 17:53 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-04-24 17:53 1,117,696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2007-04-24 17:52 991,744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-04-24 17:52 96,768 --a------ C:\WINDOWS\system32\drmstor.dll
2007-04-24 17:52 542,720 --a------ C:\WINDOWS\system32\blackbox.dll
2007-04-24 17:52 258,296 --a------ C:\WINDOWS\system32\drmclien.dll
2007-04-24 17:52 222,208 --a------ C:\WINDOWS\system32\WMASF.dll
2007-04-24 17:52 179,712 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-04-24 17:52 <DIR> d-------- C:\Program Files\Ahead
2007-04-24 17:34 <DIR> d-------- C:\WINDOWS\nview
2007-04-24 17:27 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-24 17:27 765,952 --a------ C:\WINDOWS\system\crlds3d.dll
2007-04-24 17:27 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll
2007-04-24 17:27 712,704 --a------ C:\WINDOWS\system32\a3d.dll
2007-04-24 17:27 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-24 17:27 65,024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-24 17:27 610,988 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-24 17:27 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-24 17:27 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-24 17:27 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-24 17:27 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-24 17:27 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-04-24 17:27 5,867,008 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-24 17:27 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-24 17:27 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-24 17:27 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-24 17:27 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-24 17:27 391,424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2007-04-24 17:27 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-24 17:27 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-24 17:27 155,648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-24 17:27 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-24 17:27 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-24 17:27 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-24 17:27 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2007-04-24 17:27 <DIR> d-------- C:\Program Files\AvRack
2007-04-24 17:26 640 --------- C:\WINDOWS\system32\drivers\alcxinit.dat
2007-04-24 17:26 208,896 --------- C:\WINDOWS\alcupd.exe
2007-04-24 17:26 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-04-24 17:26 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-24 17:26 <DIR> d-------- C:\Program Files\VIA
2007-04-24 17:25 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-24 17:25 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-24 17:25 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-24 17:25 <DIR> d-------- C:\DOCUME~1\user1\WINDOWS
2007-04-24 17:24 <DIR> d-------- C:\WINDOWS\system32\Tools
2007-04-24 17:24 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-24 17:22 92,160 --a------ C:\WINDOWS\system32\evntwin.exe
2007-04-24 17:22 8,704 --a------ C:\WINDOWS\system32\snmptrap.exe
2007-04-24 17:22 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-04-24 17:22 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-04-24 17:22 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-04-24 17:22 6,144 --a------ C:\WINDOWS\system32\snmpmib.dll
2007-04-24 17:22 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-04-24 17:22 55,296 --a------ C:\WINDOWS\system32\fxsevent.dll
2007-04-24 17:22 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-04-24 17:22 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-04-24 17:22 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-04-24 17:22 39,936 --a------ C:\WINDOWS\system32\hostmib.dll
2007-04-24 17:22 35,328 --a------ C:\WINDOWS\system32\iprip.dll
2007-04-24 17:22 33,792 --a------ C:\WINDOWS\system32\lmmib2.dll
2007-04-24 17:22 33,280 -ra------ C:\WINDOWS\system32\snmp.exe
2007-04-24 17:22 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-04-24 17:22 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-04-24 17:22 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-04-24 17:22 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-04-24 17:22 246,272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-04-24 17:22 24,064 --a------ C:\WINDOWS\system32\evntcmd.exe
2007-04-24 17:22 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll
2007-04-24 17:22 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll
2007-04-24 17:22 229,376 --a------ C:\WINDOWS\system32\fxscover.exe
2007-04-24 17:22 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2007-04-24 17:22 192,512 --a------ C:\WINDOWS\system32\fxswzrd.dll
2007-04-24 17:22 18,944 --a------ C:\WINDOWS\system32\simptcp.dll
2007-04-24 17:22 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2007-04-24 17:22 154,112 --a------ C:\WINDOWS\system32\fxsui.dll
2007-04-24 17:22 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-04-24 17:22 132,608 --a------ C:\WINDOWS\system32\fxsclntR.dll
2007-04-24 17:22 111,104 --a------ C:\WINDOWS\system32\fxscfgwz.dll
2007-04-24 17:22 11,264 --a------ C:\WINDOWS\system32\fxssend.exe
2007-04-24 17:22 101,888 --a------ C:\WINDOWS\system32\evntagnt.dll
2007-04-24 17:22 <DIR> d-------- C:\WINDOWS\system32\FxsTmp
2007-04-24 17:19 2,359,296 --ah----- C:\DOCUME~1\user1\NTUSER.DAT
2007-04-24 17:19 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-24 17:19 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-24 17:18 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-24 17:18 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-24 17:18 <DIR> d--hs---- C:\System Volume Information
2007-04-24 17:14 5,473,872 --a------ C:\WINDOWS\system32\MSJAVX86.EXE
2007-04-24 17:14 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-24 17:14 2,515,312 --a------ C:\WINDOWS\system32\IE60~1.EXE
2007-04-24 17:14 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-24 17:14 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-24 17:14 <DIR> d-------- C:\DELL
2007-04-24 17:13 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-24 17:13 0 -rahs---- C:\MSDOS.SYS
2007-04-24 17:13 0 -rahs---- C:\IO.SYS
2007-04-24 17:13 0 --a------ C:\CONFIG.SYS
2007-04-24 17:13 0 --a------ C:\AUTOEXEC.BAT
2007-04-24 17:12 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-24 17:12 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-24 17:12 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-24 17:12 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-24 17:11 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-24 17:11 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-24 17:11 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-24 17:11 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-24 17:11 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-24 17:11 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-24 17:11 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-24 17:11 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-24 17:11 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-24 17:11 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-24 17:11 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-24 17:11 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-24 17:11 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-24 17:11 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-24 17:11 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-24 17:11 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-24 17:11 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-24 17:11 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-24 17:11 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-24 17:11 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-24 17:11 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-24 17:11 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-24 17:11 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-24 17:11 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-24 17:11 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-24 17:11 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-24 17:11 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-24 17:11 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-24 17:11 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-24 17:11 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-24 17:11 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-24 17:11 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-24 17:11 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-24 17:11 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-24 17:10 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-24 17:10 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-24 17:10 <DIR> d-------- C:\WINDOWS\Registration
2007-04-24 17:10 <DIR> d-------- C:\Program Files\Online Services
2007-04-24 17:10 <DIR> d-------- C:\Program Files\Messenger
2007-04-24 17:09 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-24 17:09 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-24 17:09 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-24 17:09 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-24 17:09 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-24 17:09 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-24 17:09 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-24 17:09 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-24 17:09 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-24 17:09 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-24 17:09 600,576 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-24 17:09 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-24 17:09 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-24 17:09 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-24 17:09 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-24 17:09 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-24 17:09 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-24 17:09 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-24 17:09 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-24 17:09 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-24 17:09 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-24 17:09 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-24 17:09 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-24 17:09 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-24 17:09 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-24 17:09 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-24 17:09 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-24 17:09 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-24 17:09 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-24 17:09 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-24 17:09 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-24 17:09 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-24 17:09 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-24 17:09 295,424 -ra------ C:\WINDOWS\system32\termsrv.dll
2007-04-24 17:09 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-24 17:09 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-24 17:09 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-24 17:09 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-24 17:09 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-24 17:09 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-24 17:09 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-24 17:09 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-24 17:09 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-24 17:09 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-24 17:09 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-24 17:09 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-24 17:09 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-24 17:09 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-24 17:09 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-24 17:09 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-24 17:09 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-24 17:09 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-24 17:09 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-24 17:09 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-24 17:09 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-24 17:09 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-24 17:09 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-24 17:09 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-24 17:09 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-24 17:09 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-24 17:09 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-24 17:09 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-24 17:09 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-24 17:09 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-24 17:09 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-24 17:09 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-24 17:09 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-24 17:09 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-24 17:09 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-24 17:09 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-24 17:09 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-24 17:09 1,866,240 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-24 17:09 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-24 17:09 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-24 17:09 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-24 17:09 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-24 17:09 <DIR> d-------- C:\Program Files\Windows NT
2007-04-24 17:09 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-24 10:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-24 10:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-24 10:05 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-24 10:05 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-24 10:05 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-24 10:05 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-24 10:05 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-24 10:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-24 10:05 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-24 10:05 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-24 10:05 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-24 10:05 69,120 --a------ C:\WINDOWS\notepad.exe
2007-04-24 10:05 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-24 10:05 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-24 10:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-24 10:05 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-24 10:05 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-24 10:05 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-24 10:05 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-24 10:05 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-24 10:05 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-24 10:05 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-24 10:05 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-24 10:05 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-24 10:05 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-24 10:05 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-24 10:05 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-24 10:05 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-24 10:05 <DIR> dr------- C:\Program Files
2007-04-24 10:05 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-24 10:05 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-24 10:05 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-24 10:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-24 10:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-24 10:04 <DIR> d-------- C:\Documents and Settings
2007-04-24 10:00 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-24 10:00 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-24 10:00 <DIR> dr------- C:\WINDOWS\Web
2007-04-24 10:00 <DIR> d--h----- C:\WINDOWS\inf
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system32
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\system
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\security
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Resources
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\repair
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\mui
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\msapps
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\msagent
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Media
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\ime
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Help
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Debug
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\Config
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS\addins
2007-04-24 10:00 <DIR> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-04-24 10:05 62 --ahs---- C:\DOCUME~1\user1\APPLIC~1\desktop.ini
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 06:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll
2007-03-08 08:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 13:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"AudioDeck"="C:\\Program Files\\VIA\\VIAudioi\\SBADeck\\ADeck.exe 1"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0
Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest
Notification Packages REG_MULTI_SZ scecli
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV
NetworkService REG_MULTI_SZ DnsCache
rpcss REG_MULTI_SZ RpcSs
imgsvc REG_MULTI_SZ StiSvc
termsvcs REG_MULTI_SZ TermService
HTTPFilter REG_MULTI_SZ HTTPFilter
DcomLaunch REG_MULTI_SZ DcomLaunchTermService
WudfServiceGroup REG_MULTI_SZ WUDFSvc
********************************************************************
catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-01 18:23:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1?
?? scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-05-01 18:23:44
C:\ComboFix-quarantined-files.txt ... 07-05-01 18:23
20
Tech Clinic / Computer Restarting
« on: April 29, 2007, 03:39:38 PM »
and about 20min later it minimizes everything and flashed a "windows security test" window and shut the computer down. arg this computer seems to have a mind of its own today =/ heres another logfile right after this incident.
Logfile of HijackThis v1.99.1
Scan saved at 1:42:27 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 1:42:27 PM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user1\My Documents\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.all-search-engines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user1\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177463649433
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177465159117
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Pages: [1] 2