|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
04-21-2007, 09:15 PM
|
#1 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 9
OS: xp
|
I am getting a pop-up from various sites.
Hello I am getting pop-ups from various sites. One of which is WinAnti-Virus. My current anti-virus (avast) picks up on an attempted connect to download winanti-virus.exe once in a while. Besides that, it is mostly just one random pop-up at a time from a number of different sites. I did notice that the cookie options in internet explorer 6 keeps changing to allow all cookies. Even though I change it back to the default setting. Attached to this is my extra.log as requested, and the panda scan log file if it is of any help. Thank you.
Deckard's System Scanner v20070411.38 Run by Admin on 2007-04-21 at 22:41:58 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 48: 2007-04-22 02:42:04 UTC - RP48 - Deckard's System Scanner Restore Point 47: 2007-04-20 03:24:21 UTC - RP47 - Installed Sunbelt CounterSpy. 46: 2007-04-20 03:23:30 UTC - RP46 - Removed Sunbelt CounterSpy. 45: 2007-04-20 03:02:38 UTC - RP45 - Installed Sunbelt CounterSpy. 44: 2007-04-19 03:44:38 UTC - RP44 - Removed J2SE Runtime Environment 5.0 Update 11 -- First Restore Point -- 1: 2007-03-23 02:38:51 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Admin.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 10:43:06 PM, on 4/21/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TPSMain.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Admin\Desktop\dss.exe C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\VIRUSP~1\HIJACK~1\Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\nnnnmnk.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\gwsiabhr.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {AF6717D4-D367-45E4-870D-C0F120B289ED} - C:\WINDOWS\system32\oppqp.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\System32\ZCfgSvc.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [HiddenFinder] C:\Program Files\HiddenFinder\hiddenfinder.exe O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1175654017998 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175654006661 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: nnnnmnk - C:\WINDOWS\SYSTEM32\nnnnmnk.dll O20 - Winlogon Notify: oppqp - C:\WINDOWS\system32\oppqp.dll O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe -- HijackThis Fixed Entries (C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\VIRUSP~1\HIJACK~1\backups\) -------------------------------------------------------------------------------- backup-20070419-230437-486 O4 - HKCU\..\RunOnce: [gi1306345291] "C:\DOCUME~1\Admin\LOCALS~1\Temp\gi97CCN5.exe" /resume:"C:\DOCUME~1\Admin\LOCALS~1\Temp\2J97CB7O" /exename:"C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GZRJBUM5\Free-Spyware-Scanner-Install[1].exe" backup-20070419-230501-819 O4 - HKCU\..\RunOnce: [gi1306345291] "C:\DOCUME~1\Admin\LOCALS~1\Temp\gi97CCN5.exe" /resume:"C:\DOCUME~1\Admin\LOCALS~1\Temp\2J97CB7O" /exename:"C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\GZRJBUM5\Free-Spyware-Scanner-Install[1].exe" backup-20070420-120438-517 O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\nnnnmnk.dll backup-20070420-121001-135 O2 - BHO: (no name) - {76B8F1D9-EA64-4BF0-9D39-DF1D7A2686A0} - C:\WINDOWS\system32\byvtt.dll (file missing) backup-20070420-121001-170 O2 - BHO: (no name) - {0309638F-93F8-44D3-84CF-240EB1AB7F1F} - C:\WINDOWS\system32\nnnnmnk.dll backup-20070420-121001-219 O2 - BHO: (no name) - {E57880B2-2CF8-402E-BF06-05013BB8B3A7} - C:\WINDOWS\system32\ursss.dll (file missing) backup-20070420-121001-329 O2 - BHO: (no name) - {15731F7A-E65B-418F-A75E-84361BA572Fa} - C:\WINDOWS\system32\rkwipdjd.dll backup-20070420-121001-334 O2 - BHO: (no name) - {96E982A9-DDB4-45FD-BDF6-1C85D0D66CCB} - C:\WINDOWS\system32\qopnn.dll (file missing) backup-20070420-121001-419 O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\hdqacuvy.dll backup-20070420-121001-868 O2 - BHO: (no name) - {3E2E0100-31EC-407E-ABCC-489E06BDD189} - C:\WINDOWS\system32\sstsr.dll (file missing) backup-20070420-121001-996 O2 - BHO: (no name) - {CC33B9EA-4418-48A1-BDDB-06F7742EA00F} - C:\WINDOWS\system32\pmkjk.dll (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys R1 meiudf - c:\windows\system32\drivers\meiudf.sys R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys R2 irda (IrDA Protocol) - c:\windows\system32\drivers\irda.sys R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys R2 TBiosDrv - c:\windows\system32\drivers\tbiosdrv.sys R3 BridgeMP (MAC Bridge Miniport) - c:\windows\system32\drivers\bridge.sys R3 Rasirda (WAN Miniport (IrDA)) - c:\windows\system32\drivers\rasirda.sys R3 SMCIRDA (SMC IrCC Miniport Device Driver) - c:\windows\system32\drivers\smcirda.sys R3 STAC97 (Audio Driver (WDM) - SigmaTel CODEC) - c:\windows\system32\drivers\stac97.sys R3 tsdhd (TOSHIBA SD Card Host Controller Driver) - c:\windows\system32\drivers\tsdhd.sys R3 w70n51 (Intel(R) PRO/Wireless 7100 Adapter Driver for Windows XP) - c:\windows\system32\drivers\w70n51.sys S3 Bridge (MAC Bridge) - c:\windows\system32\drivers\bridge.sys S3 nm (Network Monitor Driver) - c:\windows\system32\drivers\nmnt.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe R2 Iprip (RIP Listener) - c:\windows\system32\svchost.exe -k netsvcs R2 Irmon (Infrared Monitor) - c:\windows\system32\svchost.exe -k netsvcs R2 RegSrvc - c:\windows\system32\regsrvc.exe R2 SBCSSvc (Sunbelt CounterSpy Antispyware) - "c:\program files\sunbelt software\counterspy\sbcssvc.exe" R2 SimpTcp (Simple TCP/IP Services) - c:\windows\system32\tcpsvcs.exe -- Files created between 2007-03-21 and 2007-04-21 ----------------------------- 2007-04-21 22:13:47 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2> 2007-04-21 22  54 21312 --a------ C:\WINDOWS\choice.exe2007-04-21 22 41 0 d-------- C:\ie-spyad2007-04-21 21:33:44 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1> 2007-04-21 21:33:42 0 d-------- C:\WINDOWS\LastGood 2007-04-21 21:12:02 123972 --a------ C:\WINDOWS\system32\lspvifjp.dll 2007-04-21 21:11:59 1386611 ---hs---- C:\WINDOWS\system32\pqppo.bak2<PQPPO~2.BAK> 2007-04-21 21:11:39 123972 --a------ C:\WINDOWS\system32\mbatmnfw.dll 2007-04-20 13:08:15 49204 --a------ C:\WINDOWS\system32\gwsiabhr.dll 2007-04-20 13:08:09 123972 --a------ C:\WINDOWS\system32\gkpxilqn.dll 2007-04-20 13:08:06 1372171 ---hs---- C:\WINDOWS\system32\pqppo.bak1<PQPPO~1.BAK> 2007-04-20 13:07:48 281172 ---hs---- C:\WINDOWS\system32\oppqp.dll 2007-04-20 01:23:02 0 --a------ C:\WINDOWS\system32\SBRC.dat 2007-04-20 01:23:02 0 --a------ C:\WINDOWS\system32\SBFC.dat 2007-04-19 23:13:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software<SUNBEL~1> 2007-04-19 23:02:43 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1> 2007-04-19 21:58:46 125460 --a------ C:\WINDOWS\system32\rkwipdjd.dll 2007-04-19 21:52:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab<KASPER~1> 2007-04-19 21:52:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1> 2007-04-19 21:19:48 125460 --a------ C:\WINDOWS\system32\pviwdcum.dll 2007-04-18 23:45:18 0 d-------- C:\WINDOWS\system32\appmgmt 2007-04-18 23:38:27 49204 --a------ C:\WINDOWS\system32\hdqacuvy.dll 2007-04-18 23:38:00 281172 --ahs---- C:\WINDOWS\system32\opnkk.dll 2007-04-18 23:33:08 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-04-18 23:33:08 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1> 2007-04-18 23:22:28 0 d-------- C:\VundoFix Backups<VUNDOF~1> 2007-04-18 23:12:14 8576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys<KPROCW~1.SYS> 2007-04-18 23:12:13 0 d-------- C:\Program Files\HiddenFinder<HIDDEN~1> 2007-04-18 21:52:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-04-18 21:47:18 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT 2007-04-18 20:42:14 0 d-------- C:\Program Files\Process Master<PROCES~1> 2007-04-18 00:21:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1> 2007-04-18 00:12:46 626688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-16 22:26:13 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe 2007-04-16 22:24:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera 2007-04-16 22:19:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems<ADOBES~1> 2007-04-16 22:18:51 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1> 2007-04-16 00:14:25 0 d-------- C:\Documents and Settings\Admin\Application Data\Lavasoft 2007-04-16 00:00:01 0 d-------- C:\WINDOWS\pss 2007-04-15 23:53:58 26694 --a------ C:\WINDOWS\system32\urqqrqn.dll 2007-04-15 23:53:28 26694 --a------ C:\WINDOWS\system32\nnnnmnk.dll 2007-04-15 23:34:09 0 d-------- C:\Program Files\Common Files\Adobe 2007-04-15 23:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-04-15 23:15:23 0 d-------- C:\Program Files\photoshop<PHOTOS~1> 2007-04-13 10:44:47 8192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-04-13 10:44:47 8704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-04-13 10:44:47 6144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-04-13 10:44:47 5632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-04-13 10:44:47 6144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-04-13 10:44:46 6144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-04-11 19:17:30 0 d-------- C:\Program Files\Audacity 2007-04-11 18:55:25 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4> 2007-04-11 18:54:06 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-05 03 47 221184 --a------ C:\WINDOWS\system32\wmpns.dll2007-04-04 21:03:38 0 d-------- C:\Program Files\Maxis 2007-04-04 20:41:59 0 dr-h----- C:\Documents and Settings\Admin\Application Data\yahoo! 2007-04-04 19:00:48 0 d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-04-04 18:57:48 0 d-------- C:\Program Files\Yahoo! 2007-04-04 14:43:42 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1> 2007-04-04 14:43:40 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-04-04 13:44:46 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent 2007-04-04 13:12:05 0 d-------- C:\Documents and Settings\Admin\Incomplete<INCOMP~1> 2007-04-04 13:10:47 0 d-------- C:\WINDOWS\Sun 2007-04-04 13:10:47 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun 2007-04-04 13:09:35 0 d-------- C:\Program Files\Java 2007-04-04 12:47:52 0 d-------- C:\Program Files\Common Files\Java 2007-04-04 12:18:47 127208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-04-04 12:17:18 0 d-------- C:\WINDOWS\Prefetch 2007-04-04 12:10:37 0 d-------- C:\WINDOWS\peernet 2007-04-04 12:10:36 0 d-------- C:\WINDOWS\provisioning<PROVIS~1> 2007-04-04 12:07:54 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1> 2007-04-04 12 01 0 d-------- C:\Program Files\LimeWire2007-04-04 12:04:30 0 d-------- C:\Documents and Settings\Admin\.limewire<LIMEWI~1> 2007-04-04 12:03:20 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-04 12:00:28 0 d-------- C:\WINDOWS\EHome 2007-04-04 11:23:48 11776 --a------ C:\WINDOWS\system32\spnpinst.exe 2007-04-04 11:23:47 4569 --a------ C:\WINDOWS\system32\secupd.dat 2007-04-03 22:56:26 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat 2007-04-03 22:55:57 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-04-03 22:55:57 614912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-04-03 22:55:56 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-04-03 22:55:56 77312 --a------ C:\WINDOWS\system32\browser.dll 2007-04-03 22:54:23 91136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-03 22:54:23 66560 --a------ C:\WINDOWS\system32\mtxclu.dll 2007-04-03 22:54:23 161280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-03 22:54:23 426496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-03 22:54:23 540160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-03 22:54:22 101376 --a------ C:\WINDOWS\system32\txflog.dll 2007-04-03 22:54:22 397824 --a------ C:\WINDOWS\system32\rpcss.dll 2007-04-03 22:54:22 581120 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-04-03 22:54:22 1285120 --a------ C:\WINDOWS\system32\ole32.dll 2007-04-03 22:54:22 956416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-03 22:54:22 243200 --a------ C:\WINDOWS\system32\es.dll 2007-04-03 22:54:22 60416 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-03 22:54:21 1267200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-03 22:54:21 110080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-03 22:54:21 625152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-03 22:54:21 225792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-03 22:54:07 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-03 22:54:07 23416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-03 22:54:07 26888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-03 22:54:05 94552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-03 22:54:05 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-03 22:53:59 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-04-03 22:53:59 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-04-03 22:53:59 1060864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-03 22:53:59 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-03 22:53:59 712832 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-03 22:53:55 0 d-------- C:\Program Files\Alwil Software<ALWILS~1> 2007-04-03 22:51:11 239104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-03 22:48:22 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-04-03 22:48:22 0 d--h---c- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1> 2007-04-03 22:44:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1> 2007-04-03 22:41:31 0 d-------- C:\WINDOWS\system32\bits 2007-04-03 22:41:08 438784 --a------ C:\WINDOWS\system32\xpob2res.dll 2007-04-03 22:41:08 351232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-04-03 22:41:08 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-03 22:41:08 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-03 22:41:08 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-03 22:37:10 0 d-------- C:\Program Files\Lavasoft 2007-04-03 22:36:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1> 2007-04-03 22:34:20 18200 --a------ C:\WINDOWS\system32\wups2.dll 2007-04-03 22:34:20 41240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-03 22:34:20 127256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-03 22:34:20 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-03 22:34:19 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-03 22:34:19 465176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-03 22:33:34 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1> 2007-04-02 22:09:46 0 d-------- C:\Program Files\uTorrent 2007-03-27 22:56:41 0 d-------- C:\Program Files\LSoft Technologies<LSOFTT~1> 2007-03-26 15:16:24 198424 --a------ C:\WINDOWS\system32\iuengine.dll 2007-03-25 03:24:24 0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1> 2007-03-25 03:21:40 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-25 02:46:37 0 d---s---- C:\Documents and Settings\Admin\UserData 2007-03-23 10:53:54 0 d-------- C:\Program Files\EA GAMES<EAGAME~1> 2007-03-23 10:53:53 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-03-23 10:49:55 0 d-------- C:\WINDOWS\RegisteredPackages<REGIST~2> 2007-03-23 10:49:24 50688 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-03-23 10:49:24 363520 --a------ C:\WINDOWS\system32\psisdecd.dll 2007-03-23 10:49:24 17408 --a------ C:\WINDOWS\system32\msyuv.dll 2007-03-23 10:49:24 1428480 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-03-23 10:49:24 19328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys 2007-03-23 10:49:24 15360 --a------ C:\WINDOWS\system32\drivers\streamip.sys 2007-03-23 10:49:24 11136 --a------ C:\WINDOWS\system32\drivers\slip.sys 2007-03-23 10:49:24 10880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys 2007-03-23 10:49:24 85376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys 2007-03-23 10:49:24 51328 --a------ C:\WINDOWS\system32\drivers\msdv.sys 2007-03-23 10:49:24 15360 --a------ C:\WINDOWS\system32\drivers\mpe.sys 2007-03-23 10:49:23 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys 2007-03-23 10:49:23 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-03-23 10:49:23 5504 --a------ C:\WINDOWS\system32\drivers\mstee.sys 2007-03-23 10:49:23 4992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys 2007-03-23 10:49:23 17024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys 2007-03-23 10:49:23 11776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys 2007-03-23 10:49:22 1287168 --a------ C:\WINDOWS\system32\quartz.dll 2007-03-23 10:49:22 733696 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-03-23 10:49:22 562176 --a------ C:\WINDOWS\system32\qedit.dll 2007-03-23 10:49:22 211456 --a------ C:\WINDOWS\system32\qasf.dll 2007-03-23 10:49:22 204288 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-03-23 10:49:22 14336 --a------ C:\WINDOWS\system32\msdmo.dll 2007-03-23 10:49:22 4096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-03-23 10:49:22 5376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys 2007-03-23 10:49:22 7552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys 2007-03-23 10:49:22 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys 2007-03-23 10:49:21 385024 --a------ C:\WINDOWS\system32\qdvd.dll 2007-03-23 10:49:21 279040 --a------ C:\WINDOWS\system32\qdv.dll 2007-03-23 10:49:21 192512 --a------ C:\WINDOWS\system32\qcap.dll 2007-03-23 10:49:21 35328 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-03-23 10:49:21 20480 --a------ C:\WINDOWS\system32\encapi.dll 2007-03-23 10:49:21 59904 --a------ C:\WINDOWS\system32\devenum.dll 2007-03-23 10:49:21 70656 --a------ C:\WINDOWS\system32\amstream.dll 2007-03-23 10:49:20 2113536 --a------ C:\WINDOWS\system32\dxdiagn.dll 2007-03-23 10:49:20 1298432 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-03-23 10:49:20 19456 --a------ C:\WINDOWS\system32\dswave.dll 2007-03-23 10:49:20 104448 --a------ C:\WINDOWS\system32\dmusic.dll 2007-03-23 10:49:20 103424 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-03-23 10:49:20 105984 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-03-23 10:49:20 82432 --a------ C:\WINDOWS\system32\dmscript.dll 2007-03-23 10:49:20 35840 --a------ C:\WINDOWS\system32\dmloader.dll 2007-03-23 10:49:20 181248 --a------ C:\WINDOWS\system32\dmime.dll 2007-03-23 10:49:20 61440 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-03-23 10:49:20 28672 --a------ C:\WINDOWS\system32\dmband.dll 2007-03-23 10:49:20 181760 --a------ C:\WINDOWS\system32\dinput8.dll 2007-03-23 10:49:20 1689088 --a------ C:\WINDOWS\system32\d3d9.dll 2007-03-23 10:49:20 1179648 --a------ C:\WINDOWS\system32\d3d8.dll 2007-03-23 10:49:19 35328 --a------ C:\WINDOWS\system32\pid.dll 2007-03-23 10:49:19 46592 --a------ C:\WINDOWS\system32\dxdllreg.exe 2007-03-23 10:49:19 1227264 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-03-23 10:49:19 619008 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-03-23 10:49:19 1294336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-03-23 10:49:19 367616 --a------ C:\WINDOWS\system32\dsound.dll 2007-03-23 10:49:19 71680 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-03-23 10:49:19 181760 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-03-23 10:49:19 57344 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-03-23 10:49:19 116736 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-03-23 10:49:19 83456 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-03-23 10:49:19 212480 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-03-23 10:49:19 21504 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-03-23 10:49:19 18432 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-03-23 10:49:19 3584 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-03-23 10:49:19 60928 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-03-23 10:49:19 35328 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-03-23 10:49:19 375296 --a------ C:\WINDOWS\system32\dpnet.dll 2007-03-23 10:49:19 3584 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-03-23 10:49:19 23552 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-03-23 10:49:19 229888 --a------ C:\WINDOWS\system32\dplayx.dll 2007-03-23 10:49:19 30208 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-03-23 10:49:19 159232 --a------ C:\WINDOWS\system32\dinput.dll 2007-03-23 10:49:19 27136 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-03-23 10:49:19 266240 --a------ C:\WINDOWS\system32\ddraw.dll 2007-03-23 10:49:19 825344 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-03-23 10:49:19 8192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-03-23 00:56:56 53248 --a------ C:\WINDOWS\system32\Prounstl.exe 2007-03-23 00:56:56 23040 --a------ C:\WINDOWS\system32\IntelNic.dll 2007-03-23 00:56:56 16384 --a------ C:\WINDOWS\system32\e100bmsg.dll 2007-03-23 00:56:56 140800 --a------ C:\WINDOWS\system32\drivers\e100b325.sys 2007-03-23 00:55:25 6867 --a------ C:\WINDOWS\system32\drivers\tbiosdrv.sys 2007-03-23 00:55:25 90112 --------- C:\WINDOWS\InstDrvr.exe 2007-03-23 00:55:18 0 d-------- C:\Documents and Settings\Admin\WINDOWS 2007-03-23 00:54:56 155648 --a------ C:\WINDOWS\system32\RAMASST.exe 2007-03-23 00:54:56 106496 --a------ C:\WINDOWS\system32\DVDRAMSV.exe 2007-03-23 00:54:56 135168 --a------ C:\WINDOWS\system32\DVDMenu.dll 2007-03-23 00:54:56 90416 -----n--- C:\WINDOWS\system32\drivers\meiudf.sys 2007-03-23 00:54:55 0 d-------- C:\Program Files\DVD-RAM 2007-03-23 00:53:44 126976 --a------ C:\WINDOWS\system32\tutildel.exe 2007-03-23 00:53:44 135168 --a------ C:\WINDOWS\system32\TSDTOKEN.DLL 2007-03-23 00:53:44 24576 --a------ C:\WINDOWS\system32\TSCIEX.DLL 2007-03-23 00:53:44 184320 --a------ C:\WINDOWS\system32\TSCCALL.DLL 2007-03-23 00:53:44 36864 --a------ C:\WINDOWS\system32\tcleanup.exe 2007-03-23 00:53:29 81920 --a------ C:\WINDOWS\system32\TPwrReg.dll 2007-03-23 00:53:29 49152 --a------ C:\WINDOWS\system32\TPwrCfg.dll 2007-03-23 00:53:29 53248 --a------ C:\WINDOWS\system32\TPSTrace.dll 2007-03-23 00:53:29 45056 --a------ C:\WINDOWS\system32\TPSMainCtl.dll<TPSMAI~1.DLL> 2007-03-23 00:53:29 278528 --a------ C:\WINDOWS\system32\TPSMain.exe 2007-03-23 00:53:29 53248 --a------ C:\WINDOWS\system32\TPSDel.dll 2007-03-23 00:53:29 45056 --a------ C:\WINDOWS\system32\TPSBattM.exe 2007-03-23 00:53:29 45056 --a------ C:\WINDOWS\system32\TPSAddin.dll 2007-03-23 00:53:29 32768 --a------ C:\WINDOWS\system32\TPeculiarity.dll<TPECUL~1.DLL> 2007-03-23 00:53:29 90112 --a------ C:\WINDOWS\system32\CpuPerf.dll 2007-03-23 00:53:05 65536 --a------ C:\WINDOWS\system32\SynTPFcs.dll 2007-03-23 00:53:05 77824 --a------ C:\WINDOWS\system32\SynTPCoI.dll 2007-03-23 00:53:05 94208 --a------ C:\WINDOWS\system32\SynTPAPI.dll 2007-03-23 00:53:05 110592 --a------ C:\WINDOWS\system32\SynCtrl.dll 2007-03-23 00:53:05 73728 --a------ C:\WINDOWS\system32\SynCOM.dll 2007-03-23 00:53:05 271728 --a------ C:\WINDOWS\system32\drivers\SynTP.sys 2007-03-23 00:53:05 0 d-------- C:\Program Files\Synaptics<SYNAPT~1> 2007-03-23 00:52:44 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-03-23 00:52:43 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-03-23 00:52:42 52864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys 2007-03-23 00:52:41 54272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-03-23 00:52:40 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-03-23 00:52:38 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-03-23 00:52:37 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-03-23 00:52:36 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-03-23 00:52:19 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-03-23 00:52:19 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-03-23 00:52:18 230416 --a------ C:\WINDOWS\system32\drivers\stac97.sys 2007-03-23 00:52:18 0 d-------- C:\Program Files\SigmaTel 2007-03-23 00:51:45 36864 --a------ C:\WINDOWS\system32\SDDEVMGR.dll 2007-03-23 00:50:55 98304 --a------ C:\WINDOWS\system32\TCtrlCommon.dll<TCTRLC~1.DLL> 2007-03-23 00:50:23 0 d-------- C:\Program Files\Intel 2007-03-23 00:50:22 42368 --a------ C:\WINDOWS\system32\drivers\agp440.sys 2007-03-23 00:50:18 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys 2007-03-23 00:50:16 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys 2007-03-23 00:50:16 3328 --a------ C:\WINDOWS\system32\drivers\pciide.sys 2007-03-23 00:50:16 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys 2007-03-23 00:50:14 74240 --a------ C:\WINDOWS\system32\usbui.dll 2007-03-23 00:50:14 20480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2007-03-23 00:50:14 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys 2007-03-23 00:50:14 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys 2007-03-23 00:50:10 0 d-------- C:\WINDOWS\system32\ReinstallBackups<REINST~1> 2007-03-23 00:50:10 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys 2007-03-23 00:50:09 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1> 2007-03-23 00:49:46 32768 --a------ C:\WINDOWS\system32\TWarnMsg.exe 2007-03-23 00:49:46 24576 --a------ C:\WINDOWS\system32\Tsci.dll 2007-03-23 00:49:46 24576 --a------ C:\WINDOWS\system32\Thci.dll 2007-03-23 00:49:46 53248 --a------ C:\WINDOWS\system32\InsSecRc.scr 2007-03-23 00:49:46 53248 --a------ C:\WINDOWS\system32\InsSec.scr 2007-03-23 00:49:46 9216 --a------ C:\WINDOWS\system32\drivers\TVALZ.SYS 2007-03-23 00:49:46 258048 --a------ C:\WINDOWS\system32\00THotkey.exe<00THOT~1.EXE> 2007-03-23 00:49:46 24576 --a------ C:\WINDOWS\system32\000StTHK.exe 2007-03-23 00:49:08 8192 --a------ C:\WINDOWS\system32\wshirda.dll 2007-03-23 00:49:08 27136 --a------ C:\WINDOWS\system32\irmon.dll 2007-03-23 00:49:08 152576 --a------ C:\WINDOWS\system32\irftp.exe 2007-03-23 00:49:08 19584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys 2007-03-23 00:49:08 87424 --a------ C:\WINDOWS\system32\drivers\irda.sys 2007-03-23 00:49:06 38425 --a------ C:\WINDOWS\system32\drivers\smcirda.sys 2007-03-23 00:48:51 0 d-------- C:\Program Files\TOSHIBA 2007-03-23 00:48:48 306688 --a------ C:\WINDOWS\IsUninst.exe 2007-03-23 00:47:56 0 d-------- C:\WINDOWS\nview 2007-03-23 00:47:49 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1> 2007-03-23 00:45:08 68096 -----n--- C:\WINDOWS\agrsmdel.exe 2007-03-23 00:45:05 0 d-------- C:\WINDOWS\Options 2007-03-23 00:22:59 0 d--h----- C:\Documents and Settings\All Users\WLANProfiles<WLANPR~1> 2007-03-23 00:22:59 0 d--h----- C:\Documents and Settings\Admin\WLANProfiles<WLANPR~1> 2007-03-23 00:22:39 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-03-23 00:22:24 0 d-------- C:\WINDOWS\system32\LogFiles 2007-03-22 23:59:11 35328 --a------ C:\WINDOWS\system32\iprip.dll 2007-03-22 23:59:09 18944 --a------ C:\WINDOWS\system32\simptcp.dll 2007-03-22 23:58:23 0 d--hs---- C:\RECYCLER 2007-03-22 22:38:41 0 d--hs---- C:\WINDOWS\Installer<INSTAL~1> 2007-03-22 22:38:31 5505024 --ah----- C:\Documents and Settings\Admin\NTUSER.DAT 2007-03-22 22:37:51 0 d--hs---- C:\System Volume Information<SYSTEM~1> 2007-03-22 22:37:49 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-03-22 22:37:49 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-03-22 22:34:39 0 d-------- C:\WINDOWS\system32\xircom 2007-03-22 22:34:39 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1> 2007-03-22 22:34:25 233472 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-03-22 22:34:20 0 -rahs---- C:\MSDOS.SYS 2007-03-22 22:34:20 0 -rahs---- C:\IO.SYS 2007-03-22 22:34:20 0 --a------ C:\CONFIG.SYS 2007-03-22 22:34:20 0 --a------ C:\AUTOEXEC.BAT 2007-03-22 22:34:09 112128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-03-22 22:33:31 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-03-22 22:33:23 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1> 2007-03-22 22:33:23 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1> 2007-03-22 22:33:02 0 d-------- C:\WINDOWS\srchasst 2007-03-22 22:32:55 0 d-------- C:\WINDOWS\system32\Macromed 2007-03-22 22:32:55 0 d-------- C:\WINDOWS\system32\DirectX 2007-03-22 22:32:43 382464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-03-22 22:32:42 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1> 2007-03-22 22:32:27 45568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-03-22 22:32:26 29696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-03-22 22:32:26 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-03-22 22:32:26 43520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-03-22 22:32:26 11264 --a------ C:\WINDOWS\system32\atrace.dll 2007-03-22 22:32:15 170496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-03-22 22:32:15 67584 --a------ C:\WINDOWS\system32\srclient.dll 2007-03-22 22:32:15 0 d-------- C:\WINDOWS\system32\Restore 2007-03-22 22:32:15 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-03-22 22:32:14 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-03-22 22:32:14 34560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-03-22 22:32:14 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-03-22 22:32:14 81920 --a------ C:\WINDOWS\system32\ils.dll 2007-03-22 22:32:13 28672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-03-22 22:32:13 69632 --a------ C:\WINDOWS\system32\msconf.dll 2007-03-22 22:32:13 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-03-22 22:32:10 105984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-03-22 22:32:10 0 d-------- C:\WINDOWS\PCHEALTH 2007-03-22 22:32:09 252928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-03-22 22:32:09 64512 --a------ C:\WINDOWS\system32\acctres.dll 2007-03-22 22:32:08 48128 --a------ C:\WINDOWS\system32\inetres.dll 2007-03-22 22:32:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-03-22 22:32:03 0 d---s---- C:\WINDOWS\Tasks 2007-03-22 22:32:03 190976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-03-22 22:32:03 12288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-03-22 22:32:03 274944 --a------ C:\WINDOWS\system32\mstask.dll 2007-03-22 22:32:03 65536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-03-22 22:32:03 73728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-03-22 22:32:02 81920 --a------ C:\WINDOWS\system32\isign32.dll 2007-03-22 22:32:02 274432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-03-22 22:32:02 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-03-22 22:32:00 0 d-------- C:\Program Files\Common Files\MSSoap 2007-03-22 22:31:29 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT> 2007-03-22 22:31:13 0 d-------- C:\WINDOWS\Registration<REGIST~1> 2007-03-22 22:31:05 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~2> 2007-03-22 22:30:59 0 d-------- C:\Program Files\Messenger<MESSEN~1> 2007-03-22 22:30:49 5632 --a------ C:\WINDOWS\system32\write.exe 2007-03-22 22:30:49 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1> 2007-03-22 22:30:42 183808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-03-22 22:30:41 138752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-03-22 22:30:41 131584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-03-22 22:30:41 123392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-03-22 22:30:41 347136 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-03-22 22:30:41 44544 --a------ C:\WINDOWS\system32\hticons.dll 2007-03-22 22:30:40 35328 --a------ C:\WINDOWS\system32\winchat.exe 2007-03-22 22:30:40 73216 --a------ C:\WINDOWS\system32\avwav.dll 2007-03-22 22:30:40 227840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-03-22 22:30:40 16384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-03-22 22:30:40 0 d-------- C:\Program Files\Windows NT<WINDOW~1> 2007-03-22 22:30:39 343040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-03-22 22:30:35 102912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-03-22 22:30:34 605696 --a------ C:\WINDOWS\system32\getuname.dll 2007-03-22 22:30:34 80384 --a------ C:\WINDOWS\system32\charmap.exe 2007-03-22 22:30:33 119808 --a------ C:\WINDOWS\system32\winmine.exe 2007-03-22 22:30:33 538624 --a------ C:\WINDOWS\system32\spider.exe 2007-03-22 22:30:33 56832 --a------ C:\WINDOWS\system32\sol.exe 2007-03-22 22:30:33 114688 --a------ C:\WINDOWS\system32\calc.exe 2007-03-22 22:30:32 6656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-03-22 22:30:32 1343768 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-03-22 22:30:32 124184 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-03-22 22:30:32 126976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-03-22 22:30:32 55296 --a------ C:\WINDOWS\system32\freecell.exe 2007-03-22 22:30:32 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-03-22 22:30:32 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-03-22 22:30:32 139528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-03-22 22:30:31 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-03-22 22:30:31 140800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-03-22 22:30:31 9728 --a------ C:\WINDOWS\system32\reset.exe 2007-03-22 22:30:31 60416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-03-22 22:30:31 67072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-03-22 22:30:31 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-03-22 22:30:31 655360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-03-22 22:30:31 407552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-03-22 22:30:30 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-03-22 22:30:30 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-03-22 22:30:30 16384 --a------ C:\WINDOWS\system32\tskill.exe 2007-03-22 22:30:30 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-03-22 22:30:30 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-03-22 22:30:30 14848 --a------ C:\WINDOWS\system32\tscon.exe 2007-03-22 22:30:30 295424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-03-22 22:30:30 14848 --a------ C:\WINDOWS\system32\shadow.exe 2007-03-22 22:30:30 15872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-03-22 22:30:30 33792 --a------ C:\WINDOWS\system32\regini.exe 2007-03-22 22:30:30 87176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-03-22 22:30:30 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-03-22 22:30:30 62464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-03-22 22:30:30 147968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-03-22 22:30:29 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-03-22 22:30:29 22016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-03-22 22:30:29 20480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-03-22 22:30:29 16896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-03-22 22:30:29 20992 --a------ C:\WINDOWS\system32\msg.exe 2007-03-22 22:30:29 0 d-------- C:\WINDOWS\system32\MsDtc 2007-03-22 22:30:29 15360 --a------ C:\WINDOWS\system32\logoff.exe 2007-03-22 22:30:29 11264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-03-22 22:30:29 38912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-03-22 22:30:29 15872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-03-22 22:30:28 11776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-03-22 22:30:28 58880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-03-22 22:30:28 6144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-03-22 22:30:27 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-03-22 22:30:26 54272 --a------ C:\WINDOWS\system32\stclient.dll 2007-03-22 22:30:26 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-03-22 22:30:26 4096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-03-22 22:30:26 20480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-03-22 22:30:26 97792 --a------ C:\WINDOWS\system32\comrepl.dll 2007-03-22 22:30:26 25600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-03-22 22:30:26 0 d-------- C:\WINDOWS\system32\Com 2007-03-22 22:30:26 85504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-03-22 22:30:24 147456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-03-22 22:30:15 56320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-03-22 22:30:15 17408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-03-22 22:30:15 58880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-03-22 22:30:15 185344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-03-22 22:30:09 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-03-22 22:30:09 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-03-22 17:05:52 3072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-03-22 17:05:35 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-03-22 17:05:17 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys 2007-03-22 17:04:57 9344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2007-03-22 17:04:56 14080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys 2007-03-22 17:04:56 14080 --a------ C:\WINDOWS\system32\drivers\battc.sys 2007-03-22 17:04:07 0 d-------- C:\Program Files\Common Files\ODBC 2007-03-22 17:04:04 0 d-------- C:\Program Files\Common Files\SpeechEngines<SPEECH~1> 2007-03-22 17:04:03 0 dr------- C:\Program Files<PROGRA~1> 2007-03-22 17:04:01 6144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-03-22 17:04:01 6144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-03-22 17:04:01 5632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-03-22 17:03:59 5632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-03-22 17:03:59 5632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-03-22 17:03:57 8192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-03-22 17:03:57 6656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-03-22 17:03:57 6144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-03-22 17:03:57 5632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-03-22 17:03:57 5632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-03-22 17:03:57 5632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-03-22 17:03:57 6144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-03-22 17:03:56 6144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-03-22 17:03:56 6144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-03-22 17:03:56 5632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-03-22 17:03:56 5632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-03-22 17:03:56 6144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-03-22 17:03:54 5632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-03-22 17:03:54 5632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-03-22 17:03:54 5632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-03-22 17:03:54 7168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-03-22 17:03:54 6656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-03-22 17:03:52 24661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-03-22 17:03:52 13312 --a------ C:\WINDOWS\system32\irclass.dll 2007-03-22 17:03:52 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-03-22 17:03:52 85020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-03-22 17:03:52 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-03-22 17:03:51 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-03-22 17:03:51 8704 --a------ C:\WINDOWS\system32\batt.dll 2007-03-22 17:03:51 9008 --a------ C:\WINDOWS\system\VER.DLL 2007-03-22 17:03:51 19200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-03-22 17:03:51 5120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-03-22 17:03:50 24064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-03-22 17:03:50 82944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-03-22 17:03:50 126912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-03-22 17:03:50 68768 --a------ C:\WINDOWS\system\mmsystem.dll 2007-03-22 17:03:50 9936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-03-22 17:03:50 32816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-03-22 17:03:49 15360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-03-22 17:03:49 109456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-03-22 17:03:49 69584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-03-22 17:03:49 69120 --a------ C:\WINDOWS\notepad.exe 2007-03-22 17:03:48 74752 --a------ C:\WINDOWS\system32\storprop.dll 2007-03-22 17:03:41 0 dr------- C:\Documents and Settings\All Users\Documents<DOCUME~1> 2007-03-22 17:03:31 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-03-22 17:03:31 0 d-------- C:\WINDOWS\system32\CatRoot 2007-03-22 17:03:10 0 d-------- C:\Documents and Settings<DOCUME~1> 2007-03-22 16:58:51 0 d-------- C:\WINDOWS 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\WinSxS 2007-03-22 16:58:51 0 dr------- C:\WINDOWS\Web 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\twain_32 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\wins 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\wbem 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\usmt 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\spool 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\ShellExt 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\Setup 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\ras 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\oobe 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\npp 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\mui 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\inetsrv 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\IME 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\icsxml 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\ias 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\export 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\drivers 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-03-22 16:58:51 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\dhcp 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\config 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\3076 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\2052 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1054 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1042 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1041 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1037 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1033 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1031 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1028 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system32\1025 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\system 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\security 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Resources<RESOUR~1> 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\repair 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\mui 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\msapps 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\msagent 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Media 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\java 2007-03-22 16:58:51 0 d--h----- C:\WINDOWS\inf 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\ime 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Help 2007-03-22 16:58:51 0 dr--s---- C:\WINDOWS\Fonts 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Driver Cache<DRIVER~1> 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Debug 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Cursors 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Connection Wizard<CONNEC~1> 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\Config 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\AppPatch 2007-03-22 16:58:51 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-04-18 21:25:26 0 d---s---- C:\Documents and Settings\Admin\Application Data\Microsoft<MICROS~1> 2007-04-04 12:04:45 250032 -rahs---- C:\ntldr 2007-04-02 00:44:54 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia<MACROM~1> 2007-03-22 22:38:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Identities<IDENTI~1> 2007-03-22 17:03:41 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini 2007-03-17 09:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-15 12:23:16 497496 --a------ C:\WINDOWS\system32\XceedZip.dll 2007-03-15 12:19:58 526184 --a------ C:\WINDOWS\system32\XceedCry.dll 2007-03-09 09:57:40 27376 --a------ C:\WINDOWS\system32\SBBD.exe 2007-03-08 11:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 16:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll -- Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe" "00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe" "000StTHK"="000StTHK.exe" "TFncKy"="TFncKy.exe" "TFNF5"="TFNF5.exe" "SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "TPSMain"="TPSMain.exe" "ZCfgSvc.exe"="c:\\WINDOWS\\System32\\ZCfgSvc.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "HiddenFinder"="C:\\Program Files\\HiddenFinder\\hiddenfinder.exe" @="" "SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PRONoMgr" "hkey"="HKLM" "command"="c:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{0309638F-93F8-44D3-84CF-240EB1AB7F1F}"="" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmnk HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 -- End of Deckard's System Scanner: finished at 2007-04-21 at 22:43:53 --------- |
|
     |
|
04-23-2007, 09:51 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,752
OS: 2000 Pro; XP Pro; XP Home
|
Re: I am getting a pop-up from various sites.
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ---------------------------------------------------------------------------------------------
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Please do not ask for help via Private Message. |
|
|
|
|
04-23-2007, 10:37 PM
|
#4 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 9
OS: xp
|
Re: I am getting a pop-up from various sites.
"Admin" - 07-04-24 0:35:25 Service Pack 2
ComboFix 07-04-24.2V - Running from: "C:\Documents and Settings\Admin\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 )))))))))))))))))))))))))))))))))) 2007-04-24 00:30 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-04-23 23:30 <DIR> d-------- C:\!KillBox 2007-04-23 21:12 131,604 --a------ C:\WINDOWS\system32\peicgjri.dll 2007-04-21 22:41 <DIR> d-------- C:\Deckard 2007-04-21 22:13 <DIR> d-------- C:\Program Files\SpywareGuard 2007-04-21 22:06 21,312 --a------ C:\WINDOWS\choice.exe 2007-04-21 22:06 <DIR> d-------- C:\ie-spyad 2007-04-21 21:33 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-04-21 21:11 1,396,342 --ahs---- C:\WINDOWS\system32\pqppo.bak2 2007-04-20 01:23 0 --a------ C:\WINDOWS\system32\SBRC.dat 2007-04-20 01:23 0 --a------ C:\WINDOWS\system32\SBFC.dat 2007-04-19 23:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software 2007-04-19 23:02 <DIR> d-------- C:\Program Files\Sunbelt Software 2007-04-19 21:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab 2007-04-18 23:45 <DIR> d-------- C:\WINDOWS\system32\appmgmt 2007-04-18 23:33 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-04-18 23:33 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-04-18 23:22 <DIR> d-------- C:\VundoFix Backups 2007-04-18 23:12 8,576 --a------ C:\WINDOWS\system32\drivers\KProcWatch.sys 2007-04-18 23:12 <DIR> d-------- C:\Program Files\HiddenFinder 2007-04-18 21:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft 2007-04-18 21:47 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-04-18 20:42 <DIR> d-------- C:\Program Files\Process Master 2007-04-18 00:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-04-18 00:12 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-04-16 22:24 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Opera 2007-04-16 22:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems 2007-04-16 22:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-04-16 00:14 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Lavasoft 2007-04-16 00:00 <DIR> d-------- C:\WINDOWS\pss 2007-04-15 23:15 <DIR> d-------- C:\Program Files\photoshop 2007-04-13 10:44 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2007-04-13 10:44 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2007-04-13 10:44 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2007-04-13 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2007-04-13 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2007-04-13 10:44 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2007-04-11 19:17 <DIR> d-------- C:\Program Files\Audacity 2007-04-11 18:55 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2007-04-11 18:54 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-04-05 03:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-04-04 21:03 <DIR> d-------- C:\Program Files\Maxis 2007-04-04 20:41 <DIR> dr-h----- C:\DOCUME~1\Admin\APPLIC~1\yahoo! 2007-04-04 19:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\yahoo! 2007-04-04 18:57 <DIR> d-------- C:\Program Files\Yahoo! 2007-04-04 14:43 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2007-04-04 14:43 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-04-04 13:44 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\uTorrent 2007-04-04 13:12 <DIR> d-------- C:\DOCUME~1\Admin\Incomplete 2007-04-04 12:18 127,208 --a------ C:\WINDOWS\system32\mucltui.dll 2007-04-04 12:17 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-04 12:10 <DIR> d-------- C:\WINDOWS\provisioning 2007-04-04 12:10 <DIR> d-------- C:\WINDOWS\peernet 2007-04-04 12:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-04-04 12:06 <DIR> d-------- C:\Program Files\LimeWire 2007-04-04 12:04 <DIR> d-------- C:\DOCUME~1\Admin\.limewire 2007-04-04 12:03 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-04 12:00 <DIR> d-------- C:\WINDOWS\EHome 2007-04-04 11:23 4,569 --a------ C:\WINDOWS\system32\secupd.dat 2007-04-04 11:23 11,776 --a------ C:\WINDOWS\system32\spnpinst.exe 2007-04-03 22:56 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat 2007-04-03 22:55 77,312 --a------ C:\WINDOWS\system32\browser.dll 2007-04-03 22:55 614,912 --a------ C:\WINDOWS\system32\h323msp.dll 2007-04-03 22:55 40,960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-04-03 22:55 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll 2007-04-03 22:54 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-03 22:54 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-04-03 22:54 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-03 22:54 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-04-03 22:54 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll 2007-04-03 22:54 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-03 22:54 60,416 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-03 22:54 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll 2007-04-03 22:54 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-03 22:54 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-04-03 22:54 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-03 22:54 397,824 --a------ C:\WINDOWS\system32\rpcss.dll 2007-04-03 22:54 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-04-03 22:54 243,200 --a------ C:\WINDOWS\system32\es.dll 2007-04-03 22:54 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-04-03 22:54 225,792 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-03 22:54 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-03 22:54 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-03 22:54 101,376 --a------ C:\WINDOWS\system32\txflog.dll 2007-04-03 22:54 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll 2007-04-03 22:54 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-03 22:53 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-04-03 22:53 733,824 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-04-03 22:53 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-04-03 22:53 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll 2007-04-03 22:53 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-04-03 22:53 <DIR> d-------- C:\Program Files\Alwil Software 2007-04-03 22:51 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-03 22:48 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe 2007-04-03 22:48 <DIR> d--h-c--- C:\WINDOWS\$xpsp1hfm$ 2007-04-03 22:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage 2007-04-03 22:41 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-03 22:41 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-03 22:41 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll 2007-04-03 22:41 351,232 --a------ C:\WINDOWS\system32\winhttp.dll 2007-04-03 22:41 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-03 22:41 <DIR> d-------- C:\WINDOWS\system32\bits 2007-04-03 22:37 <DIR> d-------- C:\Program Files\Lavasoft 2007-04-03 22:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-03 22:34 465,176 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-03 22:34 41,240 --a------ C:\WINDOWS\system32\wups.dll 2007-04-03 22:34 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-03 22:34 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2007-04-03 22:34 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-03 22:34 127,256 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-03 22:33 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-02 22:09 <DIR> d-------- C:\Program Files\uTorrent 2007-03-27 22:56 <DIR> d-------- C:\Program Files\LSoft Technologies 2007-03-26 15:16 198,424 --a------ C:\WINDOWS\system32\iuengine.dll 2007-03-25 03:24 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-03-25 03:21 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-03-25 02:46 <DIR> d---s---- C:\DOCUME~1\Admin\UserData (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-11 14:16 -------- d-------- C:\Program Files\ea games 2007-04-05 03:07 -------- d-------- C:\Program Files\messenger 2007-04-04 12:10 -------- d-------- C:\Program Files\movie maker 2007-04-04 12:07 -------- d-------- C:\Program Files\windows nt 2007-04-03 22:34 -------- d--h----- C:\Program Files\windowsupdate 2007-03-23 00:55 -------- d-------- C:\Program Files\toshiba 2007-03-23 00:54 -------- d--h----- C:\Program Files\installshield installation information 2007-03-23 00:54 -------- d-------- C:\Program Files\dvd-ram 2007-03-23 00:53 -------- d-------- C:\Program Files\synaptics 2007-03-23 00:52 -------- d-------- C:\Program Files\sigmatel 2007-03-23 00:22 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-03-23 00:22 -------- d-------- C:\Program Files\intel 2007-03-22 22:34 0 -rahs---- C:\MSDOS.SYS 2007-03-22 22:34 0 -rahs---- C:\IO.SYS 2007-03-22 22:34 0 --a------ C:\CONFIG.SYS 2007-03-22 22:34 0 --a------ C:\AUTOEXEC.BAT 2007-03-22 22:34 -------- d-------- C:\Program Files\microsoft frontpage 2007-03-22 22:32 -------- d-------- C:\Program Files\Common Files\mssoap 2007-03-22 22:31 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-03-22 22:30 -------- d-------- C:\Program Files\msn gaming zone 2007-03-22 17:04 -------- d-------- C:\Program Files\Common Files\speechengines 2007-03-22 17:04 -------- d-------- C:\Program Files\Common Files\odbc 2007-03-22 17:03 62 --ahs---- C:\DOCUME~1\Admin\APPLIC~1\desktop.ini 2007-03-17 09:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-15 12:23 497496 --a------ C:\WINDOWS\system32\xceedzip.dll 2007-03-15 12:19 526184 --a------ C:\WINDOWS\system32\xceedcry.dll 2007-03-09 09:57 27376 --a------ C:\WINDOWS\system32\sbbd.exe 2007-03-08 11:36 577536 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 11:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 09:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys 2007-02-05 16:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /installquiet" "TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe" "00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe" "000StTHK"="000StTHK.exe" "TFncKy"="TFncKy.exe" "TFNF5"="TFNF5.exe" "SigmaTel StacMon"="C:\\Program Files\\SigmaTel\\SigmaTel AC97 Audio Drivers\\stacmon.exe" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "TPSMain"="TPSMain.exe" "ZCfgSvc.exe"="c:\\WINDOWS\\System32\\ZCfgSvc.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "HiddenFinder"="C:\\Program Files\\HiddenFinder\\hiddenfinder.exe" @="" "SBCSTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBCSTray.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnmnk HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PRONoMgr" "hkey"="HKLM" "command"="c:\\Program Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_KPROCWATCH ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-04-24 00:36:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-04-24 0:36:18 C:\ComboFix-quarantined-files.txt ... 07-04-24 00:36 C:\ComboFix2.txt ... 07-04-24 00:30 |
|
|
|
|
04-23-2007, 11:17 PM
|
#5 (permalink) |
|
Registered User
Join Date: Apr 2007
Posts: 9
OS: xp
|
Re: I am getting a pop-up from various sites.
I am sorry I forgot to add the hijack this log you requested. Here it is. Logfile of HijackThis v1.99.1 Scan saved at 1:16:09 AM, on 4/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\1XConfig.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TPSMain.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\RegSrvc.exe C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\All Users\Start Menu\Programs\Virus Protection\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\System32\ZCfgSvc.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1175654017998 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1175654006661 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09 |
