PDA

View Full Version : Unwanted popups and AVSystemcare



Tinny
2007-09-27, 23:40
I have a Windows Security pop up saying" warning potential spyware operation your computer is making unauthorised copies of your computer ad internet files. Run full scan now to prevent unautorised access to your files," and appears to prpomt you to use AVSystemcare"

When trying to access control panel I am also unable to do so with a pop up saying " operation has been cancelled due to restrictions in effect on this computer. Please contact systems adminsitrator"
I am using a home computer not linked to anyone else.

I have run a kaspersky log report (below) and a HJT report (attached as 2nd post).
Any help greatly appreciated

thks
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 27, 2007 8:51:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 27/09/2007
Kaspersky Anti-Virus database records: 424262
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 89747
Number of viruses found: 3
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:39:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02152007-115134.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{CB03DA4B-868E-4E11-8244-FE8E7BD5168C} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007092720070928\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4450.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4462.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF881B.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CHR52NZ9\1[1].htm/HtBt.dll Infected: not-a-virus:FraudTool.Win32.ExpertAntivirus.c skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CHR52NZ9\1[1].htm RAR: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367\A0045228.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367\A0045230.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367\A0045231.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367\A0045236.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373\change.log Object is locked skipped
C:\USERDATA\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\USERDATA\Application Data\desktop.ini Object is locked skipped
C:\USERDATA\Application Data\Intervideo\MediaLibrary\IVIML.idb Object is locked skipped
C:\USERDATA\Application Data\Leadertech\PowerRegister\PowerReg.dat Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Media Player\0114DB7D.wpl Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\USERDATA\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\USERDATA\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\USERDATA\Application Data\Symantec\Shared\MyProfile.UserProfile Object is locked skipped
C:\USERDATA\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\USERDATA\Application Data\Symantec\Shared\Sessions\20040909184852296.liveReg Object is locked skipped
C:\USERDATA\Cookies\index.dat Object is locked skipped
C:\USERDATA\Desktop\Register with Compaq.url Object is locked skipped
C:\USERDATA\Desktop\Windows Media Player.lnk Object is locked skipped
C:\USERDATA\Favorites\Compaq's Recommended Web Sites\Yahoo! UK & Ireland.url Object is locked skipped
C:\USERDATA\Favorites\Desktop.ini Object is locked skipped
C:\USERDATA\Favorites\Links\Customize Links.url Object is locked skipped
C:\USERDATA\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\USERDATA\Favorites\Links\Windows Media.url Object is locked skipped
C:\USERDATA\Favorites\Links\Windows.url Object is locked skipped
C:\USERDATA\Favorites\MSN.com.url Object is locked skipped
C:\USERDATA\Favorites\Radio Station Guide.url Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\USERDATA\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini Object is locked skipped
C:\USERDATA\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\USERDATA\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\USERDATA\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\USERDATA\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\USERDATA\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\USERDATA\Local Settings\desktop.ini Object is locked skipped
C:\USERDATA\Local Settings\History\desktop.ini Object is locked skipped
C:\USERDATA\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\USERDATA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\USERDATA\Local Settings\History\History.IE5\MSHist012004010120040102\index.dat Object is locked skipped
C:\USERDATA\My Documents\desktop.ini Object is locked skipped
C:\USERDATA\My Documents\My Music\Desktop.ini Object is locked skipped
C:\USERDATA\My Documents\My Music\iTunes\iTunes 4 Music Library.itl Object is locked skipped
C:\USERDATA\My Documents\My Music\iTunes\iTunes Music Library.xml Object is locked skipped
C:\USERDATA\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\USERDATA\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\USERDATA\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\USERDATA\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\USERDATA\NTUSER.DAT Object is locked skipped
C:\USERDATA\NTUSER.DAT.LOG Object is locked skipped
C:\USERDATA\ntuser.ini Object is locked skipped
C:\USERDATA\Recent\Desktop.ini Object is locked skipped
C:\USERDATA\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\USERDATA\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\USERDATA\SendTo\desktop.ini Object is locked skipped
C:\USERDATA\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\USERDATA\SendTo\My Documents.mydocs Object is locked skipped
C:\USERDATA\Start Menu\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Startup\Currys Christmas PC Demo.lnk Object is locked skipped
C:\USERDATA\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\USERDATA\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\USERDATA\Templates\amipro.sam Object is locked skipped
C:\USERDATA\Templates\excel.xls Object is locked skipped
C:\USERDATA\Templates\excel4.xls Object is locked skipped
C:\USERDATA\Templates\lotus.wk4 Object is locked skipped
C:\USERDATA\Templates\powerpnt.ppt Object is locked skipped
C:\USERDATA\Templates\presenta.shw Object is locked skipped
C:\USERDATA\Templates\quattro.wb2 Object is locked skipped
C:\USERDATA\Templates\sndrec.wav Object is locked skipped
C:\USERDATA\Templates\winword.doc Object is locked skipped
C:\USERDATA\Templates\winword2.doc Object is locked skipped
C:\USERDATA\Templates\wordpfct.wpd Object is locked skipped
C:\USERDATA\Templates\wordpfct.wpg Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D5A691F6-29B3-4751-B7D3-3C68A869CD3F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20070925-214339.backup Infected: Trojan.Win32.Qhost.my skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\HtBt.dll Infected: not-a-virus:FraudTool.Win32.ExpertAntivirus.c skipped
C:\WINDOWS\system32\soui.flag Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat Object is locked skipped
C:\WINDOWS\Temp\us10044.exe Infected: not-virus:Hoax.Win32.Renos.kb skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Tinny
2007-09-27, 23:42
****************HIJACK LOG********************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:59, on 27/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\vtr.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: system.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\kpf4ss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9755 bytes

Mr_JAk3
2007-10-03, 21:27
Hello Tinny, you're infected..

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable Spybot S&D Teatimer.
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Tinny
2007-10-04, 23:46
HI MrJak3

Have carried out instructions...f.y.i. during process had a pop up which stated "Windows no DIsk Exception Processing message c 0000013 Parameters 75b6bfc 4 75b6bfc 75b6bf9c" clicked on a button saying continue a few times before scan completed.

Scan below for combofix (had to paste in a few goes due to length)

ComboFix 07-10-04.6 - Owner 2007-10-04 21:21:18.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT 1:00]
Running from: C:\My Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 20:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-25 22:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-25 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-25 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-21 18:53 89,088 --a------ C:\WINDOWS\system32\rtnka.dll
2007-09-21 18:53 1,592,320 --a------ C:\WINDOWS\system32\rtnka.dat
2007-09-17 18:58 492,544 --a------ C:\WINDOWS\system32\HtBt.dll
2007-09-15 15:15 541,696 --a------ C:\WINDOWS\system32\GE.dll
2007-09-15 15:15 <DIR> d-------- C:\Program Files\SoftPortal
2007-09-15 15:14 76,800 --a------ C:\WINDOWS\system32\unrar.dll
2007-09-15 15:14 1,590,784 --a------ C:\WINDOWS\system32\SoUI.dll
2007-09-15 14:56 45,012 --a------ C:\Documents and Settings\Owner\Application Data\spoolsvc.dll
2007-09-15 14:56 45,012 --a------ C:\Documents and Settings\Owner\Application Data\spoolsvc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 20:58 430 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-06 11:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 11:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 11:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 11:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 11:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 11:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 11:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-04-01 17:22 1648 --a------ C:\Program Files\server.dbk
2007-03-16 09:56 894512 --a------ C:\Program Files\kticonv.dll
2007-03-16 09:56 865328 --a------ C:\Program Files\PocoFoundation.dll
2007-03-16 09:56 833072 --a------ C:\Program Files\libeay32.dll
2007-03-16 09:56 475696 --a------ C:\Program Files\PocoXML.dll
2007-03-16 09:56 473136 --a------ C:\Program Files\PocoNet.dll
2007-03-16 09:56 296496 --a------ C:\Program Files\curllib.dll
2007-03-16 09:56 24112 --a------ C:\Program Files\PocoExt.dll
2007-03-16 09:56 217136 --a------ C:\Program Files\PocoUtil.dll
2007-03-16 09:56 161328 --a------ C:\Program Files\ssleay32.dll
2007-03-16 09:56 102960 --a------ C:\Program Files\zlibwapi.dll
2007-03-16 09:55 472624 --a------ C:\Program Files\boost_regex-vc71-mt-1_33_1.dll
2006-11-01 23:40 0 --a------ C:\Documents and Settings\Owner\jilyumye.exe
2006-11-01 23:38 0 --a------ C:\Documents and Settings\Owner\nvwqchaj.exe
2004-12-28 20:25:20 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_20.58.57.23 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 192,512 2004-09-22 18:46:10 C:\WINDOWS\inf\unregmp2.exe
----a-r 350,264 2003-07-15 03:14:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
----a-r 39,992 2003-07-14 22:52:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL
----a-r 34,880 2003-07-14 22:53:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE
----a-r 131,648 2003-07-31 15:19:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
----a-r 10,073,144 2003-08-13 02:34:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
----a-r 1,146,184 2003-08-03 10:56:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
----a-r 1,949,240 2003-07-23 23:01:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
----a-r 186,424 2003-07-14 23:36:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
----a-r 1,157,696 2003-07-25 19:00:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
----a-r 799,288 2003-07-25 19:14:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
----a-r 2,139,192 2003-07-14 23:11:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
----a-r 87,096 2003-07-14 22:57:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
----a-r 161,336 2003-07-14 22:53:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
----a-r 758,784 2003-06-18 17:31:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
----a-r 17,920 2003-06-18 17:31:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
----a-r 18,944 2003-06-18 17:31:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
----a-r 35,328 2003-06-18 17:31:46 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
----a-r 445,496 2003-07-14 23:01:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
----a-r 116,288 2003-07-14 22:51:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
----a-r 12,172,336 2003-08-08 00:23:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
----a-r 106,552 2003-07-15 03:14:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
----a-r 127,032 2003-07-23 22:35:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
----a-r 627,256 2003-07-14 23:02:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
----a-r 124,984 2003-07-14 22:56:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
----a-r 482,872 2003-07-23 22:40:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
----a-r 828,472 2003-07-15 03:14:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
----a-r 95,792 2003-07-14 22:53:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OSA.EXE
----a-r 24,640 2003-07-14 22:41:56 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
----a-r 2,058,343 2003-07-07 13:36:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
----a-r 115,288 2003-07-08 11:48:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
----a-r 7,522,360 2003-08-09 23:06:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
----a-r 196,152 2003-07-14 22:45:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
----a-r 139,320 2003-07-14 22:43:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
----a-r 8,086,072 2003-08-01 15:09:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
----a-r 6,133,312 2003-07-30 12:40:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
----a-r 1,782,840 2003-07-31 15:21:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
----a-r 74,288 2003-07-14 22:43:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
----a-r 362,552 2003-08-06 13:31:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
----a-r 2,502,656 2003-07-03 15:19:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
----a-r 12,037,688 2003-08-06 13:24:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
----a-r 166,456 2003-07-15 03:13:58 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
----a-r 6,627,392 2003-08-15 00:54:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
----a-r 7,330,360 2003-08-04 13:19:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
----a-r 445,488 2003-08-06 13:26:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\SOA.DLL
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\ARPPRODUCTICON.exe
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut2_11B569C24BF64ED09D17A4273943CB24.exe
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut3_11B569C24BF64ED09D17A4273943CB24.exe
----a-r 4,150 2006-02-04 14:08:59 C:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
----a-r 166,912 2004-01-01 23:03:15 C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
----a-r 32,768 2006-11-15 11:53:38 C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
----a-r 65,536 2005-01-04 20:57:21 C:\WINDOWS\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
----a-r 40,960 2006-01-05 11:03:15 C:\WINDOWS\Installer\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
----a-r 40,960 2006-01-05 11:03:14 C:\WINDOWS\Installer\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
----a-r 17,534 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\gtngstrtd.exe
----a-r 4,710 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\Win2Kico.exe
----a-r 4,710 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\WSBico.exe
----a-r 167,936 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_85BA426DBE00_44A3_969E_C7BDF2F6C986.exe
----a-r 65,536 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_A003BF363149_4FEF_8E7E_E9C39A5B9A96.exe
----a-r 65,536 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_D545A9F0ED09_444B_A962_2628559DCDE6.exe
----a-r 9,638 2004-01-02 01:06:07 C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
----a-r 40,960 2004-12-28 19:57:27 C:\WINDOWS\Installer\{81DD5688-695A-4c1d-AE7D-368BF857725A}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
----a-r 65,536 2007-05-08 19:26:27 C:\WINDOWS\Installer\{8C6027FD-53DC-446D-BB75-CACD7028A134}\ARPPRODUCTICON.exe
----a-r 681,528 2007-05-08 19:26:27 C:\WINDOWS\Installer\{8C6027FD-53DC-446D-BB75-CACD7028A134}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
----a-r 593,920 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 27,136 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 12,288 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 23,040 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2005-01-08 12:05:31 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-r 45,056 2004-12-28 19:24:28 C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe
----a-r 22,798 2005-08-14 13:51:11 C:\WINDOWS\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}\MsblIco.Exe
----a-r 25,214 2007-02-16 09:35:32 C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
----a-r 32,768 2007-08-20 22:39:37 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-r 22,798 2006-03-21 20:55:16 C:\WINDOWS\Installer\{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}\MsblIco.Exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\ARPPRODUCTICON.exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
----a-w 57,344 2003-02-21 02:09:46 C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
----a-w 5,120 2003-02-21 02:09:32 C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
----a-w 5,632 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
----a-w 5,120 2002-07-19 18:52:48 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
----a-w 5,120 2002-06-27 19:45:32 C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
----a-w 131,072 2003-02-21 01:43:50 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w 7,680 2003-02-21 14:24:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
----a-w 98,304 2003-02-21 12:00:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
----a-w 24,576 2003-02-21 02:19:42 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
----a-w 258,048 2007-04-13 20:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 40,960 2003-02-21 02:19:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
----a-w 20,480 2004-07-15 01:49:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
----a-w 32,768 2004-07-15 01:49:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
----a-w 32,768 2007-04-13 20:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 94,208 2003-02-21 14:24:10 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
----a-w 49,152 2003-02-21 14:24:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
----a-w 81,920 2007-04-13 19:57:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 49,152 2004-07-15 11:23:28 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
----a-w 626,688 2004-07-15 11:23:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
----a-w 12,288 2003-02-21 14:24:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
----a-w 33,792 2003-02-21 14:24:36

Tinny
2007-10-05, 00:22
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll
----a-w 322,560 2004-02-12 02:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
----a-w 50,688 2004-02-12 02:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll
----a-w 323,072 2004-02-12 02:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll
----a-w 54,784 2004-08-04 07:57:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcirt.dll
----a-w 343,040 2004-08-04 07:57:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
----a-w 1,700,352 2004-02-12 19:42:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
----a-w 1,703,936 2004-02-12 02:09:00 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll
----a-w 1,638,400 2004-03-02 21:19:47 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll
----a-w 1,712,128 2004-08-04 07:56:58 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
----a-w 853,504 2004-08-04 07:56:59 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
----a-w 991,232 2004-08-04 07:56:59 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
----a-w 132,096 2004-08-04 07:55:56 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43]
"nwiz"="nwiz.exe" [2004-02-23 22:43 C:\WINDOWS\system32\nwiz.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"pdfFactory Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-01-05 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-02 01:37]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [2004-01-02 01:59]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 20:37]
"SpybotSD TeaTimer"="C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-01-03 13:15:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-01-03 13:15:37]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-04 20:00:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-04 19:57:26 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-09-24 21:34:58 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Documents and Settings\Owner\My Documents\temp files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 21:24:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 21:25:57
C:\ComboFix-quarantined-files.txt ... 2007-10-04 21:25
C:\ComboFix2.txt ... 2007-10-04 21:17
C:\ComboFix3.txt ... 2007-10-04 21:10
.
--- E O F ---

Mr_JAk3
2007-10-05, 20:53
Hi :)

I removed the unnecessary parts from ComboLog so that this topic wouldn't get so long.

Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\rtnka.dll
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

Tinny
2007-10-06, 20:39
Hello Mr_JAk3 - please find copy of results of scan as requested - thks

File rtnka.dll received on 10.06.2007 19:32:39 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 3/32 (9.38%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 43 and 62 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.10.6.0 2007.10.05 -
AntiVir 7.6.0.20 2007.10.05 -
Authentium 4.93.8 2007.10.05 -
Avast 4.7.1051.0 2007.10.06 -
AVG 7.5.0.488 2007.10.06 -
BitDefender 7.2 2007.10.06 -
CAT-QuickHeal 9.00 2007.10.06 -
ClamAV 0.91.2 2007.10.06 -
DrWeb 4.44.0.09170 2007.10.06 -
eSafe 7.0.15.0 2007.10.04 -
eTrust-Vet 31.2.5190 2007.10.06 -
Ewido 4.0 2007.10.06 -
FileAdvisor 1 2007.10.06 -
Fortinet 3.11.0.0 2007.10.06 -
F-Prot 4.3.2.48 2007.10.05 -
F-Secure 6.70.13030.0 2007.10.06 -
Ikarus T3.1.1.12 2007.10.06 -
Kaspersky 7.0.0.125 2007.10.06 -
McAfee 5135 2007.10.05 -
Microsoft 1.2908 2007.10.06 -
NOD32v2 2575 2007.10.06 -
Norman 5.80.02 2007.10.05 -
Panda 9.0.0.4 2007.10.06 Suspicious file
Prevx1 V2 2007.10.06 Heuristic: Suspicious Self Modifying File
Rising 19.43.50.00 2007.10.06 -
Sophos 4.22.0 2007.10.06 -
Sunbelt 2.2.907.0 2007.10.06 XP Entertainments
Symantec 10 2007.10.06 -
TheHacker 6.2.6.078 2007.10.06 -
VBA32 3.12.2.4 2007.10.05 -
VirusBuster 4.3.26:9 2007.10.06 -
Webwasher-Gateway 6.0.1 2007.10.05 -
Additional information
File size: 89088 bytes
MD5: 7e4dfc860150d3fce8d96790e5e36078
SHA1: 62e02e459a1498d2dcfcef1b4b1efc80a45be164
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=7241D47500D3CE245C210135D43CB200614FD9BA

Mr_JAk3
2007-10-07, 16:09
Hi, we'll continue :)


Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\HtBt.dll
C:\WINDOWS\system32\GE.dll
C:\WINDOWS\system32\SoUI.dll
C:\Documents and Settings\Owner\Application Data\spoolsvc.dll
C:\Documents and Settings\Owner\Application Data\spoolsvc.dll.
C:\Documents and Settings\Owner\jilyumye.exe
C:\Documents and Settings\Owner\nvwqchaj.exe

Folder::
C:\Program Files\SoftPortal




Save this as "CFScript"

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Tinny
2007-10-08, 20:50
Hi
Having problems trying to save into notepad. Everytime I open up notepad afer a few seconds it closes/crashes - wont allow me enough time to paste and save file.

When it closes there is a pop up saying:

notepad.exe application error
instruction at "0x01043258" referenced memory at "0x01043258". The memory coudl not be read.
Click ok to cancel programme, click ok to debug the programme

Do you know what happened here - as unable to follow out your last instructions?
Thks

Tinny
2007-10-08, 22:45
Hi Mr_Jak3

Managed to sort saving info into notepad.

Please find attached copy of a/ hijack log & b/combofix in 2nd paste

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41:04, on 08/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\kpf4ss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 10053 bytes

Tinny
2007-10-08, 22:46
ComboFix 07-10-04.6 - Owner 2007-10-08 19:02:50.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.142 [GMT 1:00]
Running from: C:\My Downloads\ComboFix.exe
Command switches used :: C:\Program Files\SoftPortal\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\Owner\Application Data\spoolsvc.dll C:\Documents and Settings\Owner\Application Data\spoolsvc.dll.
C:\Documents and Settings\Owner\jilyumye.exe C:\Documents and Settings\Owner\nvwqchaj.exe
C:\WINDOWS\system32\GE.dll
C:\WINDOWS\system32\HtBt.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SoftPortal
C:\Program Files\SoftPortal\CFScript_used_2007-10-08@19.02.txt
C:\Program Files\SoftPortal\Soft\ATGE\ui.uim
C:\Program Files\SoftPortal\Soft\ATHtBt\ui.uim
C:\Program Files\SoftPortal\Soft\RTNKa\ui.uim
C:\Program Files\SoftPortal\Soft\XBS\ui.uim
C:\WINDOWS\system32\GE.dll
C:\WINDOWS\system32\HtBt.dll
C:\WINDOWS\system32\rtnka.dat
C:\WINDOWS\system32\rtnka.dll
C:\WINDOWS\system32\SoUI.dll

.
((((((((((((((((((((((((( Files Created from 203.-01-28 to 203.0.2.99 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 14:57 45012 --a------ C:\Documents and Settings\Owner\Application Data\spoolsvc.dll
2007-09-15 14:57 45012 --a------ C:\Documents and Settings\Owner\Application Data\spoolsvc.dll
2007-04-01 17:22 1648 --a------ C:\Program Files\server.dbk
2007-03-16 09:56 894512 --a------ C:\Program Files\kticonv.dll
2007-03-16 09:56 865328 --a------ C:\Program Files\PocoFoundation.dll
2007-03-16 09:56 833072 --a------ C:\Program Files\libeay32.dll
2007-03-16 09:56 475696 --a------ C:\Program Files\PocoXML.dll
2007-03-16 09:56 473136 --a------ C:\Program Files\PocoNet.dll
2007-03-16 09:56 296496 --a------ C:\Program Files\curllib.dll
2007-03-16 09:56 24112 --a------ C:\Program Files\PocoExt.dll
2007-03-16 09:56 217136 --a------ C:\Program Files\PocoUtil.dll
2007-03-16 09:56 161328 --a------ C:\Program Files\ssleay32.dll
2007-03-16 09:56 102960 --a------ C:\Program Files\zlibwapi.dll
2007-03-16 09:55 472624 --a------ C:\Program Files\boost_regex-vc71-mt-1_33_1.dll
2006-11-01 23:40 0 --a------ C:\Documents and Settings\Owner\jilyumye.exe
2006-11-01 23:38 0 --a------ C:\Documents and Settings\Owner\nvwqchaj.exe
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_20.58.57.23 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 192,512 2004-09-22 18:46:10 C:\WINDOWS\inf\unregmp2.exe
----a-r 350,264 2003-07-15 03:14:28 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
----a-r 39,992 2003-07-14 22:52:54 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DWDCW20.DLL
----a-r 34,880 2003-07-14 22:53:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\DWTRIG20.EXE
----a-r 131,648 2003-07-31 15:19:52 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
----a-r 10,073,144 2003-08-13 02:34:38 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
----a-r 1,146,184 2003-08-03 10:56:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FM20.DLL
----a-r 1,949,240 2003-07-23 23:01:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
----a-r 186,424 2003-07-14 23:36:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
----a-r 1,157,696 2003-07-25 19:00:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
----a-r 799,288 2003-07-25 19:14:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
----a-r 2,139,192 2003-07-14 23:11:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
----a-r 87,096 2003-07-14 22:57:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
----a-r 161,336 2003-07-14 22:53:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\IETAG.DLL
----a-r 758,784 2003-06-18 17:31:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
----a-r 17,920 2003-06-18 17:31:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
----a-r 18,944 2003-06-18 17:31:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
----a-r 35,328 2003-06-18 17:31:46 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
----a-r 445,496 2003-07-14 23:01:44 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MODHELP.DLL
----a-r 116,288 2003-07-14 22:51:50 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL
----a-r 12,172,336 2003-08-08 00:23:16 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSO.DLL
----a-r 106,552 2003-07-15 03:14:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
----a-r 127,032 2003-07-23 22:35:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
----a-r 627,256 2003-07-14 23:02:14 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
----a-r 124,984 2003-07-14 22:56:24 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
----a-r 482,872 2003-07-23 22:40:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
----a-r 828,472 2003-07-15 03:14:26 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
----a-r 95,792 2003-07-14 22:53:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OSA.EXE
----a-r 24,640 2003-07-14 22:41:56 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
----a-r 2,058,343 2003-07-07 13:36:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DAT
----a-r 115,288 2003-07-08 11:48:00 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLFLTR.DLL
----a-r 7,522,360 2003-08-09 23:06:42 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
----a-r 196,152 2003-07-14 22:45:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
----a-r 139,320 2003-07-14 22:43:48 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
----a-r 8,086,072 2003-08-01 15:09:04 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
----a-r 6,133,312 2003-07-30 12:40:40 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
----a-r 1,782,840 2003-07-31 15:21:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
----a-r 74,288 2003-07-14 22:43:30 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\RM.DLL
----a-r 362,552 2003-08-06 13:31:22 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\SETLANG.EXE
----a-r 2,502,656 2003-07-03 15:19:36 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\VBE6.DLL
----a-r 12,037,688 2003-08-06 13:24:20 C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
----a-r 166,456 2003-07-15 03:13:58 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
----a-r 6,627,392 2003-08-15 00:54:08 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
----a-r 7,330,360 2003-08-04 13:19:34 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
----a-r 445,488 2003-08-06 13:26:18 C:\WINDOWS\Installer\$PatchCache$\Managed\9040510900063D11C8EF10054038389C\11.0.5614\SOA.DLL
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\ARPPRODUCTICON.exe
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut2_11B569C24BF64ED09D17A4273943CB24.exe
----a-r 65,536 2005-01-08 12:37:38 C:\WINDOWS\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\NewShortcut3_11B569C24BF64ED09D17A4273943CB24.exe
----a-r 4,150 2006-02-04 14:08:59 C:\WINDOWS\Installer\{2E132061-C78A-48D4-A899-1D13B9D189FA}\HewlettPackard_0002ICON.exe
----a-r 166,912 2004-01-01 23:03:15 C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
----a-r 32,768 2006-11-15 11:53:38 C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
----a-r 65,536 2005-01-04 20:57:21 C:\WINDOWS\Installer\{43DCF766-6838-4F9A-8C91-D92DA586DFA7}\_C68C351F090F4EF39AFB6B7B54014C9E.exe
----a-r 29,926 2007-10-06 17:16:19 C:\WINDOWS\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe
----a-r 40,960 2006-01-05 11:03:15 C:\WINDOWS\Installer\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}\NewShortcut11_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
----a-r 40,960 2006-01-05 11:03:14 C:\WINDOWS\Installer\{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}\NewShortcut9_1.9ABF444C_1773_4CB6_8B8C_D4E755C19A8B.exe
----a-r 17,534 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\gtngstrtd.exe
----a-r 4,710 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\Win2Kico.exe
----a-r 4,710 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\WSBico.exe
----a-r 167,936 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_85BA426DBE00_44A3_969E_C7BDF2F6C986.exe
----a-r 65,536 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_A003BF363149_4FEF_8E7E_E9C39A5B9A96.exe
----a-r 65,536 2004-10-23 11:50:42 C:\WINDOWS\Installer\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}\_D545A9F0ED09_444B_A962_2628559DCDE6.exe
----a-r 9,638 2004-01-02 01:06:07 C:\WINDOWS\Installer\{8105684D-8CA6-440D-8F58-7E5FD67A499D}\ARPPRODUCTICON.exe
----a-r 40,960 2004-12-28 19:57:27 C:\WINDOWS\Installer\{81DD5688-695A-4c1d-AE7D-368BF857725A}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
----a-r 65,536 2007-05-08 19:26:27 C:\WINDOWS\Installer\{8C6027FD-53DC-446D-BB75-CACD7028A134}\ARPPRODUCTICON.exe
----a-r 681,528 2007-05-08 19:26:27 C:\WINDOWS\Installer\{8C6027FD-53DC-446D-BB75-CACD7028A134}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
----a-r 593,920 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\accicons.exe
----a-r 12,288 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 27,136 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2005-01-08 12:05:01 C:\WINDOWS\Installer\{90150409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 12,288 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
----a-r 135,168 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
----a-r 11,264 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
----a-r 27,136 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
----a-r 4,096 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
----a-r 794,624 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
----a-r 249,856 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
----a-r 23,040 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
----a-r 286,720 2005-01-08 12:05:32 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
----a-r 409,600 2005-01-08 12:05:31 C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
----a-r 45,056 2004-12-28 19:24:28 C:\WINDOWS\Installer\{9541FED0-327F-4DF0-8B96-EF57EF622F19}\RecordNow.exe
----a-r 22,798 2005-08-14 13:51:11 C:\WINDOWS\Installer\{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}\MsblIco.Exe
----a-r 25,214 2007-02-16 09:35:32 C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70900000002}\SC_Reader.exe
----a-r 32,768 2007-08-20 22:39:37 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\ARPPRODUCTICON.exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
----a-r 18,718 2007-04-01 16:12:55 C:\WINDOWS\Installer\{E659E0EE-10E6-49B7-8696-60F38D0EB174}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
----a-w 57,344 2003-02-21 02:09:46 C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
----a-w 5,120 2003-02-21 02:09:32 C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
----a-w 5,632 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll
----a-w 5,120 2002-07-19 18:52:48 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
----a-w 5,120 2002-06-27 19:45:32 C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
----a-w 5,120 2002-05-14 16:42:38 C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll
----a-w 131,072 2003-02-21 01:43:50 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
----a-w 7,680 2003-02-21 14:24:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
----a-w 98,304 2003-02-21 12:00:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
----a-w 24,576 2003-02-21 02:19:42 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
----a-w 258,048 2007-04-13 20:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 40,960 2003-02-21 02:19:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
----a-w 20,480 2004-07-15 01:49:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
----a-w 32,768 2004-07-15 01:49:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
----a-w 32,768 2007-04-13 20:30:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 94,208 2003-02-21 14:24:10 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
----a-w 49,152 2003-02-21 14:24:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
----a-w 81,920 2007-04-13 19:57:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 49,152 2004-07-15 11:23:28 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
----a-w 626,688 2004-07-15 11:23:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
----a-w 12,288 2003-02-21 14:24:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
----a-w 33,792 2003-02-21 14:24:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
----a-w 28,672 2003-02-21 11:12:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
----a-w 219,136 2002-07-29 18:11:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
----a-w 524,288 2003-02-21 17:21:40 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
----a-w 186,696 2002-05-31 09:15:48 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\dw15.exe
----a-w 798,720 2003-02-21 02:16:32 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
----a-w 282,624 2004-07-15 00:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
----a-w 81,920 2003-10-08 14:30:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
----a-w 7,680 2003-02-21 14:24:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
----a-w 8,192 2004-07-15 14:31:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
----a-w 32,768 2004-07-15 14:31:04

Tinny
2007-10-08, 22:47
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
----a-w 4,608 2003-02-21 14:24:40 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
----a-w 196,608 2004-07-15 00:35:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
----a-w 15,872 2003-02-21 14:24:42 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
----a-w 40,960 2003-02-21 02:22:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
----a-w 26,112 2003-02-21 14:24:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
----a-w 40,960 2003-02-21 14:24:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
----a-w 720,896 2004-07-15 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
----a-w 299,008 2004-07-15 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
----a-w 28,672 2003-02-21 14:24:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
----a-w 6,144 2003-02-21 14:25:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
----a-w 32,768 2003-02-21 14:24:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
----a-w 11,264 2003-02-21 14:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 6,656 2003-02-21 14:25:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
----a-w 49,152 2004-07-15 14:28:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
----a-w 49,152 2004-07-15 14:28:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
----a-w 1,564,672 2003-02-21 14:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
----a-w 86,016 2004-07-15 00:32:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
----a-w 233,472 2004-07-15 00:32:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
----a-w 86,016 2007-04-13 19:57:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
----a-w 315,392 2007-04-13 19:56:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 102,400 2007-04-13 19:58:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 2,142,208 2007-04-13 19:50:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 131,072 2003-02-21 01:43:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
----a-w 65,536 2003-02-21 02:06:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
----a-w 143,360 2004-07-15 00:33:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
----a-w 81,920 2004-07-15 00:33:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
----a-w 77,824 2007-04-13 19:58:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
----a-w 2,523,136 2007-04-13 19:57:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 9,216 2003-02-21 02:09:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
----a-w 2,514,944 2007-04-13 19:57:28 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 348,160 2003-02-21 11:42:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
----a-w 20,480 2003-02-21 02:18:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
----a-w 73,728 2007-01-15 15:11:26 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 73,728 2003-02-21 02:09:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
----a-w 94,208 2004-07-15 00:34:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
----a-w 28,672 2003-02-21 14:25:24 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
----a-w 32,768 2004-07-15 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
----a-w 12,288 2003-02-21 14:25:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
----a-w 253,952 2003-02-21 02:09:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
----a-w 122,880 2003-02-21 02:09:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
----a-w 319,488 2004-07-15 00:35:04 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
----a-w 77,824 2003-02-21 14:26:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
----a-w 1,294,336 2004-07-15 14:32:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
----a-w 303,104 2004-07-15 14:31:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
----a-w 1,703,936 2004-07-15 14:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
----a-w 90,112 2004-07-15 14:28:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
----a-w 1,232,896 2007-04-13 20:35:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 65,536 2003-02-21 14:26:48 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
----a-w 466,944 2004-07-15 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
----a-w 241,664 2004-07-15 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
----a-w 66,560 2004-07-15 00:35:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
----a-w 372,736 2004-07-15 14:31:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
----a-w 241,664 2004-07-15 14:31:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
----a-w 323,584 2004-07-15 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
----a-w 131,072 2004-07-15 14:31:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 77,824 2004-07-15 14:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
----a-w 126,976 2004-07-15 14:28:54 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
----a-w 1,265,664 2007-04-13 20:35:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 819,200 2004-07-15 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
----a-w 57,344 2004-07-15 14:28:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
----a-w 573,440 2004-07-15 14:31:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
----a-w 2,052,096 2004-07-15 14:32:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
----a-w 1,339,392 2004-07-15 14:29:00 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
----a-w 737,280 2004-07-15 11:23:20 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
----a-w 19,968 2003-03-19 06:43:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjc.exe
----a-w 1,613,824 2003-03-19 06:43:46 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjsc.dll
----a-w 8,704 2003-03-19 08:52:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjscor.dll
----a-w 57,344 2003-03-19 08:50:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VJSharpCodeProvider.DLL
----a-w 3,739,648 2003-03-19 08:52:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjslib.dll
----a-w 32,768 2003-03-19 08:52:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjslibcw.dll
----a-w 266,240 2003-03-19 06:30:08 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjsnativ.dll
----a-w 3,399,680 2003-03-19 08:52:10 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjswfc.dll
----a-w 8,704 2003-03-19 08:52:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VJSWfcBrowserStubLib.dll
----a-w 189,952 2003-03-19 08:52:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjswfccw.dll
----a-w 1,105,920 2003-03-19 08:50:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vjswfchtml.dll
----a-w 1,032,192 2004-07-15 08:15:14 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
----a-w 31,744 2004-07-15 02:11:56 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
----a-w 16,896 2003-02-21 09:59:44 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
----a-w 94,208 2003-02-21 10:55:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
----a-w 54,688 2002-02-12 18:55:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\dwintl.dll
----a-w 131,072 2003-02-21 10:02:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
----a-w 122,880 2003-03-19 06:38:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vjscui.dll
----a-w 102,400 2003-03-19 06:36:12 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\vjslibui.dll
----a-w 155,648 2003-02-21 12:04:20 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
----a-w 22,528 2003-02-21 01:43:36 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
----a-w 258,048 2004-07-15 01:49:16 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_aspnet_isapi.dll
----a-w 81,920 2004-07-15 00:32:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_CORPerfMonExt.dll
----a-w 282,624 2004-07-15 00:24:30 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_fusion.dll
----a-w 315,392 2004-07-15 00:25:06 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_mscorjit.dll
----a-w 2,138,112 2004-07-15 14:29:02 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_mscorlib.dll
----a-w 77,824 2003-02-21 02:09:18 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_mscorsn.dll
----a-w 2,510,848 2004-07-15 00:26:52 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_mscorsvr.dll
----a-w 2,502,656 2004-07-15 00:28:34 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_mscorwks.dll
----a-w 348,160 2003-02-21 11:42:22 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_msvcr71.dll
----a-w 94,208 2004-07-15 00:34:50 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW2028\_PerfCounter.dll
----a-w 53,248 2004-06-22 13:51:38 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
----a-w 69,632 2003-03-19 06:43:52 C:\WINDOWS\Microsoft.NET\Framework\VJSharp\VJSharpSxS10.dll
----a-w 110,592 2003-03-19 06:38:44 C:\WINDOWS\Microsoft.NET\Framework\VJSharp\VJSWfcHost.dll
----a-w 24,064 2004-08-04 07:56:41 C:\WINDOWS\msagent\agentanm.dll
----a-w 214,016 2004-08-04 07:56:41 C:\WINDOWS\msagent\agentctl.dll
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\msagent\agentdp2.dll
----a-w 57,344 2007-03-09 13:58:57 C:\WINDOWS\msagent\agentdpv.dll
----a-w 49,152 2004-08-04 07:56:41 C:\WINDOWS\msagent\agentmpx.dll
----a-w 24,064 2004-08-04 07:56:41 C:\WINDOWS\msagent\agentpsh.dll
----a-w 44,032 2004-08-04 07:56:41 C:\WINDOWS\msagent\agentsr.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\msagent\agentsvr.exe
----a-w 24,064 2004-08-04 07:56:41 C:\WINDOWS\msagent\agtintl.dll
----a-w 39,936 2004-08-04 07:56:43 C:\WINDOWS\msagent\mslwvtts.dll
----a-w 19,456 2004-02-12 15:58:00 C:\WINDOWS\msagent\intl\agt0405.dll
----a-w 19,456 2004-02-12 15:58:00 C:\WINDOWS\msagent\intl\agt0406.dll
----a-w 21,504 2004-02-12 15:58:00 C:\WINDOWS\msagent\intl\agt0407.dll
----a-w 22,016 2004-02-11 18:32:00 C:\WINDOWS\msagent\intl\agt0408.dll
----a-w 19,456 2004-02-11 18:31:00 C:\WINDOWS\msagent\intl\agt0409.dll
----a-w 19,456 2004-02-11 18:31:00 C:\WINDOWS\msagent\intl\agt040b.dll
----a-w 21,504 2004-02-11 18:31:00 C:\WINDOWS\msagent\intl\agt040c.dll
----a-w 19,968 2004-02-11 18:31:00 C:\WINDOWS\msagent\intl\agt040e.dll
----a-w 20,992 2004-02-11 18:31:00 C:\WINDOWS\msagent\intl\agt0410.dll
----a-w 20,992 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt0413.dll
----a-w 19,456 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt0414.dll
----a-w 19,456 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt0415.dll
----a-w 20,480 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt0416.dll
----a-w 19,456 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt0419.dll
----a-w 19,456 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt041d.dll
----a-w 19,456 2004-02-11 18:35:00 C:\WINDOWS\msagent\intl\agt041f.dll
----a-w 20,992 2004-02-11 18:46:00 C:\WINDOWS\msagent\intl\agt0816.dll
----a-w 20,480 2004-02-11 18:46:00 C:\WINDOWS\msagent\intl\agt0c0a.dll
------w 33,792 2006-06-03 11:40:49 C:\WINDOWS\network diagnostic\custsat.dll
------w 557,568 2006-10-10 12:44:50 C:\WINDOWS\network diagnostic\xpnetdiag.exe
----a-w 21,504 2004-02-11 18:31:00 C:\WINDOWS\PCHealth\HelpCtr\Binaries\brpinfo.dll
----a-w 6,656 2004-02-11 19:30:00 C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll
----a-w 768,512 2004-08-04 07:56:49 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
----a-w 99,840 2004-02-12 16:08:00 C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
----a-w 743,936 2004-08-04 07:56:50 C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
----a-w 18,944 2004-08-04 07:56:50 C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
----a-w 376,320 2004-08-04 07:56:43 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
----a-w 35,328 2004-02-11 18:52:00 C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
----a-w 102,400 2004-08-04 07:56:44 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
----a-w 38,912 2004-08-04 07:56:44 C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
----a-w 9,542 2005-01-05 07:14:23 C:\WINDOWS\PCHealth\HelpCtr\Config\Cntstore.bin
----a-w 79,091 2005-01-05 07:16:02 C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
----a-w 3,726 2005-01-05 07:16:02 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\SkuStore.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43]
"VTTimer"="VTTimer.exe" []
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-02-23 22:43]
"nwiz"="nwiz.exe" [2004-02-23 22:43 C:\WINDOWS\system32\nwiz.exe]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 12:38]
"pdfFactory Dispatcher v2"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2005-01-05 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-02 01:37]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe" [2004-01-02 01:59]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"SpybotSD TeaTimer"="C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-01-03 13:15:37]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 06:19:24]
Photo Loader supervisory.lnk - C:\Program Files\CASIO\Photo Loader\Plauto.exe [2005-01-03 13:15:37]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-08 17:51:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-08 17:52:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-08 18:08:57 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-09-24 21:34:58 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Documents and Settings\Owner\My Documents\temp files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 19:09:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 19:11:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 19:11
C:\ComboFix2.txt ... 2007-10-04 21:25
C:\ComboFix3.txt ... 2007-10-04 21:17
.
--- E O F ---

Mr_JAk3
2007-10-09, 22:42
Ok good :)

Open "My Computer" and delete the following files (if present):
C:\Documents and Settings\Owner\jilyumye.exe
C:\Documents and Settings\Owner\nvwqchaj.exe


You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

Tinny
2007-10-10, 22:55
Both the jilyumye and nvwqchaj files are present, however I unable able to delete. When I try I get a pop up advising ..can not delete jilyumye it is being used by another person or programme. Close any programmes that maybe using this file and try again...

all other applications are shut, have tried rebooting but still same message? What should I do. As unable to delete files have not gone any further yet on your last instructions.

Thks

Mr_JAk3
2007-10-11, 21:28
Ok let's try this for the stubborn files:

Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Owner\jilyumye.exe
C:\Documents and Settings\Owner\nvwqchaj.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Now continue with DrWeb scan

Tinny
2007-10-12, 00:58
Okay that worked, please find attachedDr Web Report and Hijack Report (on next post)


RegUBP2b-Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
~.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Inject.443;Deleted.;
A0045228.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.331;Deleted.;
A0045230.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.331;Deleted.;
A0045231.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.331;Deleted.;
A0045236.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.331;Deleted.;
A0046011.dll;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Click.4237;Deleted.;
A0046048.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.StartPage.1505;Deleted.;
A0046108.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046136.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046157.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046199.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046226.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046262.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.StartPage.1505;Deleted.;
A0046300.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.StartPage.1505;Deleted.;
A0046339.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.StartPage.1505;Deleted.;
A0046352.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Inject.443;Deleted.;
A0046376.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.StartPage.1505;Deleted.;
A0046578.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP383;Trojan.StartPage.1505;Deleted.;
A0046636.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP384;Trojan.StartPage.1505;Deleted.;
A0046906.reg;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP387;Trojan.StartPage.1505;Deleted.;
autorun.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup;Trojan.Fakealert.305 - read error;Deleted.;
system.exe.vir;C:\qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup;Trojan.Fakealert.305 - read error;Deleted.;
printer.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.305 - read error;Deleted.;
vtr.dll.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.305 - read error;Deleted.;
winavxx.exe.vir;C:\qoobox\Quarantine\C\WINDOWS\system32;Trojan.Fakealert.305 - read error;Deleted.;
A0045229.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045232.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045241.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045332.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045335.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045451.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045453.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045454.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045469.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045471.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045472.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045479.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045481.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045482.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045511.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045513.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045514.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP367;Trojan.Fakealert.305 - read error;Deleted.;
A0045551.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045553.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045554.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045583.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045585.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045599.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045601.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045602.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP369;Trojan.Fakealert.305 - read error;Deleted.;
A0045637.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045639.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045640.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045670.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045672.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045673.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045688.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045690.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045691.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045715.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045717.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045718.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045740.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045742.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045743.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045755.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045757.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045758.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP370;Trojan.Fakealert.305 - read error;Deleted.;
A0045776.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045778.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045779.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045808.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045809.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045810.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045860.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045862.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP372;Trojan.Fakealert.305 - read error;Deleted.;
A0045894.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045896.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045897.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045928.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045929.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045930.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045941.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045942.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045944.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045982.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045984.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0045985.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP373;Trojan.Fakealert.305 - read error;Deleted.;
A0046016.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046018.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046019.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046037.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046039.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046040.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP374;Trojan.Fakealert.305 - read error;Deleted.;
A0046100.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046101.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046103.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046130.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046132.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046133.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046151.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046152.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046154.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046193.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046194.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046195.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046219.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046221.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046222.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046257.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046258.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046259.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP375;Trojan.Fakealert.305 - read error;Deleted.;
A0046294.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046296.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046297.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046330.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046331.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046333.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP376;Trojan.Fakealert.305 - read error;Deleted.;
A0046350.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Fakealert.305 - read error;Deleted.;
A0046351.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Fakealert.305 - read error;Deleted.;
A0046354.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Fakealert.305 - read error;Deleted.;
A0046355.exe;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Fakealert.305 - read error;Deleted.;
A0046356.dll;C:\System Volume Information\_restore{0C83D441-BF52-4044-A4FD-E3966F45DDBF}\RP377;Trojan.Fakealert.305 - read error;Deleted.;

Tinny
2007-10-12, 00:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:23, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\My Downloads\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\kpf4ss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9521 bytes

Mr_JAk3
2007-10-12, 21:21
Hi :)

Looks better, only minor leftovers.

At first you need to disable a few realtime protections. These may interfere with our cleaning process.
We'll enable these when you're clean...

Disable AVG Anti-Spyware guard.
Open AVG Anti-Spyware
Click Shield
Click under "resident shield is"
Change it to inactive
Close the program

Disable Spybot S&D Teatimer.
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu select "Advanced Mode"
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe

Restart the Pc and post one more HijackTHis log.
Also let me know how the pc is running :bigthumb:

Tinny
2007-10-13, 11:08
Hi Mr JAk3

Computer is running okay speed wise. Those pop ups are no longer appearing I originally had. Can not see any other issues at mo. Attached below is the latest HJT. Thks Tinny

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:06:39, on 13/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q304&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q304&bd=presario&pf=desktop
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRS4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.broadbandassist.com/prequal/MotivePreQual.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{19DBB19E-EDF7-40BF-87F3-935057CB8702}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\My Downloads\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\kpf4ss.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9840 bytes

Mr_JAk3
2007-10-14, 12:19
Hi again, it is looking clean now :)

Now you can enable Spybot S&D Teatimer again.

You can remove the tools we used.

Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)

Tinny
2007-10-14, 21:15
Mr JAk3 Many thanks for your assistance on thisw. Brgds Tinny

Mr_JAk3
2007-10-14, 21:27
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb: