Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page popups and system issues
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-26-2007, 01:25 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

popups and system issues
I scanned for viruses with AVG and removed what was there, the I scanned with Ad-aware SE and AVG Spyware and removed all threats. I'm still getting lots of popups and have major system problems. I'm not very computer savvy and don't know what to do next so I'm sending you my HyjackThis Log as a document file in hopes that you might be able to help me. I hope I haven't messed things up to much!
Attached Files
File Type: doc hijackthis.doc (10.4 KB, 0 views)
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-26-2007, 04:36 PM   #2 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

Re: popups and system issues
I'm not sure how to add to the original post. Here is the most recent HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 4:57:20 PM, on 4/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\kkqxtkps.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe /startupscan
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4773AC35-5EC9-4C86-82AA-78F3BE563194} (AtlBoxWordCtlAttrib Class) - http://playgames.comcast.net/online2...e/aquacade.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay133.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1170162290953
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {A219C6A1-B503-42A9-95DC-A84B2CC1231F} (AtlAsianataCtlAttrib Class) - http://playgames.comcast.net/online2...a/asianata.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://comcast.oberon-media.com/onli...h.1.0.0.80.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playgames.comcast.net/online2...ploader_v6.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-26-2007, 04:39 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

Re: popups and system issues
Quote:
Originally Posted by debneal57 View Post
I scanned for viruses with AVG and removed what was there, the I scanned with Ad-aware SE and AVG Spyware and removed all threats. I'm still getting lots of popups and have major system problems. I'm not very computer savvy and don't know what to do next so I'm sending you my HyjackThis Log as a document file in hopes that you might be able to help me. I hope I haven't messed things up to much!
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 10:04 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,228
OS: 2000 Pro; XP Pro; XP Home


Re: popups and system issues
  1. Download combofix.exe to your desktop.
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 12:36 PM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

Re: popups and system issues
ok-since my last post, I lost all e-mail retrevial and internet(other than unwanted pop-ups) so I formated and tried to do a clean install with what I thought was a clean XP Home [OEM]. I have a license key and used a Key changer to change to my license. I installed my programs and AVG Spyware detected and quarantined - TROJAN.SMALL.EDZ + HIJACKER.BARBEN. Here is the log from Combo fix that you asked me to run. Hopefully starting fresh is better.




"Owner" - 07-04-30 13:10:43 Service Pack 2
ComboFix 07-04-28.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 00:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-04-29 23:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-29 23:14 <DIR> d-------- C:\Program Files\Microsoft Money
2007-04-29 18:32 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-04-29 18:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-29 14:58 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-04-29 14:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-29 14:20 <DIR> d-------- C:\Program Files\Nero
2007-04-29 14:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-29 13:42 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-29 13:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-29 13:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-29 12:34 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-29 12:31 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-04-29 12:30 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-29 12:29 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-29 12:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-29 12:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-29 12:05 <DIR> d-------- C:\Program Files\Winamp
2007-04-29 12:00 <DIR> d-------- C:\Program Files\Trillian
2007-04-29 11:55 <DIR> d-------- C:\Program Files\Smart Projects
2007-04-29 11:39 45,056 --------- C:\WINDOWS\system32\EpPicPrt.dll
2007-04-29 11:39 45,056 --------- C:\WINDOWS\system32\EpPicMgr.dll
2007-04-29 11:39 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-04-29 11:39 29,521 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-04-29 11:39 20,910 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-04-29 11:39 20,869 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-04-29 11:39 <DIR> d-------- C:\EPSONREG
2007-04-29 11:39 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Leadertech
2007-04-29 11:38 98,304 -ra------ C:\WINDOWS\StiRegstEng.dll
2007-04-29 11:38 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-04-29 11:38 73,810 --a------ C:\WINDOWS\system32\rapi.dll
2007-04-29 11:38 41,044 --a------ C:\WINDOWS\system32\ceutil.dll
2007-04-29 11:38 <DIR> d-------- C:\Program Files\NewSoft
2007-04-29 11:37 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-04-29 11:35 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-04-29 11:35 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-04-29 11:35 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-04-29 11:35 <DIR> d-------- C:\Program Files\Smart Panel
2007-04-29 11:34 65,793 --a------ C:\WINDOWS\system32\esfw43.bin
2007-04-29 11:34 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-04-29 11:34 32,768 --a------ C:\WINDOWS\system32\eswia43.dll
2007-04-29 11:34 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-04-29 11:34 163,840 --a------ C:\WINDOWS\system32\esint43.dll
2007-04-29 11:34 <DIR> d-------- C:\Program Files\epson
2007-04-29 11:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\HP
2007-04-29 11:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-04-29 11:15 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-29 11:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-04-29 11:14 <DIR> d-------- C:\Program Files\Common Files\HP
2007-04-29 11:11 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-04-29 11:11 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-29 11:11 37,376 --a------ C:\WINDOWS\system32\hpz3l43a.dll
2007-04-29 11:11 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-29 11:10 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-29 11:10 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-29 11:10 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-29 11:10 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-29 11:10 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-29 11:10 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-29 11:10 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-29 11:09 <DIR> d-------- C:\Program Files\HP
2007-04-29 11:07 3,732 --------- C:\WINDOWS\hpfmdl09.dat
2007-04-29 11:07 104,494 --a------ C:\WINDOWS\HPFins09.dat
2007-04-29 10:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-29 10:38 458,112 --a------ C:\WINDOWS\system32\drivers\MarvinUsb.sys
2007-04-29 10:38 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-04-29 10:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-29 10:18 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2007-04-29 10:18 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2007-04-29 10:18 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2007-04-29 10:18 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-04-29 10:18 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2007-04-29 10:18 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2007-04-29 10:18 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2007-04-29 10:18 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2007-04-29 10:18 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-04-29 10:18 40,960 --------- C:\WINDOWS\system32\langserv.dll
2007-04-29 10:18 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2007-04-29 10:18 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2007-04-29 10:18 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-04-29 10:18 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2007-04-29 10:18 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2007-04-29 10:18 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2007-04-29 10:18 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2007-04-29 10:18 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2007-04-29 10:18 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2007-04-29 10:18 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2007-04-29 10:18 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2007-04-29 10:18 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2007-04-29 10:18 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2007-04-29 10:16 <DIR> d-------- C:\Program Files\SmartSound Software
2007-04-29 10:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-04-29 10:15 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-04-29 10:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-04-29 10:15 <DIR> d-------- C:\Program Files\QuickTime
2007-04-29 10:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-04-29 10:14 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-04-29 10:14 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2007-04-29 10:14 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-04-29 10:14 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-04-29 10:13 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-04-29 10:12 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-29 10:12 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-29 10:12 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-29 10:12 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-29 10:12 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-29 10:12 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-29 10:10 <DIR> d-------- C:\Program Files\Pinnacle
2007-04-29 10:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-04-29 09:24 <DIR> d-------- C:\Program Files\Gemstar
2007-04-29 09:24 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-29 09:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
2007-04-29 08:52 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI MMC
2007-04-29 08:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
2007-04-29 08:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-29 08:40 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-29 08:38 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2007-04-29 08:32 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-04-29 08:32 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-04-29 08:32 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-04-29 08:32 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-04-29 08:27 <DIR> d-------- C:\Program Files\TitanTV
2007-04-29 08:26 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 08:26 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-04-29 08:26 <DIR> d-------- C:\Program Files\Windows Media Components
2007-04-29 07:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-04-29 07:47 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-04-29 07:47 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-29 07:39 <DIR> d-------- C:\ATI
2007-04-29 06:57 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-04-29 06:57 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-04-29 06:57 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-04-29 06:54 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-04-29 06:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-29 06:53 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-29 06:31 <DIR> d-------- C:\Program Files\MSBuild
2007-04-29 06:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-29 06:27 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-29 06:27 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-29 06:26 <DIR> d-------- C:\0e49d46b42f0fc6211816ca6f4b071
2007-04-29 06:23 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-29 06:23 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-29 06:21 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-29 06:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-29 04:53 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-29 04:43 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-04-29 04:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-29 04:14 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-29 03:58 <DIR> d--hs---- C:\RECYCLER
2007-04-29 03:39 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-29 03:28 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-29 03:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-29 03:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-29 02:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-29 02:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-29 02:39 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-29 02:36 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-29 02:36 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-04-29 02:36 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-29 02:13 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-29 02:13 1,835,008 --ah----- C:\DOCUME~1\Owner\NTUSER.DAT
2007-04-29 02:11 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-29 02:09 524,288 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-29 02:09 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-29 02:05 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-29 02:05 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-29 02:05 0 -rahs---- C:\MSDOS.SYS
2007-04-29 02:05 0 -rahs---- C:\IO.SYS
2007-04-29 02:05 0 --a------ C:\CONFIG.SYS
2007-04-29 02:05 0 --a------ C:\AUTOEXEC.BAT
2007-04-29 02:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-29 02:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-29 02:04 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-29 02:03 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-29 02:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-29 02:03 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-29 02:03 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-29 02:02 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-29 02:02 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-29 02:02 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-29 02:02 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-29 02:02 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-29 02:02 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-29 02:02 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-29 02:02 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-29 02:02 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-29 02:02 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-29 02:02 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-29 02:02 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-29 02:02 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-29 02:02 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-29 02:02 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-29 02:02 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-29 02:02 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-29 02:02 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-29 02:02 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-29 02:02 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-29 02:02 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-29 02:02 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-29 02:02 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-29 02:02 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-29 02:02 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-29 02:02 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-29 02:02 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-29 02:02 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-29 02:02 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-29 02:02 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-29 02:02 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-29 02:02 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-29 02:02 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-29 02:02 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-29 02:02 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-29 02:02 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-29 02:02 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-29 02:02 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-29 02:02 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-29 02:02 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-29 02:02 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-29 02:02 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-29 02:02 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-29 02:02 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-29 02:02 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-29 02:02 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-29 02:02 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-29 02:02 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-29 02:01 22,720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-29 02:01 <DIR> d-------- C:\WINDOWS\Registration
2007-04-29 02:00 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-29 02:00 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-29 02:00 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-29 02:00 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-29 02:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-29 02:00 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-29 02:00 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-29 02:00 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-29 02:00 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-29 02:00 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-29 02:00 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-29 02:00 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-29 02:00 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-29 02:00 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-29 02:00 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-29 02:00 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-29 02:00 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-29 02:00 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-29 02:00 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-29 02:00 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-29 02:00 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-29 02:00 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-29 02:00 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-29 02:00 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-29 02:00 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-29 02:00 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-29 02:00 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-29 02:00 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-29 02:00 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-29 02:00 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-29 02:00 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-29 02:00 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-29 02:00 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-29 02:00 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-29 02:00 <DIR> d-------- C:\Program Files\Online Services
2007-04-29 02:00 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-29 02:00 <DIR> d-------- C:\Program Files\Messenger
2007-04-29 01:59 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-29 01:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-29 01:59 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-29 01:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-29 01:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-29 01:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-29 01:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-29 01:59 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-29 01:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-29 01:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-29 01:59 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-29 01:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-29 01:59 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-29 01:59 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-29 01:59 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-29 01:59 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-29 01:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-29 01:59 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-29 01:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-29 01:59 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-29 01:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-29 01:59 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-29 01:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-29 01:59 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-29 01:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-29 01:59 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-29 01:59 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-29 01:59 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-29 01:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-29 01:59 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-29 01:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-29 01:59 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-29 01:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-29 01:59 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-29 01:59 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-29 01:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-29 01:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-29 01:59 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-29 01:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-29 01:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-29 01:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-29 01:59 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-29 01:59 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-29 01:59 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-29 01:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-29 01:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-29 01:59 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-29 01:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-29 01:59 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-29 01:59 <DIR> d-------- C:\Program Files\Windows NT
2007-04-28 20:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-28 20:52 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-28 20:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-28 20:52 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-28 20:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-28 20:51 73,216 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-28 20:51 63,488 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-28 20:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-28 20:51 52,224 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-28 20:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-28 20:51 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-04-28 20:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-28 20:51 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-28 20:51 13,824 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-28 20:51 104,960 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-28 20:50 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-28 20:50 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-28 20:49 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-04-28 20:49 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-28 20:49 356,352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-04-28 20:49 267,776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-04-28 20:49 2,820,544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-04-28 20:49 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-28 20:49 1,315,712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-04-28 20:48 652,689 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2007-04-28 20:48 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-04-28 20:46 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-28 20:46 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-28 20:46 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-28 20:46 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-28 20:46 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-28 20:46 <DIR> dr------- C:\Program Files
2007-04-28 20:46 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-28 20:46 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-28 20:46 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-28 20:46 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-28 20:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-28 20:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-28 20:44 <DIR> d--hs---- C:\System Volume Information
2007-04-28 20:44 <DIR> d-------- C:\Documents and Settings
2007-04-28 20:37 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-28 20:37 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-28 20:37 <DIR> dr------- C:\WINDOWS\Web
2007-04-28 20:37 <DIR> d--h----- C:\WINDOWS\inf
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\security
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Resources
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\repair
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\mui
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\msapps
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\msagent
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Media
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\ime
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Help
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Debug
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Config
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\addins
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-28 20:46 62 --ahs---- C:\DOCUME~1\Owner\APPLIC~1\desktop.ini
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 20:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-14 20:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-14 20:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-14 20:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-14 20:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-14 20:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-14 20:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-14 20:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-14 20:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-14 20:29 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-03-14 20:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-14 20:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-14 20:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-14 19:27 972336 --a------ C:\WINDOWS\unrecode.exe
2007-03-14 19:19 972336 --a------ C:\WINDOWS\unnerobackitup.exe
2007-03-14 19:19 95864 --a------ C:\WINDOWS\system32\neroco.dll
2007-03-12 18:54 38576 --a------ C:\WINDOWS\system32\drivers\InCDRm.sys
2007-03-12 18:54 37040 --a------ C:\WINDOWS\system32\drivers\InCDPass.sys
2007-03-12 18:54 239152 --a------ C:\WINDOWS\nuninst.exe
2007-03-12 18:54 16304 --a------ C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-12 18:53 118064 --a------ C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-12 13:51 972336 --a------ C:\WINDOWS\unneromediahome.exe
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 17:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-28 20:53 972336 --a------ C:\WINDOWS\unnerovision.exe
2007-02-28 15:41 972336 --a------ C:\WINDOWS\unneroshowtime.exe
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{AE7CD045-E861-484f-8273-0445EE161910}"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"AlcxMonitor"="ALCXMNTR.EXE"
"LTMSG"="LTMSG.exe 7"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"NWEReboot"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SecurDisc"="C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ATI Remote Control"="\"C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe\""
"ATI Launchpad"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\EPG_REC_000.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 13:12:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 13:13:00
C:\ComboFix-quarantined-files.txt ... 07-04-30 13:13
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 01:08 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,228
OS: 2000 Pro; XP Pro; XP Home


Re: popups and system issues
ComboFix was to be run against what had been showing on your system as presented in the HijackThis log you posted.


Quote:
Post that log in your next reply with a new HJT log
Post a new HijackThis log as well, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 02:06 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

Re: popups and system issues
HIJACKTHIS LOG =

Logfile of HijackThis v1.99.1
Scan saved at 2:58:11 PM, on 4/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\AOL\1177962369\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177962369\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.xdrive.com/downloads/std_install/setup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1177832176781
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe


COMBOFIX LOG =

"Owner" - 07-04-30 14:59:36 Service Pack 2
ComboFix 07-04-28.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-03-28 to 2007-04-30 ))))))))))))))))))))))))))))))))))


2007-04-30 14:46 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-04-30 14:46 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
2007-04-30 14:46 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-04-30 14:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-04-30 14:45 55,808 --a------ C:\WINDOWS\system32\zlib1.dll
2007-04-30 14:45 <DIR> d-------- C:\Program Files\Xdrive
2007-04-30 14:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2007-04-30 14:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Xdrive
2007-04-30 14:42 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\InstallShield Installation Information
2007-04-30 13:13 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-04-30 00:00 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-04-29 23:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-04-29 23:14 <DIR> d-------- C:\Program Files\Microsoft Money
2007-04-29 18:32 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-04-29 18:30 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-29 14:58 <DIR> d-------- C:\Program Files\Elaborate Bytes
2007-04-29 14:52 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-29 14:20 <DIR> d-------- C:\Program Files\Nero
2007-04-29 14:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-29 13:42 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-04-29 13:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-04-29 13:34 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-29 12:34 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-29 12:31 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-04-29 12:30 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-29 12:29 <DIR> d-------- C:\Program Files\Microsoft Works
2007-04-29 12:28 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-29 12:27 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-29 12:05 <DIR> d-------- C:\Program Files\Winamp
2007-04-29 12:00 <DIR> d-------- C:\Program Files\Trillian
2007-04-29 11:55 <DIR> d-------- C:\Program Files\Smart Projects
2007-04-29 11:39 45,056 --------- C:\WINDOWS\system32\EpPicPrt.dll
2007-04-29 11:39 45,056 --------- C:\WINDOWS\system32\EpPicMgr.dll
2007-04-29 11:39 413,696 --a------ C:\WINDOWS\system32\PICSDK.dll
2007-04-29 11:39 29,521 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2007-04-29 11:39 20,910 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2007-04-29 11:39 20,869 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2007-04-29 11:39 <DIR> d-------- C:\EPSONREG
2007-04-29 11:39 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Leadertech
2007-04-29 11:38 98,304 -ra------ C:\WINDOWS\StiRegstEng.dll
2007-04-29 11:38 78,608 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-04-29 11:38 73,810 --a------ C:\WINDOWS\system32\rapi.dll
2007-04-29 11:38 41,044 --a------ C:\WINDOWS\system32\ceutil.dll
2007-04-29 11:38 <DIR> d-------- C:\Program Files\NewSoft
2007-04-29 11:37 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2007-04-29 11:35 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-04-29 11:35 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-04-29 11:35 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-04-29 11:35 <DIR> d-------- C:\Program Files\Smart Panel
2007-04-29 11:34 65,793 --a------ C:\WINDOWS\system32\esfw43.bin
2007-04-29 11:34 47,104 --a------ C:\WINDOWS\system32\escimgn.dll
2007-04-29 11:34 32,768 --a------ C:\WINDOWS\system32\eswia43.dll
2007-04-29 11:34 23,552 --a------ C:\WINDOWS\system32\esccmn.dll
2007-04-29 11:34 163,840 --a------ C:\WINDOWS\system32\esint43.dll
2007-04-29 11:34 <DIR> d-------- C:\Program Files\epson
2007-04-29 11:23 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\HP
2007-04-29 11:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-04-29 11:15 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-29 11:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-04-29 11:14 <DIR> d-------- C:\Program Files\Common Files\HP
2007-04-29 11:11 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-04-29 11:11 49,920 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-29 11:11 37,376 --a------ C:\WINDOWS\system32\hpz3l43a.dll
2007-04-29 11:11 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-29 11:10 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-29 11:10 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-29 11:10 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-29 11:10 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-29 11:10 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-29 11:10 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-29 11:10 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-29 11:09 <DIR> d-------- C:\Program Files\HP
2007-04-29 11:07 3,732 --------- C:\WINDOWS\hpfmdl09.dat
2007-04-29 11:07 104,494 --a------ C:\WINDOWS\HPFins09.dat
2007-04-29 10:49 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-04-29 10:38 458,112 --a------ C:\WINDOWS\system32\drivers\MarvinUsb.sys
2007-04-29 10:38 171,008 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2007-04-29 10:18 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-04-29 10:18 82,432 --------- C:\WINDOWS\system32\msxml4r.dll
2007-04-29 10:18 81,920 --------- C:\WINDOWS\system32\vdrmux.dll
2007-04-29 10:18 76,800 --------- C:\WINDOWS\system32\Lfwmf13n.dll
2007-04-29 10:18 73,728 --------- C:\WINDOWS\system32\MMAviAx.dll
2007-04-29 10:18 73,728 --------- C:\WINDOWS\system32\lffax13n.dll
2007-04-29 10:18 65,536 --------- C:\WINDOWS\system32\Lfpct13n.dll
2007-04-29 10:18 46,592 --------- C:\WINDOWS\system32\vdrcodec.dll
2007-04-29 10:18 453,120 --------- C:\WINDOWS\system32\ltkrn13n.dll
2007-04-29 10:18 44,544 --------- C:\WINDOWS\system32\msxml4a.dll
2007-04-29 10:18 40,960 --------- C:\WINDOWS\system32\langserv.dll
2007-04-29 10:18 393,216 --------- C:\WINDOWS\system32\LFCMP13n.DLL
2007-04-29 10:18 32,768 --------- C:\WINDOWS\system32\MLPagAx.dll
2007-04-29 10:18 30,208 --------- C:\WINDOWS\system32\lfbmp13n.dll
2007-04-29 10:18 294,912 --------- C:\WINDOWS\system32\pvmjpg21.dll
2007-04-29 10:18 278,016 --------- C:\WINDOWS\system32\LFJ2K13n.dll
2007-04-29 10:18 24,576 --------- C:\WINDOWS\system32\lftga13n.dll
2007-04-29 10:18 204,881 --------- C:\WINDOWS\system32\DiskIO.dll
2007-04-29 10:18 18,432 --------- C:\WINDOWS\system32\Cachex.dll
2007-04-29 10:18 155,721 --------- C:\WINDOWS\system32\RALMain.dll
2007-04-29 10:18 153,088 --------- C:\WINDOWS\system32\ltfil13n.DLL
2007-04-29 10:18 143,360 --------- C:\WINDOWS\system32\lftif13n.dll
2007-04-29 10:18 114,759 --------- C:\WINDOWS\system32\Aviprax.dll
2007-04-29 10:18 1,693,696 --------- C:\WINDOWS\system32\LTCLR13n.dll
2007-04-29 10:16 <DIR> d-------- C:\Program Files\SmartSound Software
2007-04-29 10:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
2007-04-29 10:15 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-04-29 10:15 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-04-29 10:15 <DIR> d-------- C:\Program Files\QuickTime
2007-04-29 10:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-04-29 10:14 406,016 --a------ C:\WINDOWS\system32\PSDrvCheck.exe
2007-04-29 10:14 19,456 --a------ C:\WINDOWS\system32\asapi.dll
2007-04-29 10:14 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-04-29 10:14 11,264 --a------ C:\WINDOWS\system32\drivers\asapiW2k.sys
2007-04-29 10:13 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-04-29 10:12 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-04-29 10:12 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-04-29 10:12 65,536 --a------ C:\WINDOWS\system32\MFC71DEU.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\pclepim1.dll
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71ITA.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71FRA.DLL
2007-04-29 10:12 61,440 --a------ C:\WINDOWS\system32\MFC71ESP.DLL
2007-04-29 10:12 57,344 --a------ C:\WINDOWS\system32\MFC71ENU.DLL
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\PCLEGetGuid.dll
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\MFC71KOR.DLL
2007-04-29 10:12 49,152 --a------ C:\WINDOWS\system32\MFC71JPN.DLL
2007-04-29 10:12 45,056 --a------ C:\WINDOWS\system32\MFC71CHT.DLL
2007-04-29 10:12 40,960 --a------ C:\WINDOWS\system32\MFC71CHS.DLL
2007-04-29 10:10 <DIR> d-------- C:\Program Files\Pinnacle
2007-04-29 10:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2007-04-29 09:24 <DIR> d-------- C:\Program Files\Gemstar
2007-04-29 09:24 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2007-04-29 09:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
2007-04-29 08:52 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI MMC
2007-04-29 08:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ATI MMC
2007-04-29 08:45 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-04-29 08:40 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-04-29 08:38 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2007-04-29 08:32 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2007-04-29 08:32 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2007-04-29 08:32 <DIR> d-------- C:\Program Files\Common Files\ATI
2007-04-29 08:32 <DIR> d-------- C:\Program Files\ATI Multimedia
2007-04-29 08:27 <DIR> d-------- C:\Program Files\TitanTV
2007-04-29 08:26 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-04-29 08:26 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-04-29 08:26 <DIR> d-------- C:\Program Files\Windows Media Components
2007-04-29 07:50 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\ATI
2007-04-29 07:47 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-04-29 07:47 <DIR> d-------- C:\Program Files\ATI Technologies
2007-04-29 07:39 <DIR> d-------- C:\ATI
2007-04-29 06:57 363,520 --a------ C:\WINDOWS\system32\PsisDecd.dll
2007-04-29 06:57 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-04-29 06:57 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-04-29 06:54 168,832 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys
2007-04-29 06:53 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-29 06:53 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-29 06:31 <DIR> d-------- C:\Program Files\MSBuild
2007-04-29 06:28 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-04-29 06:27 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-04-29 06:27 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-04-29 06:26 <DIR> d-------- C:\0e49d46b42f0fc6211816ca6f4b071
2007-04-29 06:23 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-29 06:23 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-29 06:21 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-04-29 06:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-04-29 04:53 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-29 04:43 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-04-29 04:14 503,808 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-04-29 04:14 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-04-29 03:58 <DIR> d--hs---- C:\RECYCLER
2007-04-29 03:39 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-29 03:28 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-04-29 03:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-29 03:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-29 02:39 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-29 02:39 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-29 02:39 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-29 02:36 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2007-04-29 02:36 <DIR> d---s---- C:\DOCUME~1\Owner\UserData
2007-04-29 02:36 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-29 02:13 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-29 02:13 2,097,152 --ah----- C:\DOCUME~1\Owner\NTUSER.DAT
2007-04-29 02:11 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-29 02:09 524,288 --a------ C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-29 02:09 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-29 02:05 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-29 02:05 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-29 02:05 0 -rahs---- C:\MSDOS.SYS
2007-04-29 02:05 0 -rahs---- C:\IO.SYS
2007-04-29 02:05 0 --a------ C:\CONFIG.SYS
2007-04-29 02:05 0 --a------ C:\AUTOEXEC.BAT
2007-04-29 02:05 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-29 02:05 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-29 02:04 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-29 02:03 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-29 02:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-29 02:03 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-29 02:03 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-29 02:02 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-29 02:02 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-29 02:02 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-29 02:02 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-29 02:02 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-29 02:02 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-29 02:02 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-29 02:02 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-29 02:02 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-29 02:02 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-29 02:02 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-29 02:02 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-29 02:02 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-29 02:02 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-29 02:02 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-29 02:02 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-29 02:02 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-29 02:02 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-29 02:02 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-29 02:02 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-29 02:02 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-29 02:02 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-29 02:02 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-29 02:02 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-29 02:02 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-29 02:02 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-29 02:02 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-29 02:02 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-29 02:02 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-04-29 02:02 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-29 02:02 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-29 02:02 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-29 02:02 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-29 02:02 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-29 02:02 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-29 02:02 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-29 02:02 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-29 02:02 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2007-04-29 02:02 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-29 02:02 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-29 02:02 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-29 02:02 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-29 02:02 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-29 02:02 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-29 02:02 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-29 02:02 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-29 02:02 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-29 02:02 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-29 02:02 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-29 02:01 22,720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-29 02:01 <DIR> d-------- C:\WINDOWS\Registration
2007-04-29 02:00 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-29 02:00 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-29 02:00 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-29 02:00 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-29 02:00 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-29 02:00 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-29 02:00 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-29 02:00 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-29 02:00 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-29 02:00 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-29 02:00 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-29 02:00 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-29 02:00 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-29 02:00 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-29 02:00 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-29 02:00 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-29 02:00 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-29 02:00 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-29 02:00 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-29 02:00 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-29 02:00 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-29 02:00 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-29 02:00 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-29 02:00 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-29 02:00 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-29 02:00 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-29 02:00 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-29 02:00 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-29 02:00 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-29 02:00 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-29 02:00 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-29 02:00 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-29 02:00 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-29 02:00 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-29 02:00 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-29 02:00 <DIR> d-------- C:\Program Files\Online Services
2007-04-29 02:00 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-29 02:00 <DIR> d-------- C:\Program Files\Messenger
2007-04-29 01:59 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-29 01:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-29 01:59 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-29 01:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-29 01:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-29 01:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-29 01:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-29 01:59 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-29 01:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-29 01:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-29 01:59 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-29 01:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-29 01:59 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-29 01:59 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-29 01:59 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-29 01:59 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-29 01:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-29 01:59 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-29 01:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-29 01:59 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-29 01:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-29 01:59 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-29 01:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-29 01:59 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-29 01:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-29 01:59 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-29 01:59 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-29 01:59 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-29 01:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-29 01:59 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-29 01:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-29 01:59 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-29 01:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-29 01:59 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-29 01:59 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-29 01:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-29 01:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-29 01:59 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-29 01:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-29 01:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-29 01:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-29 01:59 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-29 01:59 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-29 01:59 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-29 01:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-29 01:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-29 01:59 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-29 01:59 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-29 01:59 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-29 01:59 <DIR> d-------- C:\Program Files\Windows NT
2007-04-28 20:52 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-28 20:52 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-28 20:52 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-28 20:52 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-28 20:52 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-28 20:51 73,216 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-04-28 20:51 63,488 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-04-28 20:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-28 20:51 52,224 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-04-28 20:51 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-28 20:51 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-04-28 20:51 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-28 20:51 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-28 20:51 13,824 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-04-28 20:51 104,960 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-04-28 20:50 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-28 20:50 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-28 20:49 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-04-28 20:49 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-04-28 20:49 356,352 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-04-28 20:49 267,776 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-04-28 20:49 2,820,544 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-04-28 20:49 1,986,560 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-04-28 20:49 1,315,712 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-04-28 20:48 652,689 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2007-04-28 20:48 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-04-28 20:46 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-28 20:46 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-28 20:46 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-28 20:46 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-28 20:46 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-28 20:46 <DIR> dr------- C:\Program Files
2007-04-28 20:46 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-28 20:46 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-28 20:46 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-28 20:46 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-28 20:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-28 20:45 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-28 20:44 <DIR> d--hs---- C:\System Volume Information
2007-04-28 20:44 <DIR> d-------- C:\Documents and Settings
2007-04-28 20:37 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-28 20:37 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-28 20:37 <DIR> dr------- C:\WINDOWS\Web
2007-04-28 20:37 <DIR> d--h----- C:\WINDOWS\inf
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system32
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\system
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\security
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Resources
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\repair
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\mui
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\msapps
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\msagent
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Media
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\ime
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Help
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Debug
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\Config
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS\addins
2007-04-28 20:37 <DIR> d-------- C:\WINDOWS


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-28 20:46 62 --ahs---- C:\DOCUME~1\Owner\APPLIC~1\desktop.ini
2007-03-23 06:07 583504 --------- C:\WINDOWS\system32\xpsshhdr.dll
2007-03-23 06:07 1683280 --------- C:\WINDOWS\system32\xpssvcs.dll
2007-03-22 20:25 124928 --------- C:\WINDOWS\system32\prntvpt.dll
2007-03-17 08:43 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-14 20:58 315392 --a------ C:\WINDOWS\system32\atidemgx.dll
2007-03-14 20:55 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-03-14 20:50 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-03-14 20:50 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe
2007-03-14 20:50 122880 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-03-14 20:50 114688 --a------ C:\WINDOWS\system32\oemdspif.dll
2007-03-14 20:49 114688 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-03-14 20:48 450560 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-03-14 20:47 53248 --a------ C:\WINDOWS\system32\atiddc.dll
2007-03-14 20:29 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-03-14 20:19 5402624 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-03-14 20:16 258048 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-03-14 20:14 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-03-14 19:27 972336 --a------ C:\WINDOWS\unrecode.exe
2007-03-14 19:19 972336 --a------ C:\WINDOWS\unnerobackitup.exe
2007-03-14 19:19 95864 --a------ C:\WINDOWS\system32\neroco.dll
2007-03-12 18:54 38576 --a------ C:\WINDOWS\system32\drivers\InCDRm.sys
2007-03-12 18:54 37040 --a------ C:\WINDOWS\system32\drivers\InCDPass.sys
2007-03-12 18:54 239152 --a------ C:\WINDOWS\nuninst.exe
2007-03-12 18:54 16304 --a------ C:\WINDOWS\system32\drivers\InCDrec.sys
2007-03-12 18:53 118064 --a------ C:\WINDOWS\system32\drivers\InCDfs.sys
2007-03-12 13:51 972336 --a------ C:\WINDOWS\unneromediahome.exe
2007-03-08 10:36 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 10:36 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 10:36 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 08:47 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-06 17:04 143676 --a------ C:\WINDOWS\system32\atiicdxx.dat
2007-02-28 20:53 972336 --a------ C:\WINDOWS\unnerovision.exe
2007-02-28 15:41 972336 --a------ C:\WINDOWS\unneroshowtime.exe
2007-02-05 15:17 185344 --a------ C:\WINDOWS\system32\upnphost.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll"
"{AE7CD045-E861-484f-8273-0445EE161910}"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"AlcxMonitor"="ALCXMNTR.EXE"
"LTMSG"="LTMSG.exe 7"
"PinnacleDriverCheck"="C:\\WINDOWS\\system32\\PSDrvCheck.exe -CheckReg"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Adobe Version Cue CS2"="\"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\ControlPanel\\VersionCueCS2Tray.exe\""
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"NWEReboot"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SecurDisc"="C:\\Program Files\\Nero\\Nero 7\\InCD\\NBHGui.exe"
"InCD"="C:\\Program Files\\Nero\\Nero 7\\InCD\\InCD.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1177962369\\ee\\AOLSoftware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"ATI Remote Control"="\"C:\\Program Files\\ATI Multimedia\\RemCtrl\\ATIRW.exe\""
"ATI Launchpad"="\"C:\\Program Files\\ATI Multimedia\\main\\launchpd.exe\""
"ATI DeviceDetect"="C:\\Program Files\\ATI Multimedia\\main\\ATIDtct.EXE"
"ATI Scheduler"="C:\\Program Files\\ATI Multimedia\\main\\ATISched.EXE"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"XdriveTrayIcon"="\"C:\\Program Files\\Xdrive\\Xdrive Desktop\\XdriveTray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\EPG_REC_000.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-30 15:01:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-30 15:01:53
C:\ComboFix-quarantined-files.txt ... 07-04-30 15:01
C:\ComboFix2.txt ... 07-04-30 13:13
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 05:28 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,228
OS: 2000 Pro; XP Pro; XP Home


Re: popups and system issues
Your logs appear clean.You should be good to go. We still have a few items to address.


Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs if you don't have them already:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

  • IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial
  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:

    Do not install more than one firewall program because they will conflict with each other.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-30-2007, 08:46 PM   #9 (permalink)
Registered User
 
Join Date: Apr 2007
Location: IL
Posts: 7
OS: XP Pro

My System

Re: popups and system issues
Thank you so much for your time and expertise. I will be installing more protection so I can avoid these issues in the future. Thanks again.
debneal57 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:10 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85