Results 1 to 8 of 8

Thread: another virtumonde problem

  1. 2007-09-12, 02:01 #1
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default another virtumonde problem

    hey.....I been trying hard to get rid of malicous pop ups I have followed other threads almost verbatium-so i wouldnt have to post another thread on virtumonde. But i am at my whits end and need help.

    high jackthis log file before renaming it:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:50:24 PM, on 9/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    --
    End of file - 2330 bytes

    below is after changing it to whatjack.exe

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:00:02 PM, on 9/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\LSUpdateManager.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\whatjack.exe


    --
    End of file - 2335 bytes
  2. 2007-09-12, 03:30 #2
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, September 11, 2007 8:28:22 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 12/09/2007
    Kaspersky Anti-Virus database records: 412422
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 50345
    Number of viruses found: 17
    Number of infected objects: 38
    Number of suspicious objects: 0
    Duration of the scan process: 01:19:20

    Infected Object Name / Virus Name / Last Action
    C:\check_LSA7.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\logs\update.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\cert8.db Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\history.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\key3.db Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\parent.lock Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\COLORTYME\Application Data\MySpace\IM\Logs\MySpaceIM-20070911-175456.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\dfsr.db Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\fsr.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Messenger\j_holder22@hotmail.com\SharingMetadata\Working\database_9638_FB17_38FA_F559\tmp.edb Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows Live Contacts\j_holder22@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Microsoft\Windows Live Contacts\j_holder22@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Application Data\Mozilla\Firefox\Profiles\4hjxl3y7.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\History\History.IE5\MSHist012007091120070912\index.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\Perflib_Perfdata_98c.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF370A.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF47F3.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DF4904.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFD25.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFDA3.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFDE84.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFE098.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFE16D.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temp\~DFF4CC.tmp Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\COLORTYME\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\COLORTYME\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\COLORTYME\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\billing_COLORTYME.log Object is locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\client_COLORTYME.log Object is locked skipped
    C:\Program Files\Yahoo!\Messenger\logs\network_COLORTYME.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP35\A0005040.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005754.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005755.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005756.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005757.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005765.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005767.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005768.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005769.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005770.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005771.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005772.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005773.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005774.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005775.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005776.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005777.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005778.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005780.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005782.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005784.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005785.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005787.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005788.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005789.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005790.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005793.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005794.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005795.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005796.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005797.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005798.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005799.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005800.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005801.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP37\A0005822.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP51\A0007128.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP63\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat Object is locked skipped
    C:\WINDOWS\temp\Perflib_Perfdata_630.dat Object is locked skipped
    C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  3. 2007-09-12, 03:55 #3
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default combofix log

    ComboFix 07-09-10.6 - "COLORTYME" 2007-09-11 20:39:51.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.234 [GMT -5:00]
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\fwnsihcm.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-08-12 to 2007-09-12 )))))))))))))))))))))))))))))))
    .

    2007-09-10 14:38 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
    2007-09-10 14:38 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
    2007-09-10 14:38 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
    2007-09-10 14:38 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
    2007-09-10 14:38 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
    2007-09-10 14:38 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
    2007-09-10 14:38 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
    2007-09-10 14:38 <DIR> d-------- C:\Program Files\Alwil Software
    2007-09-10 14:14 <DIR> d-------- C:\Program Files\Trend Micro
    2007-09-10 00:25 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
    2007-09-10 00:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-09 19:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
    2007-09-09 19:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    2007-09-09 19:26 <DIR> d-------- C:\VundoFix Backups
    2007-09-09 15:02 <DIR> d-------- C:\Program Files\PopCap Games
    2007-09-08 22:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
    2007-09-08 11:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-09-08 11:47 <DIR> d-------- C:\Program Files\Common Files\Scanner
    2007-09-08 05:10 2,039,881 ---hs---- C:\WINDOWS\SYSTEM32\ilkkj.bak2
    2007-09-07 14:18 6,448 --ahs---- C:\WINDOWS\SYSTEM32\ilkkj.bak1
    2007-09-07 14:17 244,832 --a------ C:\WINDOWS\SYSTEM32\jkkli.dll
    2007-09-07 14:12 <DIR> d-------- C:\Temp
    2007-09-02 13:17 <DIR> d-------- C:\Program Files\Lavasoft
    2007-09-02 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-09-02 13:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PXIINSTC
    2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PXIINST64C
    2007-08-26 22:46 <DIR> d-------- C:\Program Files\Common Files\PAC207
    2007-08-26 22:46 <DIR> d-------- C:\Program Files\Basic Webcam
    2007-08-22 14:41 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
    2007-08-21 16:17 <DIR> d-------- C:\Program Files\Virtools
    2007-08-20 14:00 135,168 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
    2007-08-20 13:38 23,040 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
    2007-08-20 13:38 16,896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
    2007-08-20 13:38 128,896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
    2007-08-19 15:59 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\McAfee.com Personal Firewall
    2007-08-19 15:59 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\McAfee.com Personal Firewall
    2007-08-19 15:57 <DIR> d--h----- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Gtek
    2007-08-19 15:57 <DIR> d--h----- C:\DOCUME~1\COLORT~1\APPLIC~1\Gtek
    2007-08-19 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Sonic
    2007-08-19 15:57 <DIR> d-------- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\APPLIC~1\Jasc Software Inc
    2007-08-19 15:57 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Sonic
    2007-08-19 15:57 <DIR> d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Jasc Software Inc
    2007-08-19 15:55 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
    2007-08-19 15:55 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
    2007-08-19 15:55 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
    2007-08-17 13:37 <DIR> d-------- C:\WINDOWS\PAC207
    2007-08-17 13:04 <DIR> d-------- C:\webcam driver pack
    2007-08-16 21:53 <DIR> d-------- C:\Program Files\Micro Innovations
    2007-08-16 09:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2007-08-16 09:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
    2007-08-16 09:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-10 16:36 --------- d-------- C:\Program Files\MySpace
    2007-09-08 15:50 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
    2007-09-08 11:47 --------- d-------- C:\Program Files\Yahoo!
    2007-09-08 11:34 --------- d-------- C:\Program Files\Sonic
    2007-08-21 13:02 --------- d-------- C:\Program Files\MSN Messenger
    2007-08-20 12:42 --------- d-------- C:\Program Files\Google
    2007-08-20 12:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    2007-08-16 21:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-10 11:21 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Google
    2007-08-07 16:11 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\AdobeUM
    2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-08-06 08:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
    2007-08-02 22:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\PlayFirst
    2007-08-02 22:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\GameHouse
    2007-08-02 22:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
    2007-08-01 20:12 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Corel
    2007-08-01 18:57 --------- d-------- C:\Program Files\iTunes
    2007-08-01 18:57 --------- d-------- C:\Program Files\iPod
    2007-08-01 18:57 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Apple Computer
    2007-08-01 18:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-08-01 18:56 --------- d-------- C:\Program Files\QuickTime
    2007-08-01 18:56 --------- d-------- C:\Program Files\Apple Software Update
    2007-08-01 18:55 --------- d-------- C:\Program Files\Common Files\Apple
    2007-08-01 18:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-08-01 10:55 --------- d-------- C:\Program Files\America Online 9.0
    2007-08-01 10:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\SYSTEM32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\WUPS.DLL
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
    2007-07-30 18:28 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\MySpace
    2007-07-30 15:25 --------- d-------- C:\DOCUME~1\COLORT~1\APPLIC~1\Yahoo!
    2007-07-30 15:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-07-30 15:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    2007-07-19 01:59 3583488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    2007-07-12 18:31 765952 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
    2007-06-27 09:34 823808 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    2007-06-27 09:34 671232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    2007-06-27 09:34 6058496 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    2007-06-27 09:34 52224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    2007-06-27 09:34 477696 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    2007-06-27 09:34 459264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    2007-06-27 09:34 44544 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    2007-06-27 09:34 384512 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    2007-06-27 09:34 383488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    2007-06-27 09:34 27648 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    2007-06-27 09:34 267776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    2007-06-27 09:34 232960 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    2007-06-27 09:34 230400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    2007-06-27 09:34 193024 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    2007-06-27 09:34 153088 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    2007-06-27 09:34 132608 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    2007-06-27 09:34 124928 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    2007-06-27 09:34 1152000 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    2007-06-27 09:34 105984 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    2007-06-27 09:34 102400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    2007-06-27 03:27 63488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    2007-06-27 03:27 625152 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    2007-06-27 03:27 13824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    2007-06-27 02:00 161792 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    2007-06-26 22:10 317440 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
    2007-06-26 01:08 1104896 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
    2007-06-26 01:08 1104896 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msxml3.dll
    2007-06-19 08:31 282112 --a------ C:\WINDOWS\SYSTEM32\gdi32.dll
    2007-06-19 08:31 282112 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
    2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
    2007-06-13 05:23 1033216 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe
    2007-06-11 23:51 10834944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
    .
  4. 2007-09-12, 03:56 #4
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    ((((((((((((((((((((((((((((( snapshot_2007-09-10_ 02217.82 )))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
    ----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
    ----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
    ----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
    ----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
    ----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
    ----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
    -c----w 2,890,240 2005-05-04 19:45:32 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
    -c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
    -c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
    -c----w 60,416 2007-01-29 08:58:06 C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
    -c----w 315,904 2006-11-01 23:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
    -c----w 213,216 2005-06-28 15:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
    -c----w 371,424 2005-06-28 15:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
    -c----w 132,608 2007-06-27 14:39:42 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
    -c----w 22,752 2007-03-06 01:22:34 C:\WINDOWS\ie7updates\KB937143-IE7\spcustom.dll
    -c----w 14,048 2007-03-06 01:22:36 C:\WINDOWS\ie7updates\KB937143-IE7\spmsg.dll
    -c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst.exe
    -c----w 716,000 2007-03-06 01:22:59 C:\WINDOWS\ie7updates\KB937143-IE7\update.exe
    -c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB937143-IE7\updspapi.dll
    ----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\INF\unregmp2.exe
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spuninst.exe
    ----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2gdr\vgx.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spuninst.exe
    ----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2gdr\tzchange.exe
    ----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2qfe\tzchange.exe
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\updspapi.dll
    ----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spmsg.dll
    ----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spuninst.exe
    ----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2GDR\msi31.dll
    ----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2QFE\msi31.dll
    ----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\spcustom.dll
    ----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\update.exe
    ----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\updspapi.dll
    ----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
    ----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
    ----a-w 317,440 2007-06-27 03:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
    ----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
    ----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
    ----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spmsg.dll
    ----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\spuninst.exe
    ----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\advpack.dll
    ----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\extmgr.dll
    ----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ie4uinit.exe
    ----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakeng.dll
    ----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieaksie.dll
    ----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieakui.dll
    ----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dat
    ----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieapfltr.dll
    ----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iedkcs32.dll
    ----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieframe.dll
    ----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iernonce.dll
    ----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iertutil.dll
    ----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\ieudinit.exe
    ----a-w 625,152 2007-06-27 08:27:30 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\iexplore.exe
    ----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\jsproxy.dll
    ----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeeds.dll
    ----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msfeedsbs.dll
    ----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtml.dll
    ----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mshtmled.dll
    ----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\msrating.dll
    ----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\mstime.dll
    ----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\occache.dll
    ----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\url.dll
    ----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\urlmon.dll
    ----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\webcheck.dll
    ----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\wininet.dll
    ----a-w 124,928 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\advpack.dll
    ----a-w 132,608 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\extmgr.dll
    ----a-w 63,488 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ie4uinit.exe
    ----a-w 153,088 2007-06-27 14:39:42 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakeng.dll
    ----a-w 230,400 2007-06-27 14:39:43 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieaksie.dll
    ----a-w 161,792 2007-06-27 07:07:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieakui.dll
    ----a-w 384,512 2007-06-27 14:39:44 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iedkcs32.dll
    ----a-w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieframe.dll
    ----a-w 44,544 2007-06-27 14:39:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iernonce.dll
    ----a-w 267,776 2007-06-27 14:39:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iertutil.dll
    ----a-w 13,824 2007-06-27 09:16:27 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\ieudinit.exe
    ----a-w 625,152 2007-06-27 09:16:52 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\iexplore.exe
    ----a-w 27,648 2007-06-27 14:39:54 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\jsproxy.dll
    ----a-w 459,264 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeeds.dll
    ----a-w 52,224 2007-06-27 14:39:55 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msfeedsbs.dll
    ----a-w 477,696 2007-06-27 14:40:00 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mshtmled.dll
    ----a-w 193,024 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\msrating.dll
    ----a-w 671,232 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\mstime.dll
    ----a-w 102,400 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\occache.dll
    ----a-w 105,984 2007-06-27 14:40:01 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\url.dll
    ----a-w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\urlmon.dll
    ----a-w 232,960 2007-06-27 14:40:02 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\webcheck.dll
    ----a-w 824,320 2007-06-27 14:40:03 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\wininet.dll
    ----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\spcustom.dll
    ----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\update.exe
    ----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\update\updspapi.dll
    ------w 61,952 2006-10-17 16:58:20 C:\WINDOWS\SYSTEM32\icardie.dll
    ------w 180,736 2006-11-08 02:03:36 C:\WINDOWS\SYSTEM32\ieui.dll
    ----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\SYSTEM32\MRT.exe
    ------w 12,288 2006-10-17 16:58:32 C:\WINDOWS\SYSTEM32\msfeedssync.exe
    ----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SYSTEM32\msi.dll
    ----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SYSTEM32\tzchange.exe
    ------w 206,336 2006-10-17 17:05:58 C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
    ----a-w 33,624 2007-07-31 00:18:40 C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
    ----a-w 43,352 2007-07-31 00:19:12 C:\WINDOWS\SYSTEM32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
    ----atw 16,384 2007-09-11 23:27:08 C:\WINDOWS\temp\Perflib_Perfdata_3f8.dat
    ----atw 16,384 2007-09-12 01:44:18 C:\WINDOWS\temp\Perflib_Perfdata_648.dat
    ----atw 16,384 2007-09-11 04:17:34 C:\WINDOWS\temp\Perflib_Perfdata_658.dat
    ----atw 16,384 2007-09-11 04:09:13 C:\WINDOWS\temp\Perflib_Perfdata_660.dat
    ----atw 16,384 2007-09-10 22:43:52 C:\WINDOWS\temp\Perflib_Perfdata_66c.dat
    ----atw 16,384 2007-09-11 14:29:49 C:\WINDOWS\temp\Perflib_Perfdata_670.dat
    .
    -c----w 131,584 2006-11-08 02:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
    ----a-w 315,904 2006-11-01 23:31:34 C:\WINDOWS\INF\unregmp2.exe
    ----a-w 61,952 2006-10-17 16:58:20 C:\WINDOWS\SYSTEM32\icardie.dll
    ----a-w 180,736 2006-11-08 02:03:36 C:\WINDOWS\SYSTEM32\ieui.dll
    ----a-w 16,789,464 2007-08-03 04:34:10 C:\WINDOWS\SYSTEM32\MRT.exe
    ----a-w 12,288 2006-10-17 16:58:32 C:\WINDOWS\SYSTEM32\msfeedssync.exe
    ----a-w 2,890,240 2005-05-04 19:45:32 C:\WINDOWS\SYSTEM32\msi.dll
    ----a-w 60,416 2007-01-29 08:58:06 C:\WINDOWS\SYSTEM32\tzchange.exe
    ----a-w 206,336 2006-10-17 17:05:58 C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
    .
  5. 2007-09-12, 03:57 #5
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03C1F11F-4BDD-4517-8D78-6676BA96F5F2}]
    2007-09-07 14:17 244832 --a------ C:\WINDOWS\system32\jkkli.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D2AD9C0-E695-4847-9C43-2F17228EEB01}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9656B444-F8E0-4105-ABCF-7E39FED22BC8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A47447B4-497A-42E1-B0C8-E187B007A3D2}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D753262B-B605-486C-A328-3C783CAA5AC9}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 16:42]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
    "mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 09:50]
    "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2004-07-01 16:15]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2004-08-17 19:26]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2004-08-17 19:29]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-02-08 14:04]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
    "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2004-08-17 17:55]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-08-22 16:31]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 05:06]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]
    "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-02-08 14:03:21]
    DESKTOP.INI [2004-08-10 14:04:12]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-02-08 13:52:45]

    C:\DOCUME~1\COLORT~1\STARTM~1\Programs\Startup\
    DESKTOP.INI [2004-08-10 14:04:12]

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
    DESKTOP.INI [2004-08-10 14:04:12]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjkkj]
    qomjkkj.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkli

    R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-09-12 01:45:20 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DJG6KS61-COLORTYME).job"
    - c:\program files\mcafee.com\vso\mcmnhdlr.exe
    "2007-09-12 01:47:56 C:\WINDOWS\Tasks\McAfee.com Update Check (DJG6KS61-COLORTYME).job"
    - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    "2007-09-12 01:50:00 C:\WINDOWS\Tasks\McAfee.com Update Check (DJG6KS61-Owner).job"
    - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-11 20:45:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-11 20:50:31 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-11 20:50
    C:\ComboFix2.txt ... 2007-09-10 00:23
    .
    --- E O F ---
  6. 2007-09-12, 04:00 #6
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default 3rd high jack log

    hijack.....now renamed whatever.exe

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:58:59 PM, on 9/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\whatever.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {03C1F11F-4BDD-4517-8D78-6676BA96F5F2} - C:\WINDOWS\system32\jkkli.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7D2AD9C0-E695-4847-9C43-2F17228EEB01} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {9656B444-F8E0-4105-ABCF-7E39FED22BC8} - (no file)
    O2 - BHO: (no name) - {A47447B4-497A-42E1-B0C8-E187B007A3D2} - (no file)
    O2 - BHO: (no name) - {D753262B-B605-486C-A328-3C783CAA5AC9} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Search - ?p=ZKxdm011YYUS
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
    O20 - Winlogon Notify: qomjkkj - qomjkkj.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 9812 bytes
  7. 2007-09-12, 05:50 #7
    WishIWasAGeek
    WishIWasAGeek is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    7

    Default

    Help:
    after running vundofix and doing an avast antivirus search it still say im effected and the same pop-ups keep popping up.
  8. 2007-09-27, 21:04 #8
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    Hello.

    Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

    We ask only for a HJT log and the results of an on-line anti virus scan.

    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    For people waiting who have not resolved their problem, we have a sticky topic:
    The Waiting Room: Post here if waiting for help longer than four days

    However if members waiting for assistance do not post there, their topic is archived.

    If you need the thread re-opened, please send me a private message (pm) and provide a link.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules