View Full Version : Virtumonde and winspyware
So I've tried so many things to get rid of this spyware, so now I've come to you guys for help.
Logfile of HijackThis v1.99.1
Scan saved at 11:28:26 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\psivxsrk.dll",sitypnow
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190655628921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
--- Report generated: 2007-09-28 11:22 ---
WildTangent: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM\ClassPath=...;C:\Program Files\WildTangent\Apps\DRM0300Java.jar...
Virtumonde: User settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2702131579-4161059552-1075667335-1003\Software\Microsoft\rdfa
Virtumonde: Settings (Registry key, fixed)
HKEY_USERS\S-1-5-21-2702131579-4161059552-1075667335-1003\Software\Microsoft\aldd
Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Virtumonde.rtk: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
ReliableStats: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Winsoftware: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
ReliableStats: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, fixed)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-07-12 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-05-23 advcheck.dll (1.5.3.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-07-31 Tools.dll (2.1.2.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-09-19 Includes\Cookies.sbi (*)
2007-07-25 Includes\Dialer.sbi (*)
2007-09-19 Includes\DialerC.sbi (*)
2007-08-29 Includes\Hijackers.sbi (*)
2007-09-19 Includes\HijackersC.sbi (*)
2007-07-25 Includes\Keyloggers.sbi (*)
2007-09-19 Includes\KeyloggersC.sbi (*)
2007-09-12 Includes\Malware.sbi (*)
2007-09-19 Includes\MalwareC.sbi (*)
2007-09-05 Includes\PUPS.sbi (*)
2007-09-19 Includes\PUPSC.sbi (*)
2007-09-19 Includes\Revision.sbi (*)
2007-05-30 Includes\Security.sbi (*)
2007-09-19 Includes\SecurityC.sbi (*)
2007-09-12 Includes\Spybots.sbi (*)
2007-09-19 Includes\SpybotsC.sbi (*)
2007-08-21 Includes\Tracks.uti
2007-09-12 Includes\Trojans.sbi (*)
2007-09-19 Includes\TrojansC.sbi (*)
2007-06-06 Plugins\TCPIPAddress.dll
steamwiz
2007-09-29, 19:08
HI
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
1. Double-click VundoFix.exe to run it.
2. When VundoFix re-opens, click the Scan for Vundo button.
3. Once it's done scanning, click the Remove Vundo button.
4. You will receive a prompt asking if you want to remove the files, click "YES".
5. Once you click yes, your desktop will go blank as it starts removing Vundo.
6. When completed, it will prompt that it will reboot your computer, click "OK".
7. Please post the contents of C:\vundofix.txt
If vundofix cannot delete a file, it will try to delete it during a reboot, after the reboot vundofix will open again, you must run vundofix again, from "Click the Scan for Vundo button" ... and you must keep running vundofix until it does delete the file... I've known a stubborn vundo file take 5 or 6 reboots before it is deleted...
Keep running vundofix untill it gives you the message "no infected files were found"
THEN ...
Please download Combofix: http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
so please post :-
1. C:\vundofix.txt
2. C:\ComboFix.txt
3. a new hijackthis log (run after the other 2 programs)
steam
Thanks for replying :) Here are the logs.
VundoFix V6.5.9
Checking Java version...
Scan started at 2:58:15 PM 9/29/2007
Listing files found while scanning....
C:\WINDOWS\system32\mstcxwoo.ini
C:\WINDOWS\system32\oowxctsm.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mstcxwoo.ini
C:\WINDOWS\system32\mstcxwoo.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\oowxctsm.dll
C:\WINDOWS\system32\oowxctsm.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Scan started at 3:05:11 PM 9/29/2007
Listing files found while scanning....
No infected files were found.
ComboFix 07-09-29.6 - Owner 2007-09-29 15:21:04.9 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1110 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\oowxctsm.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.
2007-09-27 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\LOCALS~1
2007-09-27 11:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-27 11:00 <DIR> d-------- C:\e6ce7603b860a24106bc8b47e5d99b
2007-09-27 10:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-27 10:59 <DIR> d-------- C:\8dfbeeb3038b9d4c47de0d43f70b
2007-09-27 10:58 <DIR> d-------- C:\eb391cbeac4a5651f97aaf3e
2007-09-27 00:32 <DIR> d-------- C:\VundoFix Backups
2007-09-26 01:07 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-09-26 01:07 <DIR> d-------- C:\Temp\xOe
2007-09-26 01:06 36,352 --a------ C:\WINDOWS\system32\qommjjj.dll
2007-09-26 01:06 35,328 --a------ C:\WINDOWS\winshow.exe
2007-09-25 04:32 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-24 13:24 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-24 13:22 <DIR> d-------- C:\Program Files\DriftCity
2007-09-23 14:42 <DIR> d-------- C:\ijji
2007-09-23 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-21 15:14 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-21 14:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-17 00:27 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-15 23:59 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-09-15 23:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-15 21:49 <DIR> d-------- C:\Temp
2007-09-09 10:43 <DIR> d-------- C:\Program Files\iPod
2007-09-04 20:51 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:49 <DIR> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 15:26 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-28 03:03 --------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-09-28 02:35 --------- d-------- C:\Program Files\mIRC
2007-09-25 12:47 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-25 10:36 --------- d-------- C:\Program Files\World of Warcraft
2007-09-24 13:24 --------- d-------- C:\Documents and Settings\Owner\Application Data\NHN Corporation
2007-09-23 17:47 --------- d-------- C:\Program Files\Warcraft III
2007-09-23 14:42 --------- d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-09-23 12:39 --------- d-------- C:\Program Files\Azureus
2007-09-21 15:10 --------- d-------- C:\Program Files\Trillian
2007-09-16 20:53 --------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-09 10:43 --------- d-------- C:\Program Files\iTunes
2007-08-26 19:16 --------- d-------- C:\Program Files\Apple Software Update
2007-08-25 15:58 --------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-24 16:39 --------- d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-24 16:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 16:37 --------- d-------- C:\Program Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 16:37 --------- d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-08-14 03:12 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-14 03:12 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 03:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-05 08:55 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-21 19:56 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-07-21 19:55 139264 --a------ C:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-26_ 22644.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-28 13:06:08 C:\WINDOWS\catchme.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
-c----w 414,208 2006-10-19 01:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 01:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 315,904 2006-11-01 22:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
-c----w 221,488 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
-c----w 379,184 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
-c----w 286,208 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
-c----w 159,232 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
-c----w 695,296 2004-08-04 07:57:02 C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
-c----w 6,656 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
-c----w 103,936 2004-08-04 07:56:50 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
-c----w 310,272 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
-c----w 384,512 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
-c----w 240,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
-c----w 259,072 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
-c----w 52,224 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
-c----w 201,728 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
-c----w 356,352 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
-c----w 245,760 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
-c----w 237,568 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
-c----w 408,064 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
-c----w 670,720 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
-c----w 230,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
-c----w 27,136 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
-c----w 23,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
-c----w 151,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
-c----w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
-c----w 759,296 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
-c----w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
-c----w 484,864 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
-c----w 896,512 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
-c----w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
-c----w 809,984 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
-c----w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
-c----w 13,312 2006-11-02 15:46:52 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
-c----w 8,192 2004-08-04 07:55:59 C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
-c----w 368,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
-c----w 774,144 2004-08-04 07:56:56 C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
-c----w 208,896 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
-c----w 168,448 2004-08-04 07:56:35 C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
-c----w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
-c----w 114,688 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
-c----w 98,304 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
-c----w 233,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
-c----w 73,728 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
-c----w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
-c----w 102,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
-c----w 221,488 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
-c----w 379,184 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
-c----w 58,368 2006-09-28 23:01:52 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\inf\unregmp2.exe
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
----a-w 7,168 2006-10-19 01:47:08 C:\WINDOWS\system32\asferror.dll
----a-w 276,992 2006-10-19 01:47:08 C:\WINDOWS\system32\audiodev.dll
----a-w 542,720 2006-10-19 01:47:10 C:\WINDOWS\system32\blackbox.dll
----a-w 229,376 2006-10-19 01:47:10 C:\WINDOWS\system32\cewmdm.dll
----a-w 249,856 2006-10-19 00:00:46 C:\WINDOWS\system32\drmupgds.exe
----a-w 991,744 2006-10-19 01:47:10 C:\WINDOWS\system32\drmv2clt.dll
----a-w 135,168 2007-07-12 05:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 05:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 06:22:38 C:\WINDOWS\system32\javaws.exe
----a-w 11,264 2006-10-19 01:47:14 C:\WINDOWS\system32\LAPRXY.dll
----a-w 100,864 2006-10-19 00:03:58 C:\WINDOWS\system32\logagent.exe
----a-w 212,992 2006-10-19 01:47:14 C:\WINDOWS\system32\MFPLAT.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DMOD.dll
----a-w 317,440 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDMOD.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DMOD.dll
----a-w 312,128 2006-10-02 19:28:42 C:\WINDOWS\system32\msdelta.dll
----a-w 179,712 2006-10-19 01:47:16 C:\WINDOWS\system32\msnetobj.dll
----a-w 27,136 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 175,616 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsp.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\system32\msscp.dll
----a-w 321,536 2006-10-19 01:47:16 C:\WINDOWS\system32\mswmdm.dll
----a-w 284,160 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceApi.dll
----a-w 101,888 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceClassExtension.dll
----a-w 166,912 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceTypes.dll
----a-w 132,096 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
----a-w 199,168 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWMDRM.dll
----a-w 211,456 2006-10-19 01:47:18 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-09-25 21:58:48 C:\WINDOWS\system32\spmsg.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\uwdf.exe
----a-w 4,096 2006-10-19 01:47:18 C:\WINDOWS\system32\wdfapi.dll
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\wdfmgr.exe
----a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOD.dll
----a-w 1,117,696 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOE.dll
----a-w 222,208 2006-10-19 01:47:18 C:\WINDOWS\system32\wmasf.dll
----a-w 33,792 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmlog.dll
----a-w 37,376 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmps.dll
----a-w 429,056 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 348,672 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmnet.dll
----a-w 535,040 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmsdk.dll
----a-w 227,328 2006-10-19 01:47:20 C:\WINDOWS\system32\wmerror.dll
----a-w 157,184 2006-10-19 01:47:20 C:\WINDOWS\system32\wmidx.dll
----a-w 937,984 2006-10-19 01:47:20 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\wmp.dll
----a-w 242,688 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpasf.dll
----a-w 314,880 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpdxm.dll
----a-w 295,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpeffects.dll
----a-w 1,661,440 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpencen.dll
----a-w 8,231,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmploc.dll
----a-w 613,376 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpmde.dll
----a-w 130,048 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpps.dll
----a-w 99,840 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpshell.dll
----a-w 204,288 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 603,648 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOD.dll
----a-w 1,329,152 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOE.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvcore.dll
----a-w 1,543,680 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 1,574,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVENCOD.dll
----a-w 1,382,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSDECD.dll
----a-w 767,488 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSENCD.dll
----a-w 656,896 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 35,840 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdconns.dll
----a-w 154,624 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtp.dll
----a-w 63,488 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtpus.dll
----a-w 2,603,008 2006-10-19 01:47:22 C:\WINDOWS\system32\WpdShext.dll
----a-w 17,408 2006-10-19 00:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
----a-w 38,400 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdshextres.dll
----a-w 133,632 2006-10-19 01:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 356,352 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdsp.dll
----a-w 629,760 2006-10-19 01:47:22 C:\WINDOWS\system32\wpd_ci.dll
----a-w 95,344 2006-09-29 00:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
----a-w 146,432 2006-09-28 22:56:38 C:\WINDOWS\system32\WudfHost.exe
----a-w 165,376 2006-09-28 22:56:16 C:\WINDOWS\system32\WudfPlatform.dll
----a-w 55,808 2006-09-28 22:56:14 C:\WINDOWS\system32\WudfSvc.dll
----a-w 316,416 2006-09-28 22:56:38 C:\WINDOWS\system32\WUDFx.dll
-c--a-w 33,280 2004-08-04 07:56:55 C:\WINDOWS\system32\dllcache\rundll32.exe
-c--a-w 55,808 2004-08-04 07:56:44 C:\WINDOWS\system32\dllcache\secur32.dll
-c--a-w 25,088 2004-08-04 07:56:45 C:\WINDOWS\system32\dllcache\shfolder.dll
-c--a-w 43,520 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wbemsvc.dll
-c--a-w 53,760 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\winsta.dll
-c--a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\dllcache\WMADMOD.dll
-c--a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\dllcache\wmvcore.dll
-c--a-w 82,944 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\ws2_32.dll
----a-w 38,528 2006-10-19 00:00:00 C:\WINDOWS\system32\drivers\wpdusb.sys
----a-w 77,568 2006-09-28 22:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
----a-w 82,944 2006-09-28 23:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
----a-w 671,232 2006-10-19 01:47:22 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
----a-w 94,208 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
----a-w 109,056 2007-07-20 04:47:22 C:\WINDOWS\catchme.exe
----a-w 208,896 2004-08-04 07:56:57 C:\WINDOWS\inf\unregmp2.exe
----a-w 8,192 2004-08-04 07:55:59 C:\WINDOWS\system32\asferror.dll
----a-w 286,208 2004-08-04 07:56:41 C:\WINDOWS\system32\blackbox.dll
----a-w 159,232 2004-08-04 07:56:41 C:\WINDOWS\system32\cewmdm.dll
----a-w 695,296 2004-08-04 07:57:02 C:\WINDOWS\system32\drmv2clt.dll
----a-w 24,677 2003-02-20 20:42:34 C:\WINDOWS\system32\java.exe
----a-w 28,775 2003-02-20 20:42:34 C:\WINDOWS\system32\javaw.exe
----a-w 6,656 2004-08-04 07:56:42 C:\WINDOWS\system32\laprxy.dll
----a-w 103,936 2004-08-04 07:56:50 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 07:56:42 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 07:56:42 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 07:56:42 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 259,072 2004-08-04 07:57:01 C:\WINDOWS\system32\msnetobj.dll
----a-w 52,224 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 201,728 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsp.dll
----a-w 356,352 2004-08-04 07:57:01 C:\WINDOWS\system32\msscp.dll
----a-w 245,760 2004-08-04 07:56:44 C:\WINDOWS\system32\mswmdm.dll
----a-w 237,568 2004-08-04 07:56:44 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-10-09 01:51:14 C:\WINDOWS\system32\spmsg.dll
----a-w 279,552 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmod.dll
----a-w 670,720 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmoe.dll
----a-w 230,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmasf.dll
----a-w 27,136 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmlog.dll
----a-w 23,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmps.dll
----a-w 168,448 2004-08-04 07:56:35 C:\WINDOWS\system32\wmerror.dll
----a-w 151,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmidx.dll
----a-w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 114,688 2004-08-04 07:56:46
C:\WINDOWS\system32\wmpasf.dll
----a-w 233,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpdxm.dll
----a-w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\system32\wmploc.dll
----a-w 102,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpshell.dll
----a-w 759,296 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmod.dll
----a-w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 484,864 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmod.dll
----a-w 896,512 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\wmvcore.dll
----a-w 809,984 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmod.dll
----a-w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmoe2.dll
-c--a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c--a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 94,208 2007-02-21 21:48:18 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-02-21 21:49:08 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 05:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 05:29]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]
"{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\qommjjj.dll [2007-09-26 01:06 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
.
Contents of the 'Scheduled Tasks' folder
"2007-07-25 12:18:44 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-07-12 13:36:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 15:26:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-29 15:28:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 15:28
C:\ComboFix2.txt ... 2007-09-28 10:50
C:\ComboFix3.txt ... 2007-09-27 13:50
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 3:51:16 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190655628921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
steamwiz
2007-09-29, 22:40
Hi
I see you've run Combofix on each of the last 3 days ...
which means these bad (vundo) files came in since you ran Combofix yesterday :-
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\oowxctsm.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini
---
What is also surprising is the log from vundofix :-
bottom part of log ...
Attempting to delete C:\WINDOWS\system32\oowxctsm.dll
C:\WINDOWS\system32\oowxctsm.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Scan started at 3:05:11 PM 9/29/2007
Listing files found while scanning....
No infected files were found.
---
When a file can't be deleted, it should be found on the next scan, and then deleted...
Still ... Combofix deleted it ...
---
Do you know what these are ? are they legit game related folders ? :-
2007-09-23 14:42 <DIR> d-------- C:\ijji
2007-09-23 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\winshow.exe
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\vMW10a
C:\Temp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"=-
"{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"=-
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
steam
Ya, Ijji is legit :)
Logfile of HijackThis v1.99.1
Scan saved at 9:34:08 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190655628921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
ComboFix 07-09-29.6 - Owner 2007-09-29 21:25:26.10 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1101 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\geebx.dll
C:\WINDOWS\system32\xbeeg.ini
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-27 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\LOCALS~1
2007-09-27 11:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-27 11:00 <DIR> d-------- C:\e6ce7603b860a24106bc8b47e5d99b
2007-09-27 10:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-27 10:59 <DIR> d-------- C:\8dfbeeb3038b9d4c47de0d43f70b
2007-09-27 10:58 <DIR> d-------- C:\eb391cbeac4a5651f97aaf3e
2007-09-27 00:32 <DIR> d-------- C:\VundoFix Backups
2007-09-26 01:07 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-09-26 01:07 <DIR> d-------- C:\Temp\xOe
2007-09-26 01:06 36,352 --a------ C:\WINDOWS\system32\qommjjj.dll
2007-09-26 01:06 35,328 --a------ C:\WINDOWS\winshow.exe
2007-09-25 04:32 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-24 13:24 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-24 13:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NHN Corporation
2007-09-24 13:22 <DIR> d-------- C:\Program Files\DriftCity
2007-09-23 14:42 <DIR> d-------- C:\ijji
2007-09-23 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-21 15:14 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-21 14:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-17 00:27 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-15 23:59 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-09-15 23:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-15 21:49 <DIR> d-------- C:\Temp
2007-09-09 10:43 <DIR> d-------- C:\Program Files\iPod
2007-09-04 20:51 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:49 <DIR> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 21:31 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-28 03:03 --------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-09-28 02:35 --------- d-------- C:\Program Files\mIRC
2007-09-25 12:47 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-25 10:36 --------- d-------- C:\Program Files\World of Warcraft
2007-09-23 17:47 --------- d-------- C:\Program Files\Warcraft III
2007-09-23 14:42 --------- d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-09-23 12:39 --------- d-------- C:\Program Files\Azureus
2007-09-21 15:10 --------- d-------- C:\Program Files\Trillian
2007-09-16 20:53 --------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-09 10:43 --------- d-------- C:\Program Files\iTunes
2007-08-26 19:16 --------- d-------- C:\Program Files\Apple Software Update
2007-08-25 15:58 --------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-24 16:39 --------- d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-24 16:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 16:37 --------- d-------- C:\Program Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 16:37 --------- d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-08-14 03:12 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-14 03:12 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 03:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-05 08:55 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-21 19:56 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-07-21 19:55 139264 --a------ C:\WINDOWS\War3Unin.exe
2007-07-09 15:07 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-09 15:07 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
.
((((((((((((((((((((((((((((( snapshot_2007-09-26_ 22644.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-28 13:06:08 C:\WINDOWS\catchme.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
-c----w 414,208 2006-10-19 01:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 01:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 315,904 2006-11-01 22:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
-c----w 221,488 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
-c----w 379,184 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
-c----w 286,208 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
-c----w 159,232 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
-c----w 695,296 2004-08-04 07:57:02 C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
-c----w 6,656 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
-c----w 103,936 2004-08-04 07:56:50 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
-c----w 310,272 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
-c----w 384,512 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
-c----w 240,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
-c----w 259,072 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
-c----w 52,224 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
-c----w 201,728 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
-c----w 356,352 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
-c----w 245,760 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
-c----w 237,568 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
-c----w 408,064 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
-c----w 670,720 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
-c----w 230,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
-c----w 27,136 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
-c----w 23,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
-c----w 151,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
-c----w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
-c----w 759,296 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
-c----w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
-c----w 484,864 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
-c----w 896,512 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
-c----w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
-c----w 809,984 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
-c----w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
-c----w 13,312 2006-11-02 15:46:52 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
-c----w 8,192 2004-08-04 07:55:59 C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
-c----w 368,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
-c----w 774,144 2004-08-04 07:56:56 C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
-c----w 208,896 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
-c----w 168,448 2004-08-04 07:56:35 C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
-c----w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
-c----w 114,688 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
-c----w 98,304 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
-c----w 233,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
-c----w 73,728 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
-c----w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
-c----w 102,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
-c----w 221,488 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
-c----w 379,184 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
-c----w 58,368 2006-09-28 23:01:52 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\inf\unregmp2.exe
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
----a-w 7,168 2006-10-19 01:47:08 C:\WINDOWS\system32\asferror.dll
----a-w 276,992 2006-10-19 01:47:08 C:\WINDOWS\system32\audiodev.dll
----a-w 542,720 2006-10-19 01:47:10 C:\WINDOWS\system32\blackbox.dll
----a-w 229,376 2006-10-19 01:47:10 C:\WINDOWS\system32\cewmdm.dll
----a-w 249,856 2006-10-19 00:00:46 C:\WINDOWS\system32\drmupgds.exe
----a-w 991,744 2006-10-19 01:47:10 C:\WINDOWS\system32\drmv2clt.dll
----a-w 135,168 2007-07-12 05:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 05:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 06:22:38 C:\WINDOWS\system32\javaws.exe
----a-w 11,264 2006-10-19 01:47:14 C:\WINDOWS\system32\LAPRXY.dll
----a-w 100,864 2006-10-19 00:03:58 C:\WINDOWS\system32\logagent.exe
----a-w 212,992 2006-10-19 01:47:14 C:\WINDOWS\system32\MFPLAT.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DMOD.dll
----a-w 317,440 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDMOD.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DMOD.dll
----a-w 312,128 2006-10-02 19:28:42 C:\WINDOWS\system32\msdelta.dll
----a-w 179,712 2006-10-19 01:47:16 C:\WINDOWS\system32\msnetobj.dll
----a-w 27,136 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 175,616 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsp.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\system32\msscp.dll
----a-w 321,536 2006-10-19 01:47:16 C:\WINDOWS\system32\mswmdm.dll
----a-w 284,160 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceApi.dll
----a-w 101,888 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceClassExtension.dll
----a-w 166,912 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceTypes.dll
----a-w 132,096 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
----a-w 199,168 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWMDRM.dll
----a-w 211,456 2006-10-19 01:47:18 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-09-25 21:58:48 C:\WINDOWS\system32\spmsg.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\uwdf.exe
----a-w 4,096 2006-10-19 01:47:18 C:\WINDOWS\system32\wdfapi.dll
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\wdfmgr.exe
----a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOD.dll
----a-w 1,117,696 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOE.dll
----a-w 222,208 2006-10-19 01:47:18 C:\WINDOWS\system32\wmasf.dll
----a-w 33,792 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmlog.dll
----a-w 37,376 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmps.dll
----a-w 429,056 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 348,672 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmnet.dll
----a-w 535,040 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmsdk.dll
----a-w 227,328 2006-10-19 01:47:20 C:\WINDOWS\system32\wmerror.dll
----a-w 157,184 2006-10-19 01:47:20 C:\WINDOWS\system32\wmidx.dll
----a-w 937,984 2006-10-19 01:47:20 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\wmp.dll
----a-w 242,688 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpasf.dll
----a-w 314,880 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpdxm.dll
----a-w 295,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpeffects.dll
----a-w 1,661,440 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpencen.dll
----a-w 8,231,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmploc.dll
----a-w 613,376 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpmde.dll
----a-w 130,048 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpps.dll
----a-w 99,840 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpshell.dll
----a-w 204,288 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 603,648 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOD.dll
----a-w 1,329,152 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOE.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvcore.dll
----a-w 1,543,680 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 1,574,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVENCOD.dll
----a-w 1,382,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSDECD.dll
----a-w 767,488 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSENCD.dll
----a-w 656,896 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 35,840 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdconns.dll
----a-w 154,624 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtp.dll
----a-w 63,488 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtpus.dll
----a-w 2,603,008 2006-10-19 01:47:22 C:\WINDOWS\system32\WpdShext.dll
----a-w 17,408 2006-10-19 00:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
----a-w 38,400 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdshextres.dll
----a-w 133,632 2006-10-19 01:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 356,352 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdsp.dll
----a-w 629,760 2006-10-19 01:47:22 C:\WINDOWS\system32\wpd_ci.dll
----a-w 95,344 2006-09-29 00:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
----a-w 146,432 2006-09-28 22:56:38 C:\WINDOWS\system32\WudfHost.exe
----a-w 165,376 2006-09-28 22:56:16 C:\WINDOWS\system32\WudfPlatform.dll
----a-w 55,808 2006-09-28 22:56:14 C:\WINDOWS\system32\WudfSvc.dll
----a-w 316,416 2006-09-28 22:56:38 C:\WINDOWS\system32\WUDFx.dll
-c--a-w 33,280 2004-08-04 07:56:55 C:\WINDOWS\system32\dllcache\rundll32.exe
-c--a-w 55,808 2004-08-04 07:56:44 C:\WINDOWS\system32\dllcache\secur32.dll
-c--a-w 25,088 2004-08-04 07:56:45 C:\WINDOWS\system32\dllcache\shfolder.dll
-c--a-w 43,520 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wbemsvc.dll
-c--a-w 53,760 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\winsta.dll
-c--a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\dllcache\WMADMOD.dll
-c--a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\dllcache\wmvcore.dll
-c--a-w 82,944 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\ws2_32.dll
----a-w 38,528 2006-10-19 00:00:00 C:\WINDOWS\system32\drivers\wpdusb.sys
----a-w 77,568 2006-09-28 22:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
----a-w 82,944 2006-09-28 23:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
----a-w 671,232 2006-10-19 01:47:22 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
----a-w 94,208 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
----a-w 109,056 2007-07-20 04:47:22 C:\WINDOWS\catchme.exe
----a-w 208,896 2004-08-04 07:56:57 C:\WINDOWS\inf\unregmp2.exe
----a-w 8,192 2004-08-04 07:55:59 C:\WINDOWS\system32\asferror.dll
----a-w 286,208 2004-08-04 07:56:41 C:\WINDOWS\system32\blackbox.dll
----a-w 159,232 2004-08-04 07:56:41 C:\WINDOWS\system32\cewmdm.dll
----a-w 695,296 2004-08-04 07:57:02 C:\WINDOWS\system32\drmv2clt.dll
----a-w 24,677 2003-02-20 20:42:34 C:\WINDOWS\system32\java.exe
----a-w 28,775 2003-02-20 20:42:34 C:\WINDOWS\system32\javaw.exe
----a-w 6,656 2004-08-04 07:56:42 C:\WINDOWS\system32\laprxy.dll
----a-w 103,936 2004-08-04 07:56:50 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 07:56:42 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 07:56:42 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 07:56:42 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 259,072 2004-08-04 07:57:01 C:\WINDOWS\system32\msnetobj.dll
----a-w 52,224 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 201,728 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsp.dll
----a-w 356,352 2004-08-04 07:57:01 C:\WINDOWS\system32\msscp.dll
----a-w 245,760 2004-08-04 07:56:44 C:\WINDOWS\system32\mswmdm.dll
----a-w 237,568 2004-08-04 07:56:44 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-10-09 01:51:14 C:\WINDOWS\system32\spmsg.dll
----a-w 279,552 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmod.dll
----a-w 670,720 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmoe.dll
----a-w 230,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmasf.dll
----a-w 27,136 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmlog.dll
----a-w 23,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmps.dll
----a-w 168,448 2004-08-04 07:56:35 C:\WINDOWS\system32\wmerror.dll
----a-w 151,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmidx.dll
----a-w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 114,688 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpasf.dll
----a-w 233,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpdxm.dll
----a-w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\system32\wmploc.dll
----a-w 102,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpshell.dll
----a-w 759,296 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmod.dll
----a-w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 484,864 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmod.dll
----a-w 896,512 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\wmvcore.dll
----a-w 809,984 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmod.dll
----a-w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmoe2.dll
-c--a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c--a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 94,208 2007-02-21 21:48:18 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-02-21 21:49:08 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 05:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 05:29]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]
"{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"= C:\WINDOWS\system32\qommjjj.dll [2007-09-26 01:06 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
.
Contents of the 'Scheduled Tasks' folder
"2007-07-25 12:18:44 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-07-12 13:36:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 21:31:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-29 21:33:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 21:32
C:\ComboFix2.txt ... 2007-09-29 15:28
C:\ComboFix3.txt ... 2007-09-28 10:50
.
--- E O F ---
steamwiz
2007-09-30, 20:47
HI
I'm afraid the script which you were supposed to drop into Combofix didn't work ...
We need to get this to work to delete the files/folders/registry keys
If you are having a problem at some point, please tell me where ...
Let's try it again ... when you drag & drop the CFScript.txt file into Combofix, it should automatically reboot ... does it ?
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\winshow.exe
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\vMW10a
C:\Temp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"=-
"{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"=-
Save this as "CFScript.txt"
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
steam
Yes, it reboots when I drag Before combofix starts scanning it says "The system cannot find the batch label specified - CF-Script" and then it starts scanning. Twice, on separate runs, while it was creating a backup I got an error saying "Exception EInvalidOp in module ERUNT.cfexe at 0IZD0FC1. Invalid floating point operation." (I might have gotten "0IZD0FC1" wrong). I know I'm copying and pasting exactly like you told me to.
File::
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\winshow.exe
Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\vMW10a
C:\Temp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"=-
"{F884BE4E-64D5-43FE-80A4-DB8D63C748F0}"=-
Actually, what exactly do you mean by automatically rebooting, it says "Please wait "C:\Documents and Settings\Owner\Desktop\CFScript.txt"" then "Please wait. ComboFix is preparing to run." then its the disclaimer and the 1 or 2 choice. I choose 1 it does its back up then "The system cannot find the batch label specified - CF-Script" and then scans. If the scan finds something it then reboots.
last sentence "reboots my computer."
steamwiz
2007-09-30, 23:56
HI
Sorry, my bad terminology ... it scans and then reboots ... because it will find the files in the script ..
When you type the 1 ... make sure there is not a space in front of it ...
The top of the new log should be like this :-
http://forums.spybot.info/showpost.php?p=123535&postcount=6
in your case it should read ...
File::
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\winshow.exe
Then go on to show the file/folder deletions
If it doesn't say that at the top then it hasn't worked.
steam
Alright, so I turned off windows firewall and norton's auto protect from turning on at startup and redownloaded combofix and it worked.
ComboFix 07-09-30.10 - Owner 2007-09-30 20:08:06.20 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1173 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\winshow.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Temp
C:\VundoFix Backups
C:\VundoFix Backups\dfrnkpxn.dll.bad
C:\VundoFix Backups\diskperf.exe.bad
C:\VundoFix Backups\gsghmlal.ini.bad
C:\VundoFix Backups\lalmhgsg.dll.bad
C:\VundoFix Backups\mstcxwoo.ini.bad
C:\VundoFix Backups\nxpknrfd.ini.bad
C:\VundoFix Backups\oowxctsm.dll.bad
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\qommjjj.dll
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\winshow.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-01 to 2007-10-01 )))))))))))))))))))))))))))))))
.
2007-09-30 18:10 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-09-30 18:00 <DIR> d-------- C:\Program Files\Microsoft Games
2007-09-30 17:34 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-09-30 17:33 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-27 13:50 <DIR> d-------- C:\Documents and Settings\Administrator\LOCALS~1
2007-09-27 11:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-27 11:00 <DIR> d-------- C:\e6ce7603b860a24106bc8b47e5d99b
2007-09-27 10:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-27 10:59 <DIR> d-------- C:\8dfbeeb3038b9d4c47de0d43f70b
2007-09-27 10:58 <DIR> d-------- C:\eb391cbeac4a5651f97aaf3e
2007-09-25 04:32 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-24 13:24 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-09-24 13:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NHN Corporation
2007-09-24 13:22 <DIR> d-------- C:\Program Files\DriftCity
2007-09-23 14:42 <DIR> d-------- C:\ijji
2007-09-23 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-09-21 15:14 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-09-21 14:53 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-09-17 00:27 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-15 23:59 <DIR> d-------- C:\Documents and Settings\Owner\DoctorWeb
2007-09-15 23:50 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-09 10:43 <DIR> d-------- C:\Program Files\iPod
2007-09-04 20:51 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-04 20:49 <DIR> d-------- C:\WINDOWS\ShellNew
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 20:12 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-30 19:42 --------- d-------- C:\Program Files\Norton AntiVirus
2007-09-28 03:03 --------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-09-28 02:35 --------- d-------- C:\Program Files\mIRC
2007-09-25 12:47 --------- d-------- C:\Program Files\SpywareBlaster
2007-09-25 10:36 --------- d-------- C:\Program Files\World of Warcraft
2007-09-23 17:47 --------- d-------- C:\Program Files\Warcraft III
2007-09-23 14:42 --------- d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-09-23 12:39 --------- d-------- C:\Program Files\Azureus
2007-09-21 15:10 --------- d-------- C:\Program Files\Trillian
2007-09-16 20:53 --------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-09 10:43 --------- d-------- C:\Program Files\iTunes
2007-08-26 19:16 --------- d-------- C:\Program Files\Apple Software Update
2007-08-25 15:58 --------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-08-24 16:39 --------- d-------- C:\Documents and Settings\Owner\Application Data\Logitech
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-08-24 16:38 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-08-24 16:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-24 16:37 --------- d-------- C:\Program Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\Logitech
2007-08-24 16:37 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 16:37 --------- d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-08-14 03:12 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-14 03:12 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 03:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-05 08:55 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-21 19:56 70656 --a------ C:\WINDOWS\ScUnin.exe
2007-07-21 19:55 139264 --a------ C:\WINDOWS\War3Unin.exe
.
((((((((((((((((((((((((((((( snapshot_2007-09-26_ 22644.71 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 135,168 2007-09-28 13:06:08 C:\WINDOWS\catchme.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926239$\spuninst\updspapi.dll
-c----w 414,208 2006-10-19 01:47:16 C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w 10,834,432 2006-10-19 01:47:20 C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w 315,904 2006-11-01 22:31:34 C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w 213,216 2005-06-28 14:23:26 C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 14:23:54 C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
-c----w 221,488 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe
-c----w 379,184 2006-09-25 21:58:48 C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\updspapi.dll
-c----w 286,208 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\blackbox.dll
-c----w 159,232 2004-08-04 07:56:41 C:\WINDOWS\$NtUninstallWMFDist11$\cewmdm.dll
-c----w 695,296 2004-08-04 07:57:02 C:\WINDOWS\$NtUninstallWMFDist11$\drmv2clt.dll
-c----w 6,656 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\laprxy.dll
-c----w 103,936 2004-08-04 07:56:50 C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe
-c----w 310,272 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp43dmod.dll
-c----w 384,512 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mp4sdmod.dll
-c----w 240,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallWMFDist11$\mpg4dmod.dll
-c----w 259,072 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msnetobj.dll
-c----w 52,224 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsnsv.dll
-c----w 201,728 2004-08-04 07:56:43 C:\WINDOWS\$NtUninstallWMFDist11$\mspmsp.dll
-c----w 356,352 2004-08-04 07:57:01 C:\WINDOWS\$NtUninstallWMFDist11$\msscp.dll
-c----w 245,760 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\mswmdm.dll
-c----w 237,568 2004-08-04 07:56:44 C:\WINDOWS\$NtUninstallWMFDist11$\qasf.dll
-c----w 408,064 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmod.dll
-c----w 670,720 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmadmoe.dll
-c----w 230,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmasf.dll
-c----w 27,136 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmlog.dll
-c----w 23,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmdmps.dll
-c----w 151,552 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmidx.dll
-c----w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmnetmgr.dll
-c----w 759,296 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmod.dll
-c----w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmsdmoe2.dll
-c----w 484,864 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmod.dll
-c----w 896,512 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmspdmoe.dll
-c----w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\$NtUninstallWMFDist11$\wmvcore.dll
-c----w 809,984 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmod.dll
-c----w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallWMFDist11$\wmvdmoe2.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\updspapi.dll
-c----w 13,312 2006-11-02 15:46:52 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\wpdinstallutil.dll
-c----w 8,192 2004-08-04 07:55:59 C:\WINDOWS\$NtUninstallwmp11$\asferror.dll
-c----w 368,640 2004-08-04 07:56:42 C:\WINDOWS\$NtUninstallwmp11$\mpvis.dll
-c----w 774,144 2004-08-04 07:56:56 C:\WINDOWS\$NtUninstallwmp11$\setup_wm.exe
-c----w 208,896 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\unregmp2.exe
-c----w 168,448 2004-08-04 07:56:35 C:\WINDOWS\$NtUninstallwmp11$\wmerror.dll
-c----w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\$NtUninstallwmp11$\wmp.dll
-c----w 114,688 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpasf.dll
-c----w 98,304 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpband.dll
-c----w 233,472 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpdxm.dll
-c----w 73,728 2004-08-04 07:56:57 C:\WINDOWS\$NtUninstallwmp11$\wmplayer.exe
-c----w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\$NtUninstallwmp11$\wmploc.dll
-c----w 102,400 2004-08-04 07:56:46 C:\WINDOWS\$NtUninstallwmp11$\wmpshell.dll
-c----w 213,216 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe
-c----w 371,424 2006-05-16 22:11:54 C:\WINDOWS\$NtUninstallwmp11$\spuninst\updspapi.dll
-c----w 221,488 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe
-c----w 379,184 2006-09-16 05:05:22 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\updspapi.dll
-c----w 58,368 2006-09-28 23:01:52 C:\WINDOWS\$NtUninstallWudf01000$\spuninst\WudfCustom.dll
------w 39,424 2006-10-04 14:05:26 C:\WINDOWS\AppPatch\acadproc.dll
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\inf\unregmp2.exe
----a-r 32,768 2007-09-30 21:33:57 C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\spupdsvc.exe
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\wmp.dll
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\56061c71c086888c2a4d68825eaacd28\update\updspapi.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\spuninst.exe
----a-w 317,440 2007-06-27 02:10:26 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\unregmp2.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\88d647f371042dbee1feee96bacd6e4c\update\updspapi.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\msscp.dll
----a-w 13,536 2005-06-28 14:20:24 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spmsg.dll
----a-w 213,216 2005-06-28 14:23:26 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spuninst.exe
----a-w 22,752 2005-06-28 14:21:34 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\spupdsvc.exe
----a-w 716,000 2005-06-28 14:24:52 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\update.exe
----a-w 371,424 2005-06-28 14:23:54 C:\WINDOWS\SoftwareDistribution\Download\f162a63e5d3b4dcd2b0764f22e8d9651\update\updspapi.dll
----a-w 7,168 2006-10-19 01:47:08 C:\WINDOWS\system32\asferror.dll
----a-w 276,992 2006-10-19 01:47:08 C:\WINDOWS\system32\audiodev.dll
----a-w 542,720 2006-10-19 01:47:10 C:\WINDOWS\system32\blackbox.dll
----a-w 229,376 2006-10-19 01:47:10 C:\WINDOWS\system32\cewmdm.dll
----a-w 249,856 2006-10-19 00:00:46 C:\WINDOWS\system32\drmupgds.exe
----a-w 991,744 2006-10-19 01:47:10 C:\WINDOWS\system32\drmv2clt.dll
----a-w 135,168 2007-07-12 05:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 05:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 06:22:38 C:\WINDOWS\system32\javaws.exe
----a-w 11,264 2006-10-19 01:47:14 C:\WINDOWS\system32\LAPRXY.dll
----a-w 100,864 2006-10-19 00:03:58 C:\WINDOWS\system32\logagent.exe
----a-w 212,992 2006-10-19 01:47:14 C:\WINDOWS\system32\MFPLAT.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP43DMOD.dll
----a-w 317,440 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MP4SDMOD.dll
----a-w 259,072 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DECD.dll
----a-w 4,096 2006-10-19 01:47:14 C:\WINDOWS\system32\MPG4DMOD.dll
----a-w 312,128 2006-10-02 19:28:42 C:\WINDOWS\system32\msdelta.dll
----a-w 179,712 2006-10-19 01:47:16 C:\WINDOWS\system32\msnetobj.dll
----a-w 27,136 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 175,616 2006-10-19 01:47:16 C:\WINDOWS\system32\mspmsp.dll
----a-w 414,720 2006-12-04 20:21:50 C:\WINDOWS\system32\msscp.dll
----a-w 321,536 2006-10-19 01:47:16 C:\WINDOWS\system32\mswmdm.dll
----a-w 1,233,920 2003-04-18 20:46:22 C:\WINDOWS\system32\msxml4.dll
----a-w 82,432 2003-04-18 20:29:26 C:\WINDOWS\system32\msxml4r.dll
----a-w 284,160 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceApi.dll
----a-w 101,888 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceClassExtension.dll
----a-w 166,912 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceTypes.dll
----a-w 132,096 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
----a-w 199,168 2006-10-19 01:47:18 C:\WINDOWS\system32\PortableDeviceWMDRM.dll
----a-w 211,456 2006-10-19 01:47:18 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-09-25 21:58:48 C:\WINDOWS\system32\spmsg.dll
----a-w 844,800 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\uwdf.exe
----a-w 4,096 2006-10-19 01:47:18 C:\WINDOWS\system32\wdfapi.dll
----a-w 8,704 2006-10-19 01:58:00 C:\WINDOWS\system32\wdfmgr.exe
----a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOD.dll
----a-w 1,117,696 2006-10-19 01:47:18 C:\WINDOWS\system32\WMADMOE.dll
----a-w 222,208 2006-10-19 01:47:18 C:\WINDOWS\system32\wmasf.dll
----a-w 33,792 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmlog.dll
----a-w 37,376 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdmps.dll
----a-w 429,056 2006-10-19 01:47:18 C:\WINDOWS\system32\wmdrmdev.dll
----a-w 348,672 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmnet.dll
----a-w 535,040 2006-10-19 01:47:20 C:\WINDOWS\system32\wmdrmsdk.dll
----a-w 227,328 2006-10-19 01:47:20 C:\WINDOWS\system32\wmerror.dll
----a-w 157,184 2006-10-19 01:47:20 C:\WINDOWS\system32\wmidx.dll
----a-w 937,984 2006-10-19 01:47:20 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\wmp.dll
----a-w 242,688 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpasf.dll
----a-w 314,880 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpdxm.dll
----a-w 295,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpeffects.dll
----a-w 1,661,440 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpencen.dll
----a-w 8,231,936 2006-10-19 01:47:20 C:\WINDOWS\system32\wmploc.dll
----a-w 613,376 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpmde.dll
----a-w 130,048 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpps.dll
----a-w 99,840 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpshell.dll
----a-w 204,288 2006-10-19 01:47:20 C:\WINDOWS\system32\wmpsrcwp.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 603,648 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOD.dll
----a-w 1,329,152 2006-10-19 01:47:22 C:\WINDOWS\system32\WMSPDMOE.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVADVE.DLL
----a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvcore.dll
----a-w 1,543,680 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmod.dll
----a-w 4,096 2006-10-19 01:47:22 C:\WINDOWS\system32\wmvdmoe2.dll
----a-w 1,574,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVENCOD.dll
----a-w 1,382,912 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSDECD.dll
----a-w 767,488 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVSENCD.dll
----a-w 656,896 2006-10-19 01:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 35,840 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdconns.dll
----a-w 154,624 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtp.dll
----a-w 63,488 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdmtpus.dll
----a-w 2,603,008 2006-10-19 01:47:22 C:\WINDOWS\system32\WpdShext.dll
----a-w 17,408 2006-10-19 00:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
----a-w 38,400 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdshextres.dll
----a-w 133,632 2006-10-19 01:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 356,352 2006-10-19 01:47:22 C:\WINDOWS\system32\wpdsp.dll
----a-w 629,760 2006-10-19 01:47:22 C:\WINDOWS\system32\wpd_ci.dll
----a-w 95,344 2006-09-29 00:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
----a-w 146,432 2006-09-28 22:56:38 C:\WINDOWS\system32\WudfHost.exe
----a-w 165,376 2006-09-28 22:56:16 C:\WINDOWS\system32\WudfPlatform.dll
----a-w 55,808 2006-09-28 22:56:14 C:\WINDOWS\system32\WudfSvc.dll
----a-w 316,416 2006-09-28 22:56:38 C:\WINDOWS\system32\WUDFx.dll
-c--a-w 388,608 2004-08-04 07:56:48 C:\WINDOWS\system32\dllcache\cmd.exe
-c--a-w 159,232 2004-08-04 07:56:43 C:\WINDOWS\system32\dllcache\msimtf.dll
-c--a-w 152,576 2004-08-04 05:31:43 C:\WINDOWS\system32\dllcache\rsaenh.dll
-c--a-w 33,280 2004-08-04 07:56:55 C:\WINDOWS\system32\dllcache\rundll32.exe
-c--a-w 55,808 2004-08-04 07:56:44 C:\WINDOWS\system32\dllcache\secur32.dll
-c--a-w 25,088 2004-08-04 07:56:45 C:\WINDOWS\system32\dllcache\shfolder.dll
-c--a-w 43,520 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wbemsvc.dll
-c--a-w 53,760 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\winsta.dll
-c--a-w 757,248 2006-10-19 01:47:18 C:\WINDOWS\system32\dllcache\WMADMOD.dll
-c--a-w 10,834,944 2007-06-12 03:51:12 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,450,944 2006-10-19 01:47:22 C:\WINDOWS\system32\dllcache\wmvcore.dll
-c--a-w 82,944 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\ws2_32.dll
----a-w 38,528 2006-10-19 00:00:00 C:\WINDOWS\system32\drivers\wpdusb.sys
----a-w 77,568 2006-09-28 22:55:50 C:\WINDOWS\system32\drivers\WudfPf.sys
----a-w 82,944 2006-09-28 23:00:34 C:\WINDOWS\system32\drivers\WudfRd.sys
----a-w 671,232 2006-10-19 01:47:22 C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
----a-w 94,208 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-09-07 15:29:00 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 82,432 2007-09-30 21:33:56 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,233,920 2007-09-30 21:33:56 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
.
----a-w 109,056 2007-07-20 04:47:22 C:\WINDOWS\catchme.exe
----a-w 208,896 2004-08-04 07:56:57 C:\WINDOWS\inf\unregmp2.exe
----a-w 8,192 2004-08-04 07:55:59 C:\WINDOWS\system32\asferror.dll
----a-w 286,208 2004-08-04 07:56:41 C:\WINDOWS\system32\blackbox.dll
----a-w 159,232 2004-08-04 07:56:41 C:\WINDOWS\system32\cewmdm.dll
----a-w 695,296 2004-08-04 07:57:02 C:\WINDOWS\system32\drmv2clt.dll
----a-w 24,677 2003-02-20 20:42:34 C:\WINDOWS\system32\java.exe
----a-w 28,775 2003-02-20 20:42:34 C:\WINDOWS\system32\javaw.exe
----a-w 6,656 2004-08-04 07:56:42 C:\WINDOWS\system32\laprxy.dll
----a-w 103,936 2004-08-04 07:56:50 C:\WINDOWS\system32\logagent.exe
----a-w 310,272 2004-08-04 07:56:42 C:\WINDOWS\system32\mp43dmod.dll
----a-w 384,512 2004-08-04 07:56:42 C:\WINDOWS\system32\mp4sdmod.dll
----a-w 240,640 2004-08-04 07:56:42 C:\WINDOWS\system32\mpg4dmod.dll
----a-w 259,072 2004-08-04 07:57:01 C:\WINDOWS\system32\msnetobj.dll
----a-w 52,224 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsnsv.dll
----a-w 201,728 2004-08-04 07:56:43 C:\WINDOWS\system32\mspmsp.dll
----a-w 356,352 2004-08-04 07:57:01 C:\WINDOWS\system32\msscp.dll
----a-w 245,760 2004-08-04 07:56:44 C:\WINDOWS\system32\mswmdm.dll
----a-w 237,568 2004-08-04 07:56:44 C:\WINDOWS\system32\qasf.dll
----a-w 14,640 2006-10-09 01:51:14 C:\WINDOWS\system32\spmsg.dll
----a-w 279,552 2007-07-22 22:39:27 C:\WINDOWS\system32\swreg.exe
----a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmod.dll
----a-w 670,720 2004-08-04 07:56:46 C:\WINDOWS\system32\wmadmoe.dll
----a-w 230,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmasf.dll
----a-w 27,136 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmlog.dll
----a-w 23,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmdmps.dll
----a-w 168,448 2004-08-04 07:56:35 C:\WINDOWS\system32\wmerror.dll
----a-w 151,552 2004-08-04 07:56:46 C:\WINDOWS\system32\wmidx.dll
----a-w 1,050,624 2004-08-04 07:56:46 C:\WINDOWS\system32\wmnetmgr.dll
----a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\wmp.dll
----a-w 114,688 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpasf.dll
----a-w 233,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpdxm.dll
----a-w 2,940,928 2004-08-04 07:56:36 C:\WINDOWS\system32\wmploc.dll
----a-w 102,400 2004-08-04 07:56:46 C:\WINDOWS\system32\wmpshell.dll
----a-w 759,296 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmod.dll
----a-w 1,119,744 2004-08-04 07:56:46 C:\WINDOWS\system32\wmsdmoe2.dll
----a-w 484,864 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmod.dll
----a-w 896,512 2004-08-04 07:56:46 C:\WINDOWS\system32\wmspdmoe.dll
----a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\wmvcore.dll
----a-w 809,984 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmod.dll
----a-w 1,001,472 2004-08-04 07:56:46 C:\WINDOWS\system32\wmvdmoe2.dll
-c--a-w 408,064 2004-08-04 07:56:46 C:\WINDOWS\system32\dllcache\wmadmod.dll
-c--a-w 4,734,976 2007-04-30 06:22:16 C:\WINDOWS\system32\dllcache\wmp.dll
-c--a-w 2,174,976 2006-12-07 21:02:24 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 94,208 2007-02-21 21:48:18 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 946,176 2007-02-21 21:49:08 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 14:19]
"nwiz"="nwiz.exe" [2003-07-28 14:19 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-15 05:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-15 05:29]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 C:\WINDOWS\KHALMNPR.Exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 10:16]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-24 16:37:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
"C:\Program Files\Octoshape Streaming Services\Owner\OctoshapeClient.exe" -inv:bootrun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
.
Contents of the 'Scheduled Tasks' folder
"2007-07-25 12:18:44 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-07-12 13:36:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-30 20:11:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 20:12:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 20:12
C:\ComboFix2.txt ... 2007-09-30 19:49
C:\ComboFix3.txt ... 2007-09-30 19:40
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 8:23:50 PM, on 9/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190655628921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
steamwiz
2007-10-01, 20:36
Hi
You must have had Norton's script blocking enabled ...
Your logs are clean now :bigthumb:
Is your problem resolved ?
steam
Yep, everything seems good.
steamwiz
2007-10-01, 23:39
Then you're "good to go" :)
happy surfing
steam