Constant Ads And Trojans

C0mputerl0ser · 04-22-2007, 10:11 PM

Hi, and thanks for spending some time helping me. I have just started getting many ads every mintue or so. Also, I am using AVG and i am starting to get many virus trojan detected.

Here is my HiJackThis Log:

Quote:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:01 PM, on 4/22/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wpabaln.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\HijackThis\analyse.exe.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\fccaxya.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AF495B35-1613-4F48-9DDF-F0A36ADFF83D} - C:\WINDOWS\System32\gebcb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rra...X/RraainAX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: fccaxya - C:\WINDOWS\SYSTEM32\fccaxya.dll
O20 - Winlogon Notify: gebcb - C:\WINDOWS\System32\gebcb.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Here is my Panda ActiveScan: (Sorry if it looks all retarded)

Quote:

Incident Status Location

Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ad.yieldmanager[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@com[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@errorsafe[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@stats1.reliablestats[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@tribalfusion[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@winantispyware[2].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@winantivirus[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@www.errorsafe[1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@www.winantiviruspro[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@zedo[1].txt
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\LeetSauce\Local Settings\Temporary Internet Files\Content.IE5\OV0BAJG5\WinAntiVirusPro2007FreeInstall[1].cab[UWA7P_0001_N91M0809NetInstaller.exe]
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\b122.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\pvdjgjeh.dll

Thanks in advance, hopely you experts know how to solve this problem this loser doesn't know how to solve.

C0mputerl0ser · 04-23-2007, 08:00 PM

"Update" I now have a folder in my programs file called Ipwindows and Outerinfo. And now im getting banners from WinAntiVirus + Sysprotect.

**TheBruce1** · 04-24-2007, 05:28 AM

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

**TheBruce1** · 04-24-2007, 10:58 AM

Hello and welcome to TSF

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding..

--------------------------------------------------------------------------------------------
Download

Download ComboFix from here or here

**Save it to your desktop**

----------------------------------------------------------------------------------------------

Spywareguard

Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click the running icon of Spywareguard located in the system tray
Go to Menu > File > Exit and confirm the programs close.

--------------------------------------------------------------------------------------------

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Ipwindows
Outerinfo

----------------------------------------------------------------------------------------------

Run ComboFix

Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------

Deletions

Click Start->Run and copy/paste the following text into the Run box and click OK:

regsvr32 /u occache.dll

Delete the following Files indicated in RED

c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\pvdjgjeh.dll

Now, click Start>Run and copy/paste the following text into the Run box and click OK:

regsvr32 occache.dll

----------------------------------------------------------------------------------------------

IMPORTANT!:

Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

**Note** If you're having trouble locating the service pack SP1a here is a direct link to download it from..

http://download.microsoft.com/downlo...p1a_en_x86.exe

Thank you for your cooperation.

-----------------------------------------------------------------------------------------------

Deckark System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

----------------------------------------------------------------------------------------------

Logs Required
C:\Combofix.txt
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<-----Attached

Also let me know how your system is behaving.

C0mputerl0ser · 04-24-2007, 05:37 PM

Sorry, just got back from school.

Heres combofix :

Quote:

ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\LeetSauce\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\gxjurpnn.dll
C:\WINDOWS\system32\pvdjgjeh.dll
C:\WINDOWS\system32\lmgkemif.dll
C:\WINDOWS\system32\vturppn.dll
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.bak2
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\fccaxya.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1
C:\qoobox\purity\C\DOCUME~1\LEETSA~1\APPLIC~1\YSTEM3~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1

((((((((((((((((((((((((((((((( Files Created from 2007-03-24 to 2007-04-24 ))))))))))))))))))))))))))))))))))

2007-04-22 20:05 <DIR> d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00 <DIR> d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-22 19:28 491,520 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-22 19:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-22 19:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-22 18:28 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-22 18:28 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Lavasoft
2007-04-22 18:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18:06 <DIR> d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48 <DIR> d-------- C:\WINDOWS\system32\bits
2007-04-21 08:14 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-04-21 08:14 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-04-21 08:14 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-04-21 08:14 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-21 08:14 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-04-21 08:11 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-21 08:10 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-21 08:10 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-21 08:10 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-21 08:10 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-21 08:10 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-21 08:10 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-21 08:10 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51 <DIR> d---s---- C:\DOCUME~1\LEETSA~1\UserData
2007-04-20 18:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-20 17:56 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-20 17:38 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-20 17:38 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-20 17:38 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-20 17:38 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-20 17:38 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-20 17:38 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-20 17:38 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-20 17:38 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-20 17:38 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-20 17:38 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-20 17:38 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-20 17:38 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-20 17:38 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-20 17:38 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-20 17:38 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-20 17:38 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-20 17:38 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-20 17:38 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-20 17:38 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-20 17:38 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-20 17:38 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-20 17:38 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-20 17:38 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-20 17:38 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-20 17:38 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-20 17:38 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-20 17:38 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-20 17:37 <DIR> d-------- C:\Program Files\Webzen
2007-04-20 17:37 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\InstallShield
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-20 16:44 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-20 16:44 <DIR> d-------- C:\WINDOWS\nview
2007-04-20 16:44 <DIR> d-------- C:\NVIDIA
2007-04-20 16:34 <DIR> d-------- C:\WINDOWS\pss
2007-04-20 16:29 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-04-20 16:29 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-20 16:29 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-20 16:29 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-20 16:29 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-20 16:28 <DIR> d-------- C:\Program Files\Winamp
2007-04-20 16:17 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-04-20 16:14 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-20 16:14 90,112 --------- C:\WINDOWS\Updreg.EXE
2007-04-20 16:14 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-20 16:14 8,704 -ra------ C:\WINDOWS\system32\drivers\Pfmodnt.sys
2007-04-20 16:14 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-20 16:14 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-20 16:14 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-20 16:14 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-20 16:14 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-20 16:14 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-20 16:14 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-20 16:14 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-20 16:14 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-04-20 16:14 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-04-20 16:14 64,512 -ra------ C:\WINDOWS\system32\P17.dll
2007-04-20 16:14 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-20 16:14 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-20 16:14 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-20 16:14 57,344 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-20 16:14 53,248 -ra------ C:\WINDOWS\system32\P17CPI.dll
2007-04-20 16:14 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-20 16:14 5,632 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-20 16:14 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-20 16:14 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-20 16:14 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-20 16:14 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-20 16:14 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-20 16:14 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-20 16:14 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-20 16:14 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-20 16:14 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-20 16:14 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-20 16:14 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-20 16:14 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-20 16:14 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-20 16:14 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-20 16:14 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-20 16:14 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-20 16:14 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-20 16:14 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-20 16:14 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-20 16:14 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-20 16:14 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-20 16:14 138,752 -ra------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
2007-04-20 16:14 137,728 -ra------ C:\WINDOWS\system32\P17res.dll
2007-04-20 16:14 135,040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-20 16:14 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll
2007-04-20 16:14 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-20 16:14 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-20 16:14 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-20 16:14 115,200 -ra------ C:\WINDOWS\system32\sfms32.dll
2007-04-20 16:14 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-20 16:14 106,496 -ra------ C:\WINDOWS\system32\drivers\ctoss2k.sys
2007-04-20 16:14 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-20 16:14 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-20 16:14 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-20 16:14 1,389,056 -ra------ C:\WINDOWS\system32\drivers\P17.sys
2007-04-20 16:14 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-20 16:14 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-20 16:13 11,264 --a------ C:\WINDOWS\INRES.DLL
2007-04-20 16:13 <DIR> d-------- C:\WINDOWS\system32\Data
2007-04-20 16:12 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12 <DIR> d-------- C:\Program Files\Creative
2007-04-20 16:11 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-19 21:23 77,312 -ra------ C:\WINDOWS\system32\drivers\viasraid.sys
2007-04-19 21:23 65,280 -ra------ C:\WINDOWS\system32\drivers\Rtlnic51.sys
2007-04-19 21:18 35,840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2007-04-19 21:18 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-19 21:17 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-19 21:17 <DIR> d-------- C:\DOCUME~1\LEETSA~1\WINDOWS
2007-04-19 20:51 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-19 20:19 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-19 20:19 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-17 20:49 <DIR> d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-04-17 20:46 <DIR> d-------- C:\Program Files\Viewpoint
2007-04-17 20:46 <DIR> d-------- C:\Program Files\AIM
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\LEETSA~1\APPLIC~1\Aim
2007-04-17 20:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-04-17 20:44 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-17 20:44 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-17 17:50 <DIR> d--hs---- C:\RECYCLER
2007-04-17 17:47 1,572,864 --ah----- C:\DOCUME~1\LEETSA~1\NTUSER.DAT
2007-04-17 17:47 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 17:46 233,472 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 17:46 <DIR> d--hs---- C:\System Volume Information
2007-04-17 17:43 266,240 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 17:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 17:43 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43 0 -rahs---- C:\IO.SYS
2007-04-17 17:43 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:43 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 17:43 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:42 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-17 17:42 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 17:40 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 17:39 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 17:39 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 17:39 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 17:39 73,728 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 17:39 70,400 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 17:39 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 17:39 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 17:39 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 17:39 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 17:39 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 17:39 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 17:39 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 17:39 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 17:39 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 17:39 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 17:39 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 17:39 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 17:39 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 17:39 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 17:39 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 17:39 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 17:39 249,856 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 17:39 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 17:39 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 17:39 218,112 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 17:39 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 17:39 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 17:39 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 17:39 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 17:39 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 17:39 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 17:39 <DIR> d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 17:39 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 17:38 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 17:38 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 17:38 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 17:38 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 17:38 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 17:38 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 17:38 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 17:38 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 17:38 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 17:38 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 17:38 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 17:38 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 17:38 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 17:38 583,168 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 17:38 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 17:38 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 17:38 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 17:38 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 17:38 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 17:38 534,016 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 17:38 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 17:38 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 17:38 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 17:38 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 17:38 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 17:38 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 17:38 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 17:38 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 17:38 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 17:38 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 17:38 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 17:38 360,960 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 17:38 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 17:38 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 17:38 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 17:38 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 17:38 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 17:38 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 17:38 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 17:38 22,720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 17:38 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 17:38 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 17:38 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 17:38 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 17:38 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 17:38 197,632 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 17:38 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 17:38 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 17:38 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 17:38 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 17:38 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 17:38 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 17:38 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 17:38 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 17:38 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 17:38 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 17:38 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 17:38 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 17:38 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 17:38 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 17:38 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 17:38 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 17:38 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 17:38 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 17:38 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 17:38 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 17:38 107,912 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 17:38 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 17:38 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 17:38 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 17:38 1,139,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 17:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 17:38 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Windows NT
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 17:38 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 17:37 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 17:37 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 17:37 37,896 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 17:37 181,632 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 17:37 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 17:37 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 10:34 55,808 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-17 10:34 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-17 10:32 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-17 10:32 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-17 10:32 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-17 10:32 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-17 10:32 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-17 10:32 <DIR> dr------- C:\Program Files
2007-04-17 10:32 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-17 10:31 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-17 10:31 <DIR> d-------- C:\Documents and Settings
2007-04-17 10:28 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-17 10:28 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-17 10:28 <DIR> dr------- C:\WINDOWS\Web
2007-04-17 10:28 <DIR> d--h----- C:\WINDOWS\inf
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system32
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\system
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\security
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Resources
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\repair
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\mui
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msapps
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\msagent
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Media
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\ime
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Help
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Debug
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\Config
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS\addins
2007-04-17 10:28 <DIR> d-------- C:\WINDOWS

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-17 10:32 62 --ahs---- C:\DOCUME~1\LEETSA~1\APPLIC~1\desktop.ini
2007-03-15 07:08 101438 --a------ C:\WINDOWS\b122.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\System32\frmkjctj.dll [x]
{3EB9C349-7473-48AC-A59B-42F31751974B} C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{B21F0363-961F-4E0B-97EC-8B26D9872A96} C:\WINDOWS\System32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-24 15:10:33
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-24 15:10:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-24 15:10

Heres the results off the DSS thing :

Quote:

Deckard's System Scanner v20070423.42
Run by LeetSauce on 2007-04-24 at 16:30:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
90: 2007-04-24 23:30:34 UTC - RP90 - Deckard's System Scanner Restore Point
89: 2007-04-24 23:24:13 UTC - RP89 - Installed Windows Media Player 10 KB917734_WMP10.
88: 2007-04-24 23:23:38 UTC - RP88 - Installed Windows XP KB899587.
87: 2007-04-24 23:23:12 UTC - RP87 - Installed Windows XP KB924191.
86: 2007-04-24 23:22:40 UTC - RP86 - Installed Windows XP KB922819.

-- First Restore Point --
1: 2007-04-20 04:01:39 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as LeetSauce.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:31:03 PM, on 4/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
C:\PROGRA~1\GoGoData.com\GOGODA~1\ADBUST~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Documents and Settings\LeetSauce\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\LeetSauce.exe

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GoGoData AdBuster - {3EB9C349-7473-48AC-A59B-42F31751974B} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [GoGoTray.exe] C:\Program Files\GoGoData.com\GoGoData Toolbar\GoGoTray.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra 'Tools' menuitem: GoGoData AdBuster - {7B6E4BB4-8464-47CF-9A5B-F82F6B408A6E} - C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rra...X/RraainAX.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070422-192435-284 O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\LEETSA~1\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 viasraid - c:\windows\system32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
R3 P17 (Sound Blaster Audigy) - c:\windows\system32\drivers\p17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Files created between 2007-03-24 and 2007-04-24 -----------------------------

2007-04-24 16:24:56 0 d-------- C:\ijji
2007-04-24 16:19:43 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.4.0001.0; 5.4.0001.0 (srv03_qfe.030918-1543)>
2007-04-24 16:17:37 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-24 15:37:21 0 d-------- C:\WINDOWS\System32\PreInstall
2007-04-24 15:37:17 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-24 15:33:15 0 d-------- C:\WINDOWS\Prefetch
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ServicePackFiles
2007-04-24 15:29:45 0 d-------- C:\WINDOWS\ehome
2007-04-24 15:29:41 155648 -----n--- C:\WINDOWS\System32\encdec.dll
2007-04-24 15:29:41 34735 -----n--- C:\WINDOWS\System32\drivers\atinxsxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO_CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 29455 -----n--- C:\WINDOWS\System32\drivers\atinxbxx.sys <Verified; ATI Technologies Inc.; ATI WDM CROSSBAR; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 36463 -----n--- C:\WINDOWS\System32\drivers\atintuxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVTUNER; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 21343 -----n--- C:\WINDOWS\System32\drivers\atinttxx.sys <Verified; ATI Technologies Inc.; ATI WDM Teletext Decoder; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 26367 -----n--- C:\WINDOWS\System32\drivers\atinsnxx.sys <Verified; ATI Technologies Inc.; ATI WDM TVAUDIO; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 63663 -----n--- C:\WINDOWS\System32\drivers\atinrvxx.sys <Verified; ATI Technologies Inc.; ATI WDM RT; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 30671 -----n--- C:\WINDOWS\System32\drivers\atinraxx.sys <Verified; ATI Technologies Inc.; ATI WDM Rage Theater Audio; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 12047 -----n--- C:\WINDOWS\System32\drivers\atinpdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized PCD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 11615 -----n--- C:\WINDOWS\System32\drivers\atinmdxx.sys <Verified; ATI Technologies Inc.; ATI Specialized MVD VBI Codec; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 56591 -----n--- C:\WINDOWS\System32\drivers\atinbtxx.sys <Verified; ATI Technologies Inc.; ATI WDM BT829x; 6.13.10.6131; 6.13.10.6131>
2007-04-24 15:29:41 450176 -----n--- C:\WINDOWS\System32\drivers\ati2mtag.sys <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 327040 -----n--- C:\WINDOWS\System32\drivers\ati2mtaa.sys <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:41 921475 -----n--- C:\WINDOWS\System32\ati3d2ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 844675 -----n--- C:\WINDOWS\System32\ati3d1ag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.13.10.3338; 6.13.10.3338>
2007-04-24 15:29:41 202496 -----n--- C:\WINDOWS\System32\ati2dvag.dll <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.1.2600.0; 6.13.10.6153>
2007-04-24 15:29:41 377984 -----n--- C:\WINDOWS\System32\ati2dvaa.dll <Verified; ATI Technologies Inc.; ATI Rage 128 Family; 5.1.2600.0; 6.13.10.5019>
2007-04-24 15:29:40 218112 -----n--- C:\WINDOWS\System32\sbe.dll
2007-04-24 15:28:57 238592 --a------ C:\WINDOWS\System32\compatui.dll <Verified; ; CompatUI Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:54 113152 --a------ C:\WINDOWS\System32\dfrgui.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 35328 --a------ C:\WINDOWS\System32\dfrgsnap.dll <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 76288 --a------ C:\WINDOWS\System32\dfrgfat.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 70656 --a------ C:\WINDOWS\System32\defrag.exe <Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter; 5.1.2600.1106; 5.1.2600.1106 (xpsp1.020828-1920)>
2007-04-24 15:28:54 1740 --a------ C:\WINDOWS\System32\dcache.bin
2007-04-24 15:28:53 103424 --a------ C:\WINDOWS\System32\dgnet.dll <Verified; Microsoft; Dgnet Module; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-24 15:28:51 498205 --a------ C:\WINDOWS\System32\dxmasf.dll
2007-04-24 15:28:44 42537 --a------ C:\WINDOWS\System32\keyboard.sys
2007-04-24 15:28:40 4126 --a------ C:\WINDOWS\System32\msdxmlc.dll
2007-04-24 15:28:28 33808 --a------ C:\WINDOWS\System32\ntio.sys
2007-04-24 15:28:21 3338 --a------ C:\WINDOWS\System32\redir.exe
2007-04-24 15:10:45 49152 --a------ C:\WINDOWS\nircmd.exe <Not Verified; NirSoft; NirCmd; 1.85; 1.85>
2007-04-23 18:57:13 0 dr-h----- C:\Documents and Settings\LeetSauce\Recent
2007-04-22 20:05:23 0 d-------- C:\Program Files\SpywareGuard
2007-04-22 20:01:31 0 d-------- C:\Program Files\SpywareBlaster
2007-04-22 20:00:21 0 d-------- C:\Program Files\MRU-Blaster
2007-04-22 19:52:49 0 dr-h----- C:\$VAULT$.AVG
2007-04-22 19:51:44 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\AVG7
2007-04-22 19:51:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-22 19:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-22 19:30:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-22 19:28:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-22 19:28:50 491520 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2007-04-22 19:28:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-22 19:28:50 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-22 19:28:50 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-22 19:28:50 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-22 19:15:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-22 19:10:58 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-04-22 18:28:31 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Lavasoft
2007-04-22 18:28:04 0 d-------- C:\Program Files\Lavasoft
2007-04-22 18:27:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-22 18

22 0 d-------- C:\Program Files\GoGoData.com
2007-04-21 09:48:42 0 d-------- C:\WINDOWS\System32\bits
2007-04-21 08:11:39 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2007-04-21 08:10:17 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-21 07:51:41 0 d---s---- C:\Documents and Settings\LeetSauce\UserData
2007-04-20 18:43:40 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-04-20 18:40:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-20 17:56:50 4682 --a------ C:\WINDOWS\System32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT; 2005, 1, 5, 1; 2005, 1, 5, 1>
2007-04-20 17:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-20 17:38:51 354816 --a------ C:\WINDOWS\System32\psisdecd.dll
2007-04-20 17:38:50 470528 --a------ C:\WINDOWS\System32\qdvd.dll
2007-04-20 17:38:50 316928 --a------ C:\WINDOWS\System32\qdv.dll
2007-04-20 17:38:50 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:38:49 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System; 5.3.0000001.0904; 5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)>
2007-04-20 17:37:44 0 d-------- C:\Program Files\Webzen
2007-04-20 17:37:29 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\InstallShield
2007-04-20 16:44:38 208896 --a------ C:\WINDOWS\System32\nvudisp.exe <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:38 0 d-------- C:\WINDOWS\nview
2007-04-20 16:44:22 208896 --a------ C:\WINDOWS\System32\NVUNINST.EXE <Not Verified; NVIDIA Corporation; NVIDIA Corporation; 1 , 0 , 1 , 55; 1 , 0 , 1 , 55>
2007-04-20 16:44:06 0 d-------- C:\NVIDIA
2007-04-20 16:34:56 0 d-------- C:\WINDOWS\pss
2007-04-20 16:29:01 115880 -----n--- C:\WINDOWS\System32\pxinsi64.exe <Verified; Sonic Solutions; ; ; 3.00.33a>
2007-04-20 16:29:01 129784 -----n--- C:\WINDOWS\System32\pxafs.dll <Verified; Sonic Solutions; PxAFS Dynamic Link Library; 1, 0, 0, 0; 3.2.40.500>
2007-04-20 16:29:01 36528 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys <Not Verified; Sonic Solutions; PxHelp20; ; 3.00.33a>
2007-04-20 16:29:01 2560 -----n--- C:\WINDOWS\System32\drivers\cdralw2k.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:29:01 2432 -----n--- C:\WINDOWS\System32\drivers\cdr4_xp.sys <Not Verified; Sonic Solutions; Drag-to-Disc; 8.0.0.212; 8.0.0.212>
2007-04-20 16:28:54 0 d-------- C:\Program Files\Winamp
2007-04-20 16:17:52 41984 -----n--- C:\WINDOWS\Ctregrun.exe <Not Verified; Creative Technology Ltd; Creative On-line Registration System; 1.0.0.1; 1.0.1.0>
2007-04-20 16:17:15 86 --a------ C:\WINDOWS\setuplog
2007-04-20 16:14:53 1227776 --a------ C:\WINDOWS\System32\quartz.dll
2007-04-20 16:14:53 733184 --a------ C:\WINDOWS\System32\qedwipes.dll
2007-04-20 16:14:53 1798144 --a------ C:\WINDOWS\System32\qedit.dll
2007-04-20 16:14:53 13312 --a------ C:\WINDOWS\System32\msdmo.dll
2007-04-20 16:14:52 257024 --a------ C:\WINDOWS\System32\qcap.dll
2007-04-20 16:14:52 34304 --a------ C:\WINDOWS\System32\mciqtz32.dll
2007-04-20 16:14:52 132608 --a------ C:\WINDOWS\System32\devenum.dll
2007-04-20 16:14:52 64512 --a------ C:\WINDOWS\System32\amstream.dll
2007-04-20 16:14:47 90112 -----n--- C:\WINDOWS\Updreg.EXE <Not Verified; Creative Technology Ltd.; Creative Updreg; 1.0.2; 1.0.2>
2007-04-20 16:14:10 115200 -ra------ C:\WINDOWS\System32\sfms32.dll <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 137728 -ra------ C:\WINDOWS\System32\P17res.dll <Verified; Creative Technology Ltd.; P17 Driver Resources; 5.12.01.00404; 5.12.01.00404>
2007-04-20 16:14:10 53248 -ra------ C:\WINDOWS\System32\P17CPI.dll <Verified; ; P17CPI Module; 1, 0, 0, 2; 1, 0, 0, 2>
2007-04-20 16:14:10 64512 -ra------ C:\WINDOWS\System32\P17.dll <Verified; ; P17 AudioControlX2 Module; 1.0.1.41; 1.0.1.41>
2007-04-20 16:14:10 8704 -ra------ C:\WINDOWS\System32\drivers\Pfmodnt.sys <Verified; Creative Technology Ltd.; PfModNT; 3.0.0.11; 3.0.0.11>
2007-04-20 16:14:10 1389056 -ra------ C:\WINDOWS\System32\drivers\P17.sys <Verified; Creative Technology Ltd.; ; 5.12.01.512; 5.12.01.512>
2007-04-20 16:14:10 138752 -ra------ C:\WINDOWS\System32\drivers\ctsfm2k.sys <Verified; Creative Technology Ltd; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 106496 -ra------ C:\WINDOWS\System32\drivers\ctoss2k.sys <Verified; Creative Technology Ltd.; Creative Audio Product; 2.04.0050; 5.12.01.1081-2.04.0050>
2007-04-20 16:14:10 133632 -ra------ C:\WINDOWS\System32\CtDvInst.dll <Verified; Creative Technology Limited; Creative Technology Limited CtDvInst; 0, 3, 0, 30; 0, 3, 0, 30>
2007-04-20 16:13:58 0 d-------- C:\WINDOWS\System32\Data
2007-04-20 16:13:58 11264 --a------ C:\WINDOWS\INRES.DLL <Not Verified; Creative Technology Limited; Creative Technology Limited inRes; 1, 0, 9, 0; 1, 0, 9, 0>
2007-04-20 16:12:11 0 d-------- C:\WINDOWS\RegisteredPackages
2007-04-20 16:12:00 0 d-------- C:\Program Files\Creative
2007-04-20 16:11:19 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-20 16:11:12 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-20 14:03:02 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Macromedia
2007-04-19 21:23:17 77312 -ra------ C:\WINDOWS\System32\drivers\viasraid.sys <Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver; 5.1.2600.220; 5.1.2600.220>
2007-04-19 21:23:11 65280 -ra------ C:\WINDOWS\System32\drivers\Rtlnic51.sys <Verified; Realtek Semiconductor Corporation; Realtek RTL8139/810x/8169/8110 all in one NDIS Driver; 5.606.811.2003; 5.606.811.2003 built by: WinDDK>
2007-04-19 21:18:41 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2007-04-19 21:17:46 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller; 5, 51; 5, 51, 138, 0>
2007-04-19 21:17:37 0 d-------- C:\Documents and Settings\LeetSauce\WINDOWS
2007-04-19 20:19:21 24661 --a------ C:\WINDOWS\System32\spxcoins.dll <Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller; 1.0.0.0007; 1.0.0.0007>
2007-04-17 20:49:14 0 d-------- C:\Program Files\SuperCleaner
2007-04-17 20:46:51 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Aim
2007-04-17 20:46:29 0 d-------- C:\Program Files\Viewpoint
2007-04-17 20:46:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-04-17 20:46:28 344064 --a------ C:\WINDOWS\System32\msvcr70.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.00.9466.0; 7.00.9466.0>
2007-04-17 20:46:27 0 d-------- C:\Program Files\AIM
2007-04-17 20:44:58 348160 --a------ C:\WINDOWS\System32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3052.4; 7.10.3052.4>
2007-04-17 20:44:58 499712 --a------ C:\WINDOWS\System32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
2007-04-17 17:47:10 0 d--hs---- C:\WINDOWS\Installer
2007-04-17 17:47:08 0 d-------- C:\Documents and Settings\LeetSauce\Application Data\Identities
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Templates
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Start Menu
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\SendTo
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\PrintHood
2007-04-17 17:47:00 1572864 --ah----- C:\Documents and Settings\LeetSauce\NTUSER.DAT
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\NetHood
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\My Documents <MYDOCU~1>
2007-04-17 17:47:00 0 d--h----- C:\Documents and Settings\LeetSauce\Local Settings
2007-04-17 17:47:00 0 dr------- C:\Documents and Settings\LeetSauce\Favorites
2007-04-17 17:47:00 0 d-------- C:\Documents and Settings\LeetSauce\Desktop
2007-04-17 17:47:00 0 d---s---- C:\Documents and Settings\LeetSauce\Cookies
2007-04-17 17:47:00 0 dr-h----- C:\Documents and Settings\LeetSauce\Application Data
2007-04-17 17:46:29 0 d--hs---- C:\System Volume Information
2007-04-17 17:46:28 233472 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-17 17:46:28 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-17 17:46:28 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-17 17:46:28 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-17 17:46:27 233472 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-17 17:46:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-17 17:46:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-17 17:46:27 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-17 17:43:31 0 d-------- C:\WINDOWS\System32\xircom
2007-04-17 17:43:31 0 d-------- C:\Program Files\microsoft frontpage
2007-04-17 17:43:20 266240 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-17 17:43:14 0 -rahs---- C:\MSDOS.SYS
2007-04-17 17:43:14 0 -rahs---- C:\IO.SYS
2007-04-17 17:43:14 0 --a------ C:\CONFIG.SYS
2007-04-17 17:43:14 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 17:42:27 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-17 17:42:19 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 17:42:19 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 17:42:00 0 d-------- C:\WINDOWS\srchasst
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\Macromed
2007-04-17 17:40:05 0 d-------- C:\WINDOWS\System32\DirectX
2007-04-17 17:39:56 0 d-------- C:\Program Files\Movie Maker
2007-04-17 17:39:35 0 d-------- C:\WINDOWS\System32\Restore
2007-04-17 17:39:34 28672 --a------ C:\WINDOWS\System32\isrdbg32.dll <Verified; Intel Corporation; ISRDBG32.DLL; 0.0; 0.0>
2007-04-17 17:39:31 0 d-------- C:\WINDOWS\PCHEALTH
2007-04-17 17:39:27 0 d---s---- C:\WINDOWS\Tasks
2007-04-17 17:39:25 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 17:38:59 22720 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-04-17 17:38:42 0 d-------- C:\WINDOWS\Registration
2007-04-17 17:38:35 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-17 17:38:35 0 d-------- C:\Program Files\Online Services
2007-04-17 17:38:30 0 d-------- C:\Program Files\Messenger
2007-04-17 17:38:23 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 17:38:16 44544 --a------ C:\WINDOWS\System32\hticons.dll <Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System; 5.1.2600.0; 5.1.2600.0>
2007-04-17 17:38:15 0 d-------- C:\Program Files\Windows NT
2007-04-17 17:38:08 1161 --a------ C:\WINDOWS\System32\usrlogon.cmd
2007-04-17 17:38:07 0 d-------- C:\WINDOWS\System32\MsDtc
2007-04-17 17:38:05 0 d-------- C:\WINDOWS\System32\Com
2007-04-17 10:32:30 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-17 10:32:28 0 dr------- C:\Program Files
2007-04-17 10:32:28 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-17 10:32:18 103424 --a------ C:\WINDOWS\System32\EqnClass.Dll <Verified; Equinox Systems Inc.; Equinox Multiport Serial Coinstaller; 5.0u(58); 5.0u(58)>
2007-04-17 10:32:18 176157 --a------ C:\WINDOWS\System32\dgrpsetu.dll <Verified; Digi International, Inc.; Digi RealPort® Driver; 2.3.7; 2.3.7>
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2007-04-17 10:32:09 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-17 10:32:09 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-17 10:32:09 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-17 10:32:09 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-17 10:32:09 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot2
2007-04-17 10:31:59 0 d-------- C:\WINDOWS\System32\CatRoot
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-17 10:31:54 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-17 10:31:54 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-17 10:31:42 0 d-------- C:\Documents and Settings
2007-04-17 10:28:07 0 d-------- C:\WINDOWS
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\WinSxS
2007-04-17 10:28:07 0 dr------- C:\WINDOWS\Web
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\twain_32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\system32
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wins
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\wbem
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\usmt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\spool
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ShellExt
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\Setup
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ras
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\oobe
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\npp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\mui
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\inetsrv
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\IME
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\icsxml
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\ias
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\export
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\etc
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\drivers\disdn
2007-04-17 10:28:07 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\dhcp
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\config
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3com_dmi
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\3076
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\2052
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1054
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1042
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1041
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1037
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1033
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1031
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1028
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\System32\1025
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\system
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\security
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Resources
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\repair
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\mui
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\msapps
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\msagent
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Media
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\java
2007-04-17 10:28:07 0 d--h----- C:\WINDOWS\inf
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\ime
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Help
2007-04-17 10:28:07 0 dr--s---- C:\WINDOWS\Fonts
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Driver Cache
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Debug
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Cursors
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\Config
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\AppPatch
2007-04-17 10:28:07 0 d-------- C:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2007-04-24 15:27:53 233632 -rahs---- C:\ntldr
2007-04-17 10:32:09 62 --ahs---- C:\Documents and Settings\LeetSauce\Application Data\desktop.ini
2007-03-15 07:08:13 101438 --a------ C:\WINDOWS\b122.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\System32\frmkjctj.dll [x]
{3EB9C349-7473-48AC-A59B-42F31751974B} C:\PROGRA~1\GoGoData.com\GOGODA~1\TOMAHA~1.DLL
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{B21F0363-961F-4E0B-97EC-8B26D9872A96} C:\WINDOWS\System32\gebcb.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"GoGoTray.exe"="C:\\Program Files\\GoGoData.com\\GoGoData Toolbar\\GoGoTray.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTSysVol"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-04-24 at 16:32:19 ---------

My system seems to be doing better, but i still got some popups every now and then. And when i tried putting in regsvr32 /u occache.dll into Start > Run, I got a message that said : DllUnregisterServer in occache.dll succeeded.

Thanks for all the help ! :)

**TheBruce1** · 04-26-2007, 09:06 AM

Hello again

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

--------------------------------------------------------------------------------------------

Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.

--------------------------------------------------------------------------------------------
Did you also perform this step?

Copy the line below then click Start>Run>then Paste into box.

regsvr32 occache.dll

You should receive a message DllRegisterServer in occache.dll succeeded click ok.

If not, please do so now.(not to worry if you do not get the message as long as you have done the above)
---------------------------------------------------------------------------------------------
Download

Download AVG Anti-Spyware from HERE

Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware

You will need to update AVG Anti-Spyware to the latest definition files.

On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet,we will shortly

----------------------------------------------------------------------------------------------
Boot into safe mode

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------------------------------
Safe Mode Fixes & Scans

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

Viewpoint Media Player(optional)

See Here why.

----------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing)
O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------------------------------------

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Windows\b122.exe

----------------------------------------------------------------------------------------------

Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot in Normal Mode.

-----------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report in your next reply.

--------------------------------------------------------------------------------------------------

Please run Deckard System Scanner again.

-------------------------------------------------------------------------------------------------
Logs Required
Avg scan report
Panda scan report
C:\Deckard\System Scanner\main.txt

Can you supply us with a screenshot of the pop ups your still having,if you do not know how to do this see Here then upload to imageshack or photobucket,copy/paste the image into you next reply,thanks.

C0mputerl0ser · 05-10-2007, 04:47 PM

Sorry it took so long to reply.

Here's my AVG scan :

Quote:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:39:59 PM 4/30/2007

+ Scan result:

C:\System Volume Information\_restore{205C2A3D-720E-4B8A-AC8F-5E371447DDF5}\RP25\A0003516.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{205C2A3D-720E-4B8A-AC8F-5E371447DDF5}\RP90\A0009337.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\fccaxya.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\vturppn.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{205C2A3D-720E-4B8A-AC8F-5E371447DDF5}\RP26\A0003636.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{205C2A3D-720E-4B8A-AC8F-5E371447DDF5}\RP26\A0003642.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\LeetSauce\Desktop\My Documents\Documents\Documents\Winzip\0.99bpatch.zip/Launcher.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\Documents and Settings\LeetSauce\Desktop\My Documents\Documents\Documents\Winzip\MUGaming Reborn.zip/MUGaming Reborn/MuGaming Reborn/Launcher.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{205C2A3D-720E-4B8A-AC8F-5E371447DDF5}\RP26\A0003553.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wbkywkc5ckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wbl4qldpkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wbliqjdzoho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wfkiakd5ihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wfliaodjmdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wfloqgdjido.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@e-2dj6wjmycnazieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@fortunecity[1].txt -> TrackingCookie.Fortunecity : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\LeetSauce\Desktop\My Documents\Documents\Documents\Winzip\TGB_Dual_7.zip/devices/tbr_dll.dll -> Trojan.Gologger.d : Cleaned with backup (quarantined).

::Report end

Heres the Panda Scan :

Quote:

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ads.addynamix[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@bfast[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@com[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\LeetSauce\Cookies\leetsauce@fortunecity[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\LeetSauce\Desktop\new everything into one\ComboFix.exe[ComboFixT\nircmd.cfexe]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gxjurpnn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\pvdjgjeh.dll.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

And i have attached the main.txt to the post. I'm no longer getting popups :) But im still getting alot of tracking cookies from Ad-ware scans. Thanks for the wait, and help

**TheBruce1** · 05-12-2007, 11:56 AM

Hello again

Using Windows Explorer locate and delete this folder.
C:\Qoobox

Quote:

Originally Posted by C0mputerl0ser

But im still getting alot of tracking cookies from Ad-ware scans.

We all get cookies,be careful of what websites you visit and make sure you install IESpyAd as this will help in blocking those types of cookies from installing,for an explanation see Here

You can find the link for IESpyAd below.

Well done,your logs are clean.

Reset Hidden Files

Windows XP
===============

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
* Click Yes to confirm.
* Click OK.

Please update your system to Service Pack 2,as not having the latest services packs and updates can
leave your system wide open to re-infection.
Go Here and install the latest service pack(sp2).

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.
Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

-------------------------------------------------------------------------------------------

Clear Firefox Cookies

* Click Tools -> Options
* Click Privacy Tab
* Click the "Show Cookies" button
* Click the "Remove All Cookies" button, which is at the bottom of the window.
* Click Close

Clear IE6 cookies

*Open IE and click Tools
*Click on Internet Options
*Click on General Tab
*Click on Delte Temp Files & Cookies buttons.

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.

-------------------------------------------------------------------------------------------

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives".Click Apply, and then OK.

This will create a new Restore Point.

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, Bad.

TrendProtect is a FREE browser plug-in that helps you avoid Web pages with unwanted content and hidden threats. TrendProtect rates the current page and pages listed in Google, MSN, and Yahoo search results. You can use the rating to decide if you want to visit or avoid a given Web page. To rate Web pages, TrendProtect refers to an extensive database that covers the following information for billions of Web pages:

* Content category
* Phishing scam detection
* Site reputation
* Page reputation

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.
Note:Only compatible with Firefox 1.5 and higher.

Only install one of the above

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Maxthon

------------------------------------------------------------------------------------------

Free Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm

AntiVirus Products
AOL Antivirus Shield(Powered by Kaspersky),do not install the security toolbar.
Avast!
AVG Antivirus
Antivir free
Bitdefender Free

Only install one firewall and one antivirus product

-------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
AVG Antispyware Free
Ad-Aware
Spybot S&D
Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

* Now navigate to C:\ie-spyad. Double click to open it.
* From within the folder, double-click install.bat
* Select Option #2 - Install the new IE-SPYAD list, by typing 2
* Then return to the main menu.
* Select option #4 - Add the old porn sites domain, by typing 4

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

SnoopFreeis a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

Also, please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread one more time so we can mark it as resolved,thanks

C0mputerl0ser · 05-15-2007, 03:56 PM

Hi! Thanks for all the help! My computer is running great now!
But I was wondering if you know about one more thing. I keep getting these errors when i try to install stuff on to my computer. Heres a screenshot of it, it'll be great if you could help. If not, thats fine too, you tuned my computer nicely =]

**TheBruce1** · 05-17-2007, 11:27 AM

Please visit our Windows XP Forum provide them with as much information as possible,for example which programs are being installed when you receive those error messages.
Also let them know you have been given the all clear from the Hijackthis forum.

Best of luck.

04-23-2007, 08:00 PM	#2 (permalink)
C0mputerl0ser Registered User Join Date: Apr 2007 Posts: 14 OS: Windows XP	Re: Constant Ads And Trojans "Update" I now have a folder in my programs file called Ipwindows and Outerinfo. And now im getting banners from WinAntiVirus + Sysprotect. Last edited by C0mputerl0ser; 04-23-2007 at 08:01 PM.

04-24-2007, 05:28 AM	#3 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Hi and welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please be patient with me during this time. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating

04-24-2007, 10:58 AM	#4 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Hello and welcome to TSF Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding.. -------------------------------------------------------------------------------------------- Download Download ComboFix from here or here Save it to your desktop ---------------------------------------------------------------------------------------------- Spywareguard Please disable Spywareguard, as it may hinder the removal of some entries. You can re-enable it after you're clean. Right click the running icon of Spywareguard located in the system tray Go to Menu > File > Exit and confirm the programs close. -------------------------------------------------------------------------------------------- Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Ipwindows Outerinfo ---------------------------------------------------------------------------------------------- Run ComboFix Double click on ComboFix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. --------------------------------------------------------------------------------------------- Deletions Click Start->Run and copy/paste the following text into the Run box and click OK: regsvr32 /u occache.dll Delete the following Files indicated in RED c:\windows\downloaded program files\UWA7P_0001_N91M0809NetInstaller.exe C:\WINDOWS\b122.exe C:\WINDOWS\system32\pvdjgjeh.dll Now, click Start>Run and copy/paste the following text into the Run box and click OK: regsvr32 occache.dll ---------------------------------------------------------------------------------------------- IMPORTANT!: Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system (except service pack 2) (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online. Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here. Note If you're having trouble locating the service pack SP1a here is a direct link to download it from.. http://download.microsoft.com/downlo...p1a_en_x86.exe Thank you for your cooperation. ----------------------------------------------------------------------------------------------- Deckark System Scanner Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. ---------------------------------------------------------------------------------------------- Logs Required C:\Combofix.txt C:\Deckard\System Scanner\main.txt C:\Deckard\System Scanner\extra.txt<-----Attached Also let me know how your system is behaving. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by Ried; 04-24-2007 at 11:18 AM.

04-26-2007, 09:06 AM	#6 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Hello again Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. -------------------------------------------------------------------------------------------- Please follow all instructions and in which order they come,if you have any questions,please ask before proceeding. -------------------------------------------------------------------------------------------- Did you also perform this step? Copy the line below then click Start>Run>then Paste into box. regsvr32 occache.dll You should receive a message DllRegisterServer in occache.dll succeeded click ok. If not, please do so now.(not to worry if you do not get the message as long as you have done the above) --------------------------------------------------------------------------------------------- Download Download AVG Anti-Spyware from HERE Install AVG Anti-Spyware Double-click the icon on Desktop to launch AVG Anti-Spyware You will need to update AVG Anti-Spyware to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab. Once in the Settings screen click on "Recommended actions" and then select "Quarantine". Under "Reports" Select "Automatically generate report after every scan" Un-Select "Only if threats were found" When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet,we will shortly ---------------------------------------------------------------------------------------------- Boot into safe mode Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. -------------------------------------------------------------------------------------------- Safe Mode Fixes & Scans Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Viewpoint Media Player(optional) See Here why. ---------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any) O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\frmkjctj.dll (file missing) O2 - BHO: (no name) - {B21F0363-961F-4E0B-97EC-8B26D9872A96} - C:\WINDOWS\System32\gebcb.dll (file missing) *Please remember to close all other windows, including browsers then click Fix checked.* -------------------------------------------------------------------------------------------- Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Windows\b122.exe ---------------------------------------------------------------------------------------------- Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. Once the scan is complete do the following: If you have any infections you will prompted, then select "Apply all actions" Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important). Close AVG Anti-Spyware and Reboot in Normal Mode. ----------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on located at the bottom of the page. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click "Free Online Scan" The download of the 8 MB Panda's ActiveX control will take place Begin the scan by selecting If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on then click * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report in your next reply. -------------------------------------------------------------------------------------------------- Please run Deckard System Scanner again. ------------------------------------------------------------------------------------------------- Logs Required Avg scan report Panda scan report C:\Deckard\System Scanner\main.txt Can you supply us with a screenshot of the pop ups your still having,if you do not know how to do this see Here then upload to imageshack or photobucket,copy/paste the image into you next reply,thanks. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating Last edited by TheBruce1; 04-26-2007 at 09:07 AM.

05-15-2007, 03:56 PM	#9 (permalink)
C0mputerl0ser Registered User Join Date: Apr 2007 Posts: 14 OS: Windows XP	Re: Constant Ads And Trojans Hi! Thanks for all the help! My computer is running great now! But I was wondering if you know about one more thing. I keep getting these errors when i try to install stuff on to my computer. Heres a screenshot of it, it'll be great if you could help. If not, thats fine too, you tuned my computer nicely =]

05-17-2007, 11:27 AM	#10 (permalink)
TheBruce1 Moderator, Analyst, Security Team Join Date: Oct 2006 Location: Dùn Èideann,Scotland. Posts: 5,093 OS: XP	Re: Constant Ads And Trojans Please visit our Windows XP Forum provide them with as much information as possible,for example which programs are being installed when you receive those error messages. Also let them know you have been given the all clear from the Hijackthis forum. Best of luck. __________________ Member of ASAP since 2007 Member of UNITE since 2008 Notice to BT customers BT to dump Phorm, see Here for more information. No DPI If we have helped you in anyway, please consider Donating