Thread: Constant Ads And Trojans
View Single Post
Old 04-24-2007, 05:37 PM   #5 (permalink)
C0mputerl0ser
Registered User
 
Join Date: Apr 2007
Posts: 14
OS: Windows XP


Re: Constant Ads And Trojans
Sorry, just got back from school.

Heres combofix :
Quote:
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\LeetSauce\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gxjurpnn.dll
C:\WINDOWS\system32\pvdjgjeh.dll
C:\WINDOWS\system32\lmgkemif.dll
C:\WINDOWS\system32\vturppn.dll
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\fccaxya.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1\YSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))


2007-04-22 20:05 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00 <DIR> d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-22 19:28 491,520 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-22 19:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-22 18:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 18:28 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Lavasoft
2007-04-22 18:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18:06 <DIR> d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-21 08:14 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-21 08:14 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-21 08:14 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-21 08:14 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-21 08:14 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-21 08:11 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-21 08:10 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-21 08:10 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-21 08:10 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-21 08:10 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-21 08:10 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-21 08:10 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-21 08:10 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51 <DIR> d---s---- C:\DOCUME~1\LEETSA~1\UserData
2007-04-20 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-20 17:56 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-20 17:38 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-20 17:38 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-20 17:38 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-20 17:38 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-20 17:38 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-20 17:38 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-20 17:38 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-20 17:38 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-20 17:38 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-20 17:38 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-20 17:38 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-20 17:38 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-20 17:38 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-20 17:38 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-20 17:38 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-20 17:38 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-20 17:38 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-20 17:38 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-20 17:38 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-20 17:38 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-20 17:38 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-20 17:38 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-20 17:38 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-20 17:38 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-20 17:38 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-20 17:38 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-20 17:38 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-20 17:37 <DIR> d-------- C:\Program Files\Webzen
2007-04-20 17:37 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\InstallShield
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-20 16:44 <DIR> d-------- C:\WINDOWS\nview
2007-04-20 16:44 <DIR> d-------- C:\NVIDIA
2007-04-20 16:34 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 16:29 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-20 16:29 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-20 16:29 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-20 16:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-20 16:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-20 16:28 <DIR> d-------- C:\Program Files\Winamp
2007-04-20 16:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-20 16:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-20 16:14 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-20 16:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-20 16:14 8,704 -ra------ C:\WINDOWS\system32\drivers\Pfmodnt.sys
2007-04-20 16:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-20 16:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-20 16:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-20 16:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-20 16:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-20 16:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-20 16:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-20 16:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-20 16:14 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-04-20 16:14 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-04-20 16:14 64,512 -ra------ C:\WINDOWS\system32\P17.dll
2007-04-20 16:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-20 16:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-20 16:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-20 16:14 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-20 16:14 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll
2007-04-20 16:14 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-20 16:14 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-20 16:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-20 16:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-20 16:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-20 16:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-20 16:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-20 16:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-20 16:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-20 16:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-20 16:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-20 16:14 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-20 16:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-20 16:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-20 16:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-20 16:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-20 16:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-20 16:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-20 16:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-20 16:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-20 16:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-20 16:14 138,752 -ra------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-20 16:14 137,728 -ra------ C:\WINDOWS\system32\P17res.dll
2007-04-20 16:14 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-20 16:14 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-04-20 16:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-20 16:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-20 16:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-20 16:14 115,200 -ra------ C:\WINDOWS\system32\sfms32.dll
2007-04-20 16:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-20 16:14 106,496 -ra------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-20 16:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-20 16:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-20 16:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-20 16:14 1,389,056 -ra------ C:\WINDOWS\system32\drivers\P17.sys
2007-04-20 16:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-20 16:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-20 16:13 11,264 --a------ C:\WINDOWS\INRES.DLL
2007-04-20 16:13 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-20 16:12 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12 <DIR> d-------- C:\Program Files\Creative
2007-04-20 16:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-19 21:23 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-04-19 21:23 65,280 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2007-04-19 21:18 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-19 21:18 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-19 21:17 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-19 21:17 <DIR> d-------- C:\DOCUME~1\LEETSA~1\WINDOWS
2007-04-19 20:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-19 20:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-19 20:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-17 20:49 <DIR> d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-17 20:46 <DIR> d-------- C:\Program Files\Viewpoint
2007-04-17 20:46 <DIR> d-------- C:\Program Files\AIM
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Aim
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-04-17 20:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-17 20:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-17 17:50 <DIR> d--hs---- C:\RECYCLER
2007-04-17 17:47 1,572,864 --ah----- C:\DOCUME~1\LEETSA~1\NTUSER.DAT
2007-04-17 17:47 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 17:46 <DIR> d--hs---- C:\System Volume Information
2007-04-17 17:43 266,240 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 17:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 17:43 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43 0 -rahs---- C:\IO.SYS
2007-04-17 17:43 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:43 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 17:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:42 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-17 17:42 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 17:39 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 17:39 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 17:39 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 17:39 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 17:39 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 17:39 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 17:39 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 17:39 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 17:39 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 17:39 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 17:39 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 17:39 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 17:39 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 17:39 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 17:39 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 17:39 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 17:39 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 17:39 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 17:39 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 17:39 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 17:39 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 17:39 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 17:39 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 17:39 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 17:39 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 17:39 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 17:39 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 17:39 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 17:39 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 17:39 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 17:39 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 17:38 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 17:38 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 17:38 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 17:38 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 17:38 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 17:38 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 17:38 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 17:38 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 17:38 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 17:38 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 17:38 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 17:38 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 17:38 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 17:38 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 17:38 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 17:38 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 17:38 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 17:38 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 17:38 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 17:38 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 17:38 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 17:38 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 17:38 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 17:38 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 17:38 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 17:38 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 17:38 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 17:38 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 17:38 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 17:38 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 17:38 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 17:38 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 17:38 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 17:38 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 17:38 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 17:38 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 17:38 22,720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 17:38 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 17:38 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 17:38 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 17:38 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 17:38 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 17:38 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 17:38 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 17:38 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 17:38 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 17:38 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 17:38 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 17:38 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 17:38 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 17:38 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 17:38 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 17:38 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 17:38 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 17:38 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 17:38 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 17:38 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 17:38 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 17:38 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 17:38 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 17:38 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 17:38 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 17:38 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 17:38 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 17:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Windows NT
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 17:38 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 17:37 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 17:37 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 17:37 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 17:37 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 17:37 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 17:37 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 10:34 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-17 10:34 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-17 10:32 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-17 10:32 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-17 10:32 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-17 10:32 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-17 10:32 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-17 10:32 <DIR> dr------- C:\Program Files
2007-04-17 10:32 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-17 10:31 <DIR> d-------- C:\Documents and Settings
2007-04-17 10:28 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-17 10:28 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-17 10:28 <DIR> dr------- C:\WINDOWS\Web
2007-04-17 10:28 <DIR> d--h----- C:\WINDOWS\inf
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\security
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Resources
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\repair
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msapps
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msagent
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Media
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\ime
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Help
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Debug
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\addins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-17 10:32 62 --ahs---- C:\DOCUME~1\LEETSA~1\APPLIC~1\desktop.ini
2007-03-15 07:08 101438 --a------ C:\WINDOWS\b122.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\System32\frmkjctj.dll [x]
{3EB9C349-7473-48AC-A59B-42F31751974B} C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{B21F0363-961F-4E0B-97EC-8B26D9872A96} C:\WINDOWS\System32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 15:10:33
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-24 15:10:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-24 15:10
Heres the results off the DSS thing :
Quote:
Deckard's System Scanner v20070423.42
Run by LeetSauce on 2007-04-24 at 16:30:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2007-04-24 23:30:34 UTC - RP90 - Deckard's System Scanner Restore Point
89: 2007-04-24 23:24:13 UTC - RP89 - Installed Windows Media Player 10 KB917734_WMP10.
88: 2007-04-24 23:23:38 UTC - RP88 - Installed Windows XP KB899587.
87: 2007-04-24 23:23:12 UTC - RP87 - Installed Windows XP KB924191.
86: 2007-04-24 23:22:40 UTC - RP86 - Installed Windows XP KB922819.


-- First Restore Point --
1: 2007-04-20 04:01:39 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as LeetSauce.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:31:03 PM, on 4/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Documents and Settings\LeetSauce\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\LeetSauce.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rra...X/RraainAX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070422-192435-284 O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEETSA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
R3 P17 (Sound Blaster Audigy) - c:\windows\system32\drivers\p17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2007-03-24 and 2007-04-24 -----------------------------

2007-04-24 16:24:56 0 d-------- C:\ijji
2007-04-24 16:19:43 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.4.0001.0; 5.4.0001.0 (srv03_qfe.030918-1543)>
2007-04-24 16:17:37 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-24 15:37:21 0 d-------- C:\WINDOWS\System32\PreInstall
2007-04-24 15:37:17 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-24 15:33:15 0 d-------- C:\WINDOWS\Prefetch
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ServicePackFiles
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ehome
2007-04-24 15:29:41 155648 -----n--- C:\WINDOWS\System32\encdec.dll
2007-04-24 15:29:41 34735 -----n--- C:\WINDOWS\System32\drivers\atinxsxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO_CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 29455 -----n--- C:\WINDOWS\System32\drivers\atinxbxx.sys <Verified; ATI Technologies Inc.; ATI WDM CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 36463 -----n--- C:\WINDOWS\System32\drivers\atintuxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVTUNER; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 21343 -----n--- C:\WINDOWS\System32\drivers\atinttxx.sys <Verified; ATI Technologies Inc.; ATI WDM Teletext Decoder; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 26367 -----n--- C:\WINDOWS\System32\drivers\atinsnxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 63663 -----n--- C:\WINDOWS\System32\drivers\atinrvxx.sys <Verified; ATI Technologies Inc.; ATI WDM RT; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 30671 -----n--- C:\WINDOWS\System32\drivers\atinraxx.sys <Verified; ATI Technologies Inc.; ATI WDM Rage Theater Audio; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 12047 -----n--- C:\WINDOWS\System32\drivers\atinpdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized PCD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 11615 -----n--- C:\WINDOWS\System32\drivers\atinmdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized MVD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 56591 -----n--- C:\WINDOWS\System32\drivers\atinbtxx.sys <Verified; ATI Technologies Inc.; ATI WDM BT829x; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 450176 -----n--- C:\WINDOWS\System32\drivers\ati2mtag.sys <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 327040 -----n--- C:\WINDOWS\System32\drivers\ati2mtaa.sys <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:41 921475 -----n--- C:\WINDOWS\System32\ati3d2ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 844675 -----n--- C:\WINDOWS\System32\ati3d1ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 202496 -----n--- C:\WINDOWS\System32\ati2dvag.dll <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 377984 -----n--- C:\WINDOWS\System32\ati2dvaa.dll <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:40 218112 -----n--- C:\WINDOWS\System32\sbe.dll
2007-04-24 15:28:57 238592 --a------ C:\WINDOWS\System32\compatui.dll <Verified; ; CompatUI Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:54 113152 --a------ C:\WINDOWS\System32\dfrgui.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 35328 --a------ C:\WINDOWS\System32\dfrgsnap.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 76288 --a------ C:\WINDOWS\System32\dfrgfat.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 70656 --a------ C:\WINDOWS\System32\defrag.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 1740 --a------ C:\WINDOWS\System32\dcache.bin
2007-04-24 15:28:53 103424 --a------ C:\WINDOWS\System32\dgnet.dll <Verified; Microsoft; Dgnet Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:51 498205 --a------ C:\WINDOWS\System32\dxmasf.dll
2007-04-24 15:28:44 42537 --a------ C:\WINDOWS\System32\keyboard.sys
2007-04-24 15:28:40 4126 --a------ C:\WINDOWS\System32\msdxmlc.dll
2007-04-24 15:28:28 33808 --a------ C:\WINDOWS\System32\ntio.sys
2007-04-24 15:28:21 3338 --a------ C:\WINDOWS\System32\redir.exe
2007-04-24 15:10:45 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-23 18:57:13 0 dr-h----- C:\Documents and Settings\LeetSauce\Recent
2007-04-22 20:05:23 0 d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01:31 0 d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00:21 0 d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:52:49 0 dr-h----- C:\$VAULT$.AVG
2007-04-22 19:51:44 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\AVG7
2007-04-22 19:51:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-22 19:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-22 19:30:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-22 19:28:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-22 19:28:50 491520 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-22 19:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-22 19:10:58 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-04-22 18:28:31 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Lavasoft
2007-04-22 18:28:04 0 d-------- C:\Program Files\Lavasoft
2007-04-22 18:27:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 1822 0 d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48:42 0 d-------- C:\WINDOWS\System32\bits
2007-04-21 08:11:39 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-04-21 08:10:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51:41 0 d---s---- C:\Documents and Settings\LeetSauce\UserData
2007-04-20 18:43:40 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-04-20 18:40:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-20 17:56:50 4682 --a------ C:\WINDOWS\System32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT; 2005, 1, 5, 1; 2005, 1, 5, 1>
2007-04-20 17:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-20 17:38:51 354816 --a------ C:\WINDOWS\System32\psisdecd.dll
2007-04-20 17:38:50 470528 --a------ C:\WINDOWS\System32\qdvd.dll
2007-04-20 17:38:50 316928 --a------ C:\WINDOWS\System32\qdv.dll
2007-04-20 17:38:50 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:38:49 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:37:44 0 d-------- C:\Program Files\Webzen
2007-04-20 17:37:29 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\InstallShield
2007-04-20 16:44:38 208896 --a------ C:\WINDOWS\System32\nvudisp.exe <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:38 0 d-------- C:\WINDOWS\nview
2007-04-20 16:44:22 208896 --a------ C:\WINDOWS\System32\NVUNINST.EXE <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:06 0 d-------- C:\NVIDIA
2007-04-20 16:34:56 0 d-------- C:\WINDOWS\pss
2007-04-20 16:29:01 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe <Verified; Sonic Solutions; ; ; 3.00.33a>
2007-04-20 16:29:01 129784 -----n--- C:\WINDOWS\System32\pxafs.dll <Verified; Sonic Solutions; PxAFS Dynamic Link Library; 1, 0, 0, 0; 3.2.40.500>
2007-04-20 16:29:01 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys <Not Verified; Sonic Solutions; PxHelp20; ; 3.00.33a>
2007-04-20 16:29:01 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:29:01 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:28:54 0 d-------- C:\Program Files\Winamp
2007-04-20 16:17:52 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System; 1.0.0.1; 1.0.1.0>
2007-04-20 16:17:15 86 --a------ C:\WINDOWS\setuplog
2007-04-20 16:14:53 1227776 --a------ C:\WINDOWS\System32\quartz.dll
2007-04-20 16:14:53 733184 --a------ C:\WINDOWS\System32\qedwipes.dll
2007-04-20 16:14:53 1798144 --a------ C:\WINDOWS\System32\qedit.dll
2007-04-20 16:14:53 13312 --a------ C:\WINDOWS\System32\msdmo.dll
2007-04-20 16:14:52 257024 --a------ C:\WINDOWS\System32\qcap.dll
2007-04-20 16:14:52 34304 --a------ C:\WINDOWS\System32\mciqtz32.dll
2007-04-20 16:14:52 132608 --a------ C:\WINDOWS\System32\devenum.dll
2007-04-20 16:14:52 64512 --a------ C:\WINDOWS\System32\amstream.dll
2007-04-20 16:14:47 90112 -----n--- C:\WINDOWS\Updreg.EXE <Not Verified; Creative Technology Ltd.; Creative Updreg; 1.0.2; 1.0.2>
2007-04-20 16:14:10 115200 -ra------ C:\WINDOWS\System32\sfms32.dll <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 137728 -ra------ C:\WINDOWS\System32\P17res.dll <Verified; Creative Technology Ltd.; P17 Driver Resources; 5.12.01.00404; 5.12.01.00404>
2007-04-20 16:14:10 53248 -ra------ C:\WINDOWS\System32\P17CPI.dll <Verified; ; P17CPI Module; 1, 0, 0, 2; 1, 0, 0, 2>
2007-04-20 16:14:10 64512 -ra------ C:\WINDOWS\System32\P17.dll <Verified; ; P17 AudioControlX2 Module; 1.0.1.41; 1.0.1.41>
2007-04-20 16:14:10 8704 -ra------ C:\WINDOWS\System32\drivers\Pfmodnt.sys <Verified; Creative Technology Ltd.; PfModNT; 3.0.0.11; 3.0.0.11>
2007-04-20 16:14:10 1389056 -ra------ C:\WINDOWS\System32\drivers\P17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>
2007-04-20 16:14:10 138752 -ra------ C:\WINDOWS\System32\drivers\ctsfm2k.sys <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 106496 -ra------ C:\WINDOWS\System32\drivers\ctoss2k.sys <Verified; Creative Technology Ltd.; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 133632 -ra------ C:\WINDOWS\System32\CtDvInst.dll <Verified; Creative Technology Limited; Creative Technology Limited CtDvInst; 0, 3, 0, 30; 0, 3, 0, 30>
2007-04-20 16:13:58 0 d-------- C:\WINDOWS\System32\Data
2007-04-20 16:13:58 11264 --a------ C:\WINDOWS\INRES.DLL <Not Verified; Creative Technology Limited; Creative Technology Limited inRes; 1, 0, 9, 0; 1, 0, 9, 0>
2007-04-20 16:12:11 0 d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12:00 0 d-------- C:\Program Files\Creative
2007-04-20 16:11:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11:12 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-20 14:03:02 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Macromedia
2007-04-19 21:23:17 77312 -ra------ C:\WINDOWS\System32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
2007-04-19 21:23:11 65280 -ra------ C:\WINDOWS\System32\drivers\Rtlnic51.sys <Verified; Realtek Semiconductor Corporation; Realtek RTL8139/810x/8169/8110 all in one NDIS Driver; 5.606.811.2003; 5.606.811.2003 built by: WinDDK>
2007-04-19 21:18:41 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-04-19 21:17:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller; 5, 51; 5, 51, 138, 0>
2007-04-19 21:17:37 0 d-------- C:\Documents and Settings\LeetSauce\WINDOWS
2007-04-19 20:19:21 24661 --a------ C:\WINDOWS\System32\spxcoins.dll <Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller; 1.0.0.0007; 1.0.0.0007>
2007-04-17 20:49:14 0 d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46:51 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Aim
2007-04-17 20:46:29 0 d-------- C:\Program Files\Viewpoint
2007-04-17 20:46:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-17 20:46:28 344064 --a------ C:\WINDOWS\System32\msvcr70.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.00.9466.0; 7.00.9466.0>
2007-04-17 20:46:27 0 d-------- C:\Program Files\AIM
2007-04-17 20:44:58 348160 --a------ C:\WINDOWS\System32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3052.4; 7.10.3052.4>
2007-04-17 20:44:58 499712 --a------ C:\WINDOWS\System32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
2007-04-17 17:47:10 0 d--hs---- C:\WINDOWS\Installer
2007-04-17 17:47:08 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Identities
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Templates
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Start Menu
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\SendTo
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\PrintHood
2007-04-17 17:47:00 1572864 --ah----- C:\Documents and Settings\LeetSauce\NTUSER.DAT
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\NetHood
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\My Documents <MYDOCU~1>
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Local Settings
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Favorites
2007-04-17 17:47:00 0 d-------- C:\Documents and Settings\LeetSauce\Desktop
2007-04-17 17:47:00 0 d---s---- C:\Documents and Settings\LeetSauce\Cookies
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\Application Data
2007-04-17 17:46:29 0 d--hs---- C:\System Volume Information
2007-04-17 17:46:28 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-17 17:46:28 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-17 17:46:28 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-17 17:46:27 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-17 17:46:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-17 17:46:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-17 17:43:31 0 d-------- C:\WINDOWS\System32\xircom
2007-04-17 17:43:31 0 d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:43:20 266240 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-17 17:43:14 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43:14 0 -rahs---- C:\IO.SYS
2007-04-17 17:43:14 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43:14 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:42:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-17 17:42:19 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42:19 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42:00 0 d-------- C:\WINDOWS\srchasst
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\Macromed
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\DirectX
2007-04-17 17:39:56 0 d-------- C:\Program Files\Movie Maker
2007-04-17 17:39:35 0 d-------- C:\WINDOWS\System32\Restore
2007-04-17 17:39:34 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll <Verified; Intel Corporation; ISRDBG32.DLL; 0.0; 0.0>
2007-04-17 17:39:31 0 d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39:27 0 d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39:25 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38:59 22720 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-04-17 17:38:42 0 d-------- C:\WINDOWS\Registration
2007-04-17 17:38:35 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38:35 0 d-------- C:\Program Files\Online Services
2007-04-17 17:38:30 0 d-------- C:\Program Files\Messenger
2007-04-17 17:38:23 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38:16 44544 --a------ C:\WINDOWS\System32\hticons.dll <Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System; 5.1.2600.0; 5.1.2600.0>
2007-04-17 17:38:15 0 d-------- C:\Program Files\Windows NT
2007-04-17 17:38:08 1161 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-04-17 17:38:07 0 d-------- C:\WINDOWS\System32\MsDtc
2007-04-17 17:38:05 0 d-------- C:\WINDOWS\System32\Com
2007-04-17 10:32:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:32:28 0 dr------- C:\Program Files
2007-04-17 10:32:28 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32:18 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll <Verified; Equinox Systems Inc.; Equinox Multiport Serial Coinstaller; 5.0u(58); 5.0u(58)>
2007-04-17 10:32:18 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll <Verified; Digi International, Inc.; Digi RealPort® Driver; 2.3.7; 2.3.7>
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-17 10:32:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-17 10:31:42 0 d-------- C:\Documents and Settings
2007-04-17 10:28:07 0 d-------- C:\WINDOWS
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28:07 0 dr------- C:\WINDOWS\Web
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\twain_32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\system32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wins
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wbem
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\usmt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\spool
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ShellExt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\Setup
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ras
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\oobe
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\npp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\mui
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\inetsrv
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\IME
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\icsxml
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ias
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\export
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-04-17 10:28:07 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\dhcp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\config
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3076
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\2052
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1054
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1042
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1041
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1037
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1033
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1031
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1028
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1025
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\system
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\security
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Resources
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\repair
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\mui
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\msapps
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\msagent
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Media
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\java
2007-04-17 10:28:07 0 d--h----- C:\WINDOWS\inf
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\ime
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Help
2007-04-17 10:28:07 0 dr--s---- C:\WINDOWS\Fonts
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Driver Cache
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Debug
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Cursors
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Config
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\AppPatch
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-04-24 15:27:53 233632 -rahs---- C:\ntldr
2007-04-17 10:32:09 62 --ahs---- C:\Documents and Settings\LeetSauce\Application Data\desktop.ini
2007-03-15 07:08:13 101438 --a------ C:\WINDOWS\b122.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\System32\frmkjctj.dll [x]
{3EB9C349-7473-48AC-A59B-42F31751974B} C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{B21F0363-961F-4E0B-97EC-8B26D9872A96} C:\WINDOWS\System32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-04-24 at 16:32:19 ---------
My system seems to be doing better, but i still got some popups every now and then. And when i tried putting in regsvr32 /u occache.dll into Start > Run, I got a message that said : DllUnregisterServer in occache.dll succeeded.

Thanks for all the help ! :)
Attached Files
File Type: txt extra.txt (9.4 KB, 4 views)
C0mputerl0ser is offline