View Full Version : Virtumonde + Malware - please help
Spybot picked up virtumonde on my system and was unable to remove it. I used VundoFix and ComboFix but neither was able to remove it.
Here's my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:21:11 AM, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyspan\Remote\KDMRdmn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\dldsnokw.dll",sitypnow
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Keyspan Remote.lnk = C:\Program Files\Keyspan\Remote\KDMRdmn.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
Kaspersky log on next post.
Thursday, October 11, 2007 9:46:20 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/10/2007
Kaspersky Anti-Virus database records: 430894
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
G:\
Scan Statistics
Total number of scanned objects 149788
Number of viruses found 5
Number of infected objects 9
Number of suspicious objects 0
Duration of the scan process 00:57:01
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\history.dat Object is locked skipped
C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\key3.db Object is locked skipped
C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jared\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jared\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Mozilla\Firefox\Profiles\neouh04r.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\History\History.IE5\MSHist012007101120071012\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Temp\~DF5730.tmp Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\0BVVLJ59\lkjh[1] Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jared\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jared\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jared\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\E00OFGAA.NQF Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\ESET\infected\OII0WSCA.NQF Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\ESET\infected\OVQR05DA.NQF Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\Program Files\ESET\infected\V5ODCECA.NQF Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\SKS~1\notepad.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP43\A0005095.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP44\A0005150.dll Infected: Trojan.Win32.Pakes.fr skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP48\A0005520.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP58\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hi farlen
Rename HijackThis.exe to farlen.exe
Post:
- a fresh HijackThis log
- combofix report (C:\ComboFix.txt)
Thanks Shaba.
Fresh HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 3:09:26 PM, on 15/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyspan\Remote\KDMRdmn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
c:\program files\itunes\itunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\farlen.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {85AA6248-CD4C-4DB4-8D4E-B893E3675744} - C:\WINDOWS\system32\ddabx.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\thegrfeg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\tnhycvvl.dll",sitypnow
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Keyspan Remote.lnk = C:\Program Files\Keyspan\Remote\KDMRdmn.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: awtromn - awtromn.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ComboFix in next post.
And here's the ComboFix:
ComboFix 07-10-09.3 - Jared 2007-10-09 12:19:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1600 [GMT -4:00]
Running from: C:\Documents and Settings\Jared\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\sks~1
C:\Program Files\Common Files\sks~1\??sks\
C:\Program Files\Common Files\sks~1\notepad.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\_000015_.tmp.dll
C:\WINDOWS\system32\_000016_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.
2007-10-09 12:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 12:05 <DIR> d-------- C:\VundoFix Backups
2007-10-09 10:08 <DIR> d---s---- C:\Documents and Settings\Jared\UserData
2007-10-08 14:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-06 08:09 398,355 ---hs---- C:\WINDOWS\system32\xbadd.bak2
2007-10-05 12:43 6,465 ---hs---- C:\WINDOWS\system32\xbadd.bak1
2007-10-05 12:41 313,440 --a------ C:\WINDOWS\system32\ddabx.dll
2007-10-05 09:52 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-05 09:51 <DIR> d-------- C:\Program Files\Red Kawa
2007-10-03 16:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-02 12:50 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-10-02 12:45 <DIR> d-------- C:\Program Files\DivX
2007-10-02 12:45 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\DivX
2007-10-02 12:45 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\DivX
2007-10-02 12:45 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\DivX
2007-10-01 21:05 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2007-09-28 11:50 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\vlc
2007-09-28 11:50 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\vlc
2007-09-28 11:50 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\vlc
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\ATI
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\ATI
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\ATI
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-09-28 11:39 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-27 20:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-25 18:01 <DIR> d-------- C:\Program Files\RdDrv001
2007-09-25 18:01 221,184 --a------ C:\WINDOWS\system32\RDDP1021.DAT
2007-09-25 18:01 171,585 --a------ C:\WINDOWS\system32\drivers\Rdwm1021.sys
2007-09-25 18:01 81,920 --a------ C:\WINDOWS\system32\rdas1021.dll
2007-09-25 18:01 31,862 --a------ C:\WINDOWS\system32\RdCi1021.dll
2007-09-25 18:01 4,088 --a------ C:\WINDOWS\system32\RD3T1021.DAT
2007-09-20 09:05 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-09-20 09:04 <DIR> d-------- C:\Program Files\Sierra
2007-09-19 08:07 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Steinberg
2007-09-19 08:07 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Steinberg
2007-09-19 08:07 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Steinberg
2007-09-19 08:01 <DIR> d-------- C:\Program Files\Steinberg
2007-09-19 07:59 <DIR> d-------- C:\Program Files\Syncrosoft
2007-09-19 07:59 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2007-09-19 07:59 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2007-09-19 07:59 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2007-09-19 07:59 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2007-09-19 07:59 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2007-09-18 19:10 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\InterVideo
2007-09-18 19:10 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\InterVideo
2007-09-18 19:10 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\InterVideo
2007-09-18 19:09 <DIR> d-------- C:\Program Files\InterVideo
2007-09-18 19:09 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-09-18 19:09 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-09-18 19:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-09-18 19:08 <DIR> d-------- C:\Program Files\Creative
2007-09-18 19:08 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-09-18 19:08 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2007-09-18 19:01 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\CyberLink
2007-09-18 19:01 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\CyberLink
2007-09-18 19:01 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\CyberLink
2007-09-18 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-18 10:47 <DIR> d-------- C:\Program Files\iPod
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-17 09:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-17 07:14 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-17 07:14 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-17 07:14 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-17 07:14 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-09-17 07:14 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-16 22:20 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-09-16 22:10 <DIR> d-------- C:\Program Files\HP
2007-09-16 22:10 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-09-16 21:45 <DIR> d-------- C:\WINDOWS\MVUNINST
2007-09-16 21:45 <DIR> d-------- C:\Program Files\Memorex exPressit Label Design Studio
2007-09-16 21:45 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2007-09-16 21:45 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-09-16 21:29 1,411 --a------ C:\WINDOWS\mozver.dat
2007-09-16 17:00 39 --a------ C:\WINDOWS\popcinfot.dat
2007-09-16 16:56 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Logitech
2007-09-16 16:56 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Logitech
2007-09-16 16:56 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Logitech
2007-09-16 16:53 <DIR> d-------- C:\Program Files\Logitech
2007-09-16 16:53 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-16 16:49 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-16 16:48 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-16 16:48 <DIR> d-------- C:\Program Files\Microsoft Works
2007-09-16 16:48 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-16 16:48 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-09-16 16:45 <DIR> dr-h----- C:\MSOCache
2007-09-16 16:24 <DIR> d-------- C:\Program Files\Keyspan
2007-09-16 16:24 49,152 --a------ C:\WINDOWS\system32\kdmrinst.dll
2007-09-16 16:24 34,373 --a------ C:\WINDOWS\system32\drivers\kdmrw2k.sys
2007-09-16 16:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-16 16:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-16 16:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-16 16:11 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Snapfish
2007-09-16 16:11 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Snapfish
2007-09-16 16:11 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Snapfish
2007-09-16 16:10 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Simple Star
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-16 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-16 17:37 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-09-16 17:37 --------- d-----w C:\Program Files\AvRack
2007-09-16 17:36 --------- d-----w C:\Program Files\Marvell
2007-09-16 17:33 --------- d-----w C:\Program Files\VIA
2007-09-16 17:21 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2007-09-16 17:21 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-16 17:07 --------- d-----w C:\Program Files\microsoft frontpage
2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3691218A-AC22-4B55-B4BC-8FC820F37FCA}]
2007-10-05 12:41 313440 --a------ C:\WINDOWS\system32\ddabx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-16 13:21]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 02:49 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 09:15]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Keyspan Remote.lnk - C:\Program Files\Keyspan\Remote\KDMRdmn.exe [2007-09-16 16:24:09]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-16 16:53:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtromn]
awtromn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acde]
"C:\PROGRA~1\COMMON~1\SKS~1\notepad.exe" --ru -vt yazb
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 RDID1021;EDIROL UA-20;C:\WINDOWS\system32\Drivers\rdwm1021.sys
R3 UIA11;UIA11;C:\WINDOWS\system32\drivers\kdmrw2k.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 14:01:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 12:25:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-09 12:26:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 12:26
.
--- E O F ---
Hi
Please post also vundofix report, it's here -> C:\VundoFix.txt.
Yeah, here's VundoFix.
Looks like I ran it a few times.
VundoFix V6.5.9
Checking Java version...
Scan started at 12:05:58 PM 09/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\jisxpdry.dll
C:\WINDOWS\system32\qpyuyhul.dll
C:\WINDOWS\system32\yrdpxsij.ini
Beginning removal...
VundoFix V6.5.9
Checking Java version...
Scan started at 12:08:25 PM 09/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\jisxpdry.dll
C:\WINDOWS\system32\qpyuyhul.dll
C:\WINDOWS\system32\yrdpxsij.ini
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jisxpdry.dll
C:\WINDOWS\system32\jisxpdry.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qpyuyhul.dll
C:\WINDOWS\system32\qpyuyhul.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\yrdpxsij.ini
C:\WINDOWS\system32\yrdpxsij.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jisxpdry.dll
C:\WINDOWS\system32\jisxpdry.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qpyuyhul.dll
C:\WINDOWS\system32\qpyuyhul.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Scan started at 11:26:02 AM 12/10/2007
Listing files found while scanning....
C:\WINDOWS\system32\erklgqpy.ini
C:\WINDOWS\system32\oxgbgpel.dll
C:\WINDOWS\system32\ypqglkre.dll
Beginning removal...
Beginning removal...
Attempting to delete C:\WINDOWS\system32\erklgqpy.ini
C:\WINDOWS\system32\erklgqpy.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\oxgbgpel.dll
C:\WINDOWS\system32\oxgbgpel.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.9
Checking Java version...
Scan started at 11:26:32 AM 14/10/2007
Listing files found while scanning....
No infected files were found.
Hi
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\thegrfeg.dll
C:\WINDOWS\system32\tnhycvvl.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3691218A-AC22-4B55-B4BC-8FC820F37FCA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtromn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acde]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Combofix Part 1
ComboFix 07-10-09.3 - Jared 2007-10-16 12:22:11.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1559 [GMT -4:00]
Running from: C:\Documents and Settings\Jared\Desktop\Shortcuts\Security\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jared\Desktop\Shortcuts\Security\CFScript_used_2007-10-16@12.13.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\thegrfeg.dll
C:\WINDOWS\system32\tnhycvvl.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ddabx.dll
C:\WINDOWS\system32\kaltglcp.ini
C:\WINDOWS\system32\oeeqaynv.ini
C:\WINDOWS\system32\oxgbgpel.dll
C:\WINDOWS\system32\pclgtlak.dll
C:\WINDOWS\system32\thegrfeg.dll
C:\WINDOWS\system32\thegrfeg.dll
C:\WINDOWS\system32\vnyaqeeo.dll
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak1
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.bak2
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.ini2
C:\WINDOWS\system32\xbadd.tmp
C:\WINDOWS\system32\xbadd.tmp
.
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.
2007-10-15 22:09 16 --a------ C:\WINDOWS\popcinfo.dat
2007-10-15 19:41 22,328 --a------ C:\Documents and Settings\Jared\Application Data\PnkBstrK.sys
2007-10-15 15:21 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-10-14 16:58 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Bioshock
2007-10-14 16:58 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-10-14 14:43 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-12 14:56 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-10-12 14:55 <DIR> d-------- C:\NVIDIA
2007-10-12 14:51 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-10-12 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-10-12 14:46 3,645,440 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-10-12 14:46 2,387,968 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-10-12 14:46 2,371,584 --a------ C:\WINDOWS\system32\nvwss.dll
2007-10-12 14:46 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-10-12 14:44 6,344,704 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-10-12 14:44 5,439,488 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-10-12 14:44 3,334,144 --a------ C:\WINDOWS\system32\nvgames.dll
2007-10-12 14:43 <DIR> d-------- C:\WINDOWS\system32\EVGA
2007-10-12 14:43 8,491,008 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-10-12 14:43 6,853,088 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-12 14:43 6,853,088 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-10-12 14:43 5,783,040 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-10-12 14:43 5,421,312 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-10-12 14:43 364,544 --a------ C:\WINDOWS\system32\nvapi.dll
2007-10-12 14:43 36,864 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-10-12 14:43 36,864 --a------ C:\WINDOWS\system32\nvcod.dll
2007-10-11 15:08 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-10-11 15:08 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-10-11 15:07 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-10-11 15:07 5,558,816 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-11 15:07 62,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-11 15:06 <DIR> d-------- C:\Program Files\kav
2007-10-11 08:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-11 08:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 16:49 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-09 16:49 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-09 16:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-09 16:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-09 16:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-09 16:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-09 16:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-09 16:49 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-09 15:14 <DIR> d-------- C:\Program Files\Blender Foundation
2007-10-09 12:18 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 12:05 <DIR> d-------- C:\VundoFix Backups
2007-10-09 10:08 <DIR> d--hs---- C:\Documents and Settings\Jared\UserData
2007-10-08 14:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-05 09:52 <DIR> d-------- C:\Program Files\AviSynth 2.5
2007-10-05 09:51 <DIR> d-------- C:\Program Files\Red Kawa
2007-10-03 16:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-02 12:50 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-10-02 12:45 <DIR> d-------- C:\Program Files\DivX
2007-10-02 12:45 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\DivX
2007-10-01 21:05 <DIR> d-------- C:\Program Files\FairUse Wizard 2
2007-09-28 11:50 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\vlc
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\ATI
2007-09-28 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2007-09-28 11:39 <DIR> d-------- C:\Program Files\ATI Technologies
2007-09-27 20:42 <DIR> d-------- C:\Program Files\VideoLAN
2007-09-25 18:01 <DIR> d-------- C:\Program Files\RdDrv001
2007-09-25 18:01 221,184 --a------ C:\WINDOWS\system32\RDDP1021.DAT
2007-09-25 18:01 171,585 --a------ C:\WINDOWS\system32\drivers\Rdwm1021.sys
2007-09-25 18:01 81,920 --a------ C:\WINDOWS\system32\rdas1021.dll
2007-09-25 18:01 31,862 --a------ C:\WINDOWS\system32\RdCi1021.dll
2007-09-25 18:01 4,088 --a------ C:\WINDOWS\system32\RD3T1021.DAT
2007-09-20 09:05 <DIR> d-------- C:\Program Files\Sierra On-Line
2007-09-20 09:04 <DIR> d-------- C:\Program Files\Sierra
2007-09-19 08:07 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\Steinberg
2007-09-19 08:01 <DIR> d-------- C:\Program Files\Steinberg
2007-09-19 07:59 <DIR> d-------- C:\Program Files\Syncrosoft
2007-09-19 07:59 708,608 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2007-09-19 07:59 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2007-09-19 07:59 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2007-09-19 07:59 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2007-09-19 07:59 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2007-09-18 19:10 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\InterVideo
2007-09-18 19:09 <DIR> d-------- C:\Program Files\InterVideo
2007-09-18 19:09 <DIR> d-------- C:\Program Files\Common Files\InterVideo
2007-09-18 19:09 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
2007-09-18 19:09 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
2007-09-18 19:08 <DIR> d-------- C:\Program Files\Creative
2007-09-18 19:08 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
2007-09-18 19:08 122,880 --a------ C:\WINDOWS\system32\cddvdint.dll
2007-09-18 19:01 <DIR> d-------- C:\Documents and Settings\Jared\Application Data\CyberLink
2007-09-18 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-18 10:47 <DIR> d-------- C:\Program Files\iPod
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 14:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 14:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 14:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-17 09:23 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-17 07:14 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-09-17 07:14 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-09-17 07:14 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-09-17 07:14 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-09-17 07:14 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-09-16 22:20 <DIR> d-------- C:\Program Files\XP Codec Pack
2007-09-16 22:10 <DIR> d-------- C:\Program Files\HP
ComboFix Part 2
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 16:31 76,424 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-16 16:31 7,928 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-16 15:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-15 23:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-10-15 23:41 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-15 23:41 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-17 05:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-09-17 05:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-09-17 05:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-09-17 05:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-09-17 05:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-09-17 05:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-09-17 05:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-09-17 05:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-09-17 05:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-09-17 05:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-09-17 05:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-09-17 05:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-09-17 05:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-09-17 05:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-09-17 05:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 05:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-09-17 05:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
2007-09-17 05:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 05:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-09-17 05:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-09-16 20:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-09-16 17:37 --------- d-----w C:\Program Files\Realtek Sound Manager
2007-09-16 17:37 --------- d-----w C:\Program Files\AvRack
2007-09-16 17:36 --------- d-----w C:\Program Files\Marvell
2007-09-16 17:33 --------- d-----w C:\Program Files\VIA
2007-09-16 17:07 --------- d-----w C:\Program Files\microsoft frontpage
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-22 02:33 46,432 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-08-22 02:09 352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-08-22 02:07 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-08-22 02:07 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-08-22 02:07 2,417,664 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-08-22 01:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-08-22 01:59 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-08-22 01:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-08-22 01:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-08-22 01:57 487,424 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-08-22 01:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-08-22 01:48 8,306,688 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-08-22 01:47 3,091,392 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-08-22 01:35 1,586,816 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-08-22 01:21 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-08-22 01:19 266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-08-22 01:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-08-22 01:15 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-08-22 01:13 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-08-22 01:11 450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-08-22 00:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-08-15 22:33 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-08-15 22:33 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 22:33 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-08-15 22:33 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-08-15 22:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 22:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-08-15 22:31 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 22:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-08-15 22:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-08-15 22:30 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-13 22:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 22:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 22:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 22:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 22:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 22:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 22:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 22:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 22:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-08-09 11:26 20,480 ----a-w C:\WINDOWS\system32\ac3config.exe
2007-07-30 22:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 22:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 22:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 22:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 22:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 22:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 22:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 22:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-09_12.26.18.42 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 28,672 2007-07-03 16:31:48 C:\WINDOWS\AutoTuneScript.dll
----a-w 397,312 2007-07-03 16:32:58 C:\WINDOWS\ntuneoem.dll
----a-w 1,622,016 2007-07-03 16:32:06 C:\WINDOWS\NVBenchMarks.dll
----a-w 217,088 2007-03-12 16:01:30 C:\WINDOWS\NVGfxOgl.dll
----a-w 6,912 2007-07-03 16:33:04 C:\WINDOWS\nvoclock.sys
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
----a-w 49,152 2006-03-24 04:47:44 C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
----a-w 121,856 2006-07-14 15:52:22 C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 213,216 2006-05-25 14:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
-c----w 371,424 2006-05-25 14:29:04 C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
-c----w 213,216 2006-05-24 16:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
-c----w 371,424 2006-05-24 16:32:48 C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
-c----w 49,152 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll
-c----w 28,672 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB914440$\custsat.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll
-c----w 581,120 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\browseui.dll
-c----w 151,040 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\cdfview.dll
-c----w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\danim.dll
-c----w 357,888 2007-06-14 18:09:18 C:\WINDOWS\$NtUninstallKB937143$\dxtmsft.dll
-c----w 205,312 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\dxtrans.dll
-c----w 55,808 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\extmgr.dll
-c----w 18,432 2007-06-14 14:07:24 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe
-c----w 251,392 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\iepeers.dll
-c----w 96,256 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\inseng.dll
-c----w 16,384 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\jsproxy.dll
-c----w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
-c----w 449,024 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\mshtmled.dll
-c----w 146,432 2007-06-14 18:09:19 C:\WINDOWS\$NtUninstallKB937143$\msrating.dll
-c----w 532,480 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\mstime.dll
-c----w 39,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\pngfilt.dll
-c----w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\shdocvw.dll
-c----w 474,112 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\shlwapi.dll
-c----w 615,424 2007-06-14 18:09:20 C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll
-c----w 658,944 2007-06-26 14:09:10 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 115,712 2007-06-14 13:39:54 C:\WINDOWS\$NtUninstallKB937143$\xpsp3res.dll
-c----w 1,022,976 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\browseui.dll
-c----w 150,528 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\cdfview.dll
-c----w 1,053,696 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\danim.dll
-c----w 357,888 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\dxtmsft.dll
-c----w 201,728 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\dxtrans.dll
-c----w 55,808 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\extmgr.dll
-c----w 18,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\iedw.exe
-c----w 251,392 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\iepeers.dll
-c----w 96,256 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\inseng.dll
-c----w 15,872 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\jsproxy.dll
-c----w 3,049,472 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\mshtml.dll
-c----w 448,512 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\mshtmled.dll
-c----w 146,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\msrating.dll
-c----w 530,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\mstime.dll
-c----w 39,424 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\pngfilt.dll
-c----w 1,492,480 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\shdocvw.dll
-c----w 474,112 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\shlwapi.dll
-c----w 612,352 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\urlmon.dll
-c----w 656,384 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143_0$\wininet.dll
-c----w 16,384 2006-02-01 00:28:24 C:\WINDOWS\$NtUninstallKB937143_0$\xpsp3res.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB937143_0$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB937143_0$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
ComboFix Part 3
----a-w 53,248 2005-03-18 20:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
----a-w 12,800 2005-03-18 20:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
----a-w 473,600 2005-03-18 20:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
----a-w 2,676,224 2004-09-29 16:38:58 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
----a-w 145,920 2005-03-18 20:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
----a-w 159,232 2005-03-18 20:23:10 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
----a-w 364,544 2005-03-18 20:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
----a-w 178,176 2005-03-18 20:23:12 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
----a-w 223,232 2005-03-18 20:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
----a-w 2,846,720 2004-12-01 19:53:06 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
----a-w 563,712 2005-02-05 23:32:54 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
----a-w 567,296 2005-03-18 21:23:14 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
----a-w 576,000 2005-05-26 19:15:56 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
----a-w 577,024 2005-07-22 21:21:34 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
----a-w 577,536 2005-09-28 18:11:52 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
----a-w 577,536 2005-12-05 21:20:50 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
----a-w 578,560 2006-02-03 11:40:48 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
----a-w 578,560 2006-03-31 15:27:50 C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
------w 33,792 2006-06-03 11:40:49 C:\WINDOWS\network diagnostic\custsat.dll
------w 557,568 2006-10-10 12:44:50 C:\WINDOWS\network diagnostic\xpnetdiag.exe
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 19:34:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\spuninst.exe
----a-w 33,792 2006-06-03 11:40:49 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\custsat.dll
----a-w 557,568 2006-10-10 12:44:50 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpnetdg.exe
----a-w 214,528 2006-10-10 06:12:10 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\0facce6115ab861022eae3087e064a2a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\spuninst.exe
----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2gdr\vgx.dll
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\sp2qfe\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\16665ed3c40ea6a0c9841eec5f15a718\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\spuninst.exe
----a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2gdr\wdigest.dll
----a-w 49,152 2006-03-24 04:47:44 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\sp2qfe\wdigest.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
ComboFix Part 4
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\advpack.dll
----a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\cdfview.dll
----a-w 1,123,696 2007-03-12 20:42:30 C:\WINDOWS\system32\D3DCompiler_33.dll
----a-w 1,124,720 2007-05-16 20:45:16 C:\WINDOWS\system32\D3DCompiler_34.dll
----a-w 443,752 2007-03-15 20:57:58 C:\WINDOWS\system32\d3dx10_33.dll
----a-w 443,752 2007-05-16 20:45:16 C:\WINDOWS\system32\d3dx10_34.dll
----a-w 2,222,800 2005-02-05 23:45:26 C:\WINDOWS\system32\d3dx9_24.dll
----a-w 2,337,488 2005-03-18 21:19:58 C:\WINDOWS\system32\d3dx9_25.dll
----a-w 2,297,552 2005-05-26 19:34:52 C:\WINDOWS\system32\d3dx9_26.dll
----a-w 2,319,568 2005-07-22 23:59:04 C:\WINDOWS\system32\d3dx9_27.dll
----a-w 2,323,664 2005-12-05 22:09:18 C:\WINDOWS\system32\d3dx9_28.dll
----a-w 2,332,368 2006-02-03 12:43:16 C:\WINDOWS\system32\d3dx9_29.dll
----a-w 2,388,176 2006-03-31 16:40:58 C:\WINDOWS\system32\d3dx9_30.dll
----a-w 2,414,360 2006-09-28 20:05:20 C:\WINDOWS\system32\d3dx9_31.dll
----a-w 3,426,072 2006-11-29 17:06:18 C:\WINDOWS\system32\d3dx9_32.dll
----a-w 3,495,784 2007-03-12 20:42:30 C:\WINDOWS\system32\d3dx9_33.dll
----a-w 3,497,832 2007-05-16 20:45:16 C:\WINDOWS\system32\d3dx9_34.dll
----a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\danim.dll
----a-w 346,624 2007-08-13 22:35:46 C:\WINDOWS\system32\dxtmsft.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\icardie.dll
----a-w 26,112 2006-06-29 12:05:44 C:\WINDOWS\system32\idndl.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\system32\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\ieframe.dll
----a-w 191,488 2007-08-13 22:54:10 C:\WINDOWS\system32\iepeers.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 180,736 2007-08-13 22:54:10 C:\WINDOWS\system32\ieui.dll
----a-w 92,672 2007-08-13 22:39:02 C:\WINDOWS\system32\inseng.dll
----a-w 135,168 2007-09-25 02:30:28 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-09-25 02:30:30 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-09-25 03:31:42 C:\WINDOWS\system32\javaws.exe
----a-w 491,520 2007-08-13 22:38:04 C:\WINDOWS\system32\jscript.dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 206,088 2007-06-28 16:51:48 C:\WINDOWS\system32\klogon.dll
----a-w 18,089,592 2007-09-28 02:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\msfeedsbs.dll
----a-w 12,288 2007-08-13 22:36:40 C:\WINDOWS\system32\msfeedssync.exe
----a-w 3,584,512 2007-08-20 19:34:42 C:\WINDOWS\system32\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 24,576 2006-06-28 21:59:26 C:\WINDOWS\system32\nlsdl.dll
----a-w 23,552 2006-06-29 12:05:44 C:\WINDOWS\system32\normaliz.dll
----a-w 1,073,152 2007-06-26 02:21:00 C:\WINDOWS\system32\nvCplUIR.dll
----a-w 3,231,744 2007-05-11 10:03:00 C:\WINDOWS\system32\nvgamesr.dll
----a-w 458,752 2007-05-11 10:03:00 C:\WINDOWS\system32\nvmccssr.dll
----a-w 2,854,912 2007-05-11 10:03:00 C:\WINDOWS\system32\nvmoblsr.dll
----a-w 1,018,748 2007-05-11 10:03:00 C:\WINDOWS\system32\nvucode.bin
----a-w 356,352 2007-05-11 10:03:00 C:\WINDOWS\system32\nvudisp.exe
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 44,544 2007-08-13 22:36:12 C:\WINDOWS\system32\pngfilt.dll
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\rpcrt4.dll
----a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\shlwapi.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\urlmon.dll
----a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\system32\wdigest.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\webcheck.dll
----a-w 206,336 2007-08-13 22:45:16 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\wininet.dll
----a-w 14,032 2006-02-03 12:41:26 C:\WINDOWS\system32\x3daudio1_0.dll
----a-w 15,128 2007-03-05 16:42:18 C:\WINDOWS\system32\x3daudio1_1.dll
----a-w 18,280 2007-05-31 23:29:42 C:\WINDOWS\system32\x3daudio1_2.dll
----a-w 230,096 2006-02-03 12:42:06 C:\WINDOWS\system32\xactengine2_0.dll
----a-w 229,584 2006-03-31 16:39:48 C:\WINDOWS\system32\xactengine2_1.dll
----a-w 230,168 2006-05-31 11:24:16 C:\WINDOWS\system32\xactengine2_2.dll
----a-w 236,824 2006-07-28 13:30:32 C:\WINDOWS\system32\xactengine2_3.dll
----a-w 237,848 2006-09-28 20:05:56 C:\WINDOWS\system32\xactengine2_4.dll
----a-w 251,672 2006-12-08 16:02:00 C:\WINDOWS\system32\xactengine2_5.dll
----a-w 255,848 2007-01-24 19:27:30 C:\WINDOWS\system32\xactengine2_6.dll
----a-w 261,480 2007-04-04 22:55:00 C:\WINDOWS\system32\xactengine2_7.dll
----a-w 266,088 2007-05-31 23:30:22 C:\WINDOWS\system32\xactengine2_8.dll
----a-w 62,672 2006-03-31 16:39:24 C:\WINDOWS\system32\xinput1_1.dll
----a-w 62,744 2006-07-28 13:30:14 C:\WINDOWS\system32\xinput1_2.dll
----a-w 81,768 2007-04-04 22:53:42 C:\WINDOWS\system32\xinput1_3.dll
----a-w 61,136 2005-12-05 22:07:30 C:\WINDOWS\system32\xinput9_1_0.dll
----a-w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
----a-w 350,720 2007-06-14 10:08:46 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-10-16 16:32:53 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-16 16:32:53 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-10-16 16:32:53 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 71,680 2007-08-13 22:39:20 C:\WINDOWS\system32\dllcache\admparse.dll
-c----w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\browseui.dll
-c--a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\cdfview.dll
-c--a-w 33,792 2007-08-13 22:54:10 C:\WINDOWS\system32\dllcache\custsat.dll
-c--a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\system32\dllcache\danim.dll
-c--a-w 346,624 2007-08-13 22:35:46 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c----w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 60,416 2007-08-13 22:18:02 C:\WINDOWS\system32\dllcache\hmmapi.dll
-c----w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c----w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c----w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c----w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 69,120 2007-08-13 22:44:02 C:\WINDOWS\system32\dllcache\iedw.exe
-c--a-w 78,336 2007-08-13 22:45:18 C:\WINDOWS\system32\dllcache\ieencode.dll
-c--a-w 191,488 2007-08-13 22:54:10 C:\WINDOWS\system32\dllcache\iepeers.dll
-c----w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 55,296 2007-08-13 22:39:12 C:\WINDOWS\system32\dllcache\iesetup.dll
-c----w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 36,352 2007-08-13 22:36:06 C:\WINDOWS\system32\dllcache\imgutil.dll
-c--a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 92,672 2007-08-13 22:39:02 C:\WINDOWS\system32\dllcache\inseng.dll
-c--a-w 491,520 2007-08-13 22:38:04 C:\WINDOWS\system32\dllcache\jscript.dll
-c----w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 40,960 2007-08-13 22:44:18 C:\WINDOWS\system32\dllcache\licmgr10.dll
-c--a-w 45,568 2007-08-13 22:32:30 C:\WINDOWS\system32\dllcache\mshta.exe
-c----w 3,584,512 2007-08-20 19:34:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c----w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 48,128 2007-08-13 22:01:12 C:\WINDOWS\system32\dllcache\mshtmler.dll
-c--a-w 156,160 2007-08-13 22:54:10 C:\WINDOWS\system32\dllcache\msls31.dll
-c----w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c----w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 44,544 2007-08-13 22:36:12 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c--a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c--a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c--a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c----w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 413,696 2007-08-13 22:54:10 C:\WINDOWS\system32\dllcache\vbscript.dll
-c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 49,152 2006-03-24 04:37:50 C:\WINDOWS\system32\dllcache\wdigest.dll
-c----w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 110,360 2007-04-28 20:51:02 C:\WINDOWS\system32\drivers\kl1.sys
----a-w 186,640 2007-06-27 21:31:58 C:\WINDOWS\system32\drivers\klif.sys
----a-w 24,344 2007-04-04 18:58:26 C:\WINDOWS\system32\drivers\klim5.sys
----a-w 22,457 2007-06-28 16:50:52 C:\WINDOWS\system32\drivers\klop.dat
ComboFix Part 5
----a-w 213,048 2005-05-24 16:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-08-29 19:47:20 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 950,272 2007-08-29 19:49:54 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 5,421,312 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nv4_disp.dll
----a-w 6,738,432 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nv4_mini.sys
----a-w 352,256 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvapi.dll
----a-w 37,888 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvcod.dll
----a-w 8,429,568 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvcpl.dll
----a-w 6,221,824 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvdisps.dll
----a-w 5,439,488 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvdispsr.dll
----a-w 3,284,992 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvgames.dll
----a-w 3,231,744 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvgamesr.dll
----a-w 229,376 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmccs.dll
----a-w 188,416 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmccss.dll
----a-w 458,752 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmccssr.dll
----a-w 81,920 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmctray.dll
----a-w 1,101,824 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmobls.dll
----a-w 2,854,912 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvmoblsr.dll
----a-w 286,720 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvnt4cpl.dll
----a-w 6,668,288 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvoglnt.dll
----a-w 163,908 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvsvc32.exe
----a-w 1,018,748 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvucode.bin
----a-w 3,538,944 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvvitvs.dll
----a-w 3,645,440 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvvitvsr.dll
----a-w 81,920 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvwddi.dll
----a-w 2,273,280 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvwss.dll
----a-w 2,387,968 2007-05-11 10:03:00 C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\nvwssr.dll
----atw 16,384 2007-10-16 16:32:57 C:\WINDOWS\TEMP\Perflib_Perfdata_1a8.dat
----a-w 96,256 2006-12-02 02:56:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
----a-w 40,960 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
----a-w 45,056 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
----a-w 65,536 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
----a-w 57,344 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
----a-w 61,440 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
----a-w 61,440 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
----a-w 61,440 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
----a-w 49,152 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
----a-w 49,152 2006-12-02 04:08:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
----a-w 1,101,824 2006-12-02 04:25:52 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
----a-w 1,093,120 2006-12-02 04:25:56 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
----a-w 69,632 2006-12-02 04:25:58 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
----a-w 57,856 2006-12-02 04:26:00 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
----a-w 65,536 2006-12-02 04:46:44 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-c----w 1,022,976 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\browseui.dll
-c----w 150,528 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\cdfview.dll
-c----w 1,053,696 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\danim.dll
-c----w 357,888 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\dxtmsft.dll
-c----w 201,728 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\dxtrans.dll
-c----w 55,808 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\extmgr.dll
-c----w 18,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe
-c----w 251,392 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\iepeers.dll
-c----w 96,256 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\inseng.dll
-c----w 15,872 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\jsproxy.dll
-c----w 3,049,472 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
-c----w 448,512 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\mshtmled.dll
-c----w 146,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\msrating.dll
-c----w 530,432 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\mstime.dll
-c----w 39,424 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\pngfilt.dll
-c----w 1,492,480 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\shdocvw.dll
-c----w 474,112 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\shlwapi.dll
-c----w 612,352 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll
-c----w 656,384 2006-02-28 12:00:00 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 16,384 2006-02-01 00:28:24 C:\WINDOWS\$NtUninstallKB937143$\xpsp3res.dll
----a-w 99,840 2006-02-28 12:00:00 C:\WINDOWS\system32\advpack.dll
----a-w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\browseui.dll
----a-w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\cdfview.dll
----a-w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\danim.dll
------w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dxtmsft.dll
------w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dxtrans.dll
----a-w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\extmgr.dll
----a-w 34,304 2006-02-28 12:00:00 C:\WINDOWS\system32\ie4uinit.exe
----a-w 139,264 2006-02-28 12:00:00 C:\WINDOWS\system32\ieakeng.dll
----a-w 216,576 2006-02-28 12:00:00 C:\WINDOWS\system32\ieaksie.dll
----a-w 221,184 2006-02-28 12:00:00 C:\WINDOWS\system32\ieakui.dll
----a-w 323,584 2006-02-28 12:00:00 C:\WINDOWS\system32\iedkcs32.dll
----a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\iepeers.dll
----a-w 48,640 2006-02-28 12:00:00 C:\WINDOWS\system32\iernonce.dll
----a-w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\inseng.dll
----a-w 135,168 2007-07-12 04:22:00 C:\WINDOWS\system32\java.exe
----a-w 135,168 2007-07-12 04:22:04 C:\WINDOWS\system32\javaw.exe
----a-w 139,264 2007-07-12 05:22:38 C:\WINDOWS\system32\javaws.exe
----a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\jscript.dll
----a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\jsproxy.dll
----a-w 17,474,680 2007-09-05 22:50:44 C:\WINDOWS\system32\MRT.exe
----a-w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\mshtml.dll
------w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\mshtmled.dll
----a-w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\msrating.dll
----a-w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\mstime.dll
----a-w 96,256 2006-02-28 12:00:00 C:\WINDOWS\system32\occache.dll
----a-w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\pngfilt.dll
----a-w 581,120 2006-02-28 12:00:00 C:\WINDOWS\system32\rpcrt4.dll
----a-w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\shdocvw.dll
----a-w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\shlwapi.dll
----a-w 37,888 2006-02-28 12:00:00 C:\WINDOWS\system32\url.dll
----a-w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\urlmon.dll
----a-w 49,152 2006-02-28 12:00:00 C:\WINDOWS\system32\wdigest.dll
----a-w 276,480 2006-02-28 12:00:00 C:\WINDOWS\system32\webcheck.dll
------w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\wininet.dll
----a-w 115,712 2007-06-14 13:39:54 C:\WINDOWS\system32\xpsp3res.dll
----a-w 16,384 2007-09-16 17:12:49 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-09-16 17:12:49 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 32,768 2007-09-16 17:12:49 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 61,440 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\admparse.dll
-c--a-w 99,840 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\browseui.dll
-c--a-w 151,040 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\cdfview.dll
-c--a-w 28,672 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\custsat.dll
-c--a-w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\danim.dll
-c--a-w 357,888 2007-06-14 18:09:18 C:\WINDOWS\system32\dllcache\dxtmsft.dll
-c--a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 55,808 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 38,912 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\hmmapi.dll
-c--a-w 34,304 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 139,264 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 216,576 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 221,184 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 323,584 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 18,432 2007-06-14 14:07:24 C:\WINDOWS\system32\dllcache\iedw.exe
-c--a-w 81,920 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\ieencode.dll
-c--a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\iepeers.dll
-c--a-w 48,640 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\iernonce.dll
-c--a-w 62,976 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\iesetup.dll
-c--a-w 93,184 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 35,840 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\imgutil.dll
-c--a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 96,256 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\inseng.dll
-c--a-w 450,560 2006-05-18 05:24:25 C:\WINDOWS\system32\dllcache\jscript.dll
-c--a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c--a-w 22,016 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\licmgr10.dll
-c--a-w 29,184 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mshta.exe
-c--a-w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 449,024 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 56,832 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\mshtmler.dll
-c--a-w 146,432 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\msls31.dll
-c--a-w 146,432 2007-06-14 18:09:19 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 532,480 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\mstime.dll
-c--a-w 96,256 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 39,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\pngfilt.dll
-c--a-w 581,120 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c--a-w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shdocvw.dll
-c--a-w 474,112 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\shlwapi.dll
-c--a-w 37,888 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 615,424 2007-06-14 18:09:20 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 417,792 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\vbscript.dll
-c--a-w 851,968 2007-06-26 15:13:22 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 49,152 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\wdigest.dll
-c--a-w 276,480 2006-02-28 12:00:00 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 658,944 2007-06-26 14:09:10 C:\WINDOWS\system32\dllcache\wininet.dll
.
ComboFix Part 6
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 02:49 C:\WINDOWS\SOUNDMAN.EXE]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2007-10-05 09:15]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Keyspan Remote.lnk - C:\Program Files\Keyspan\Remote\KDMRdmn.exe [2007-09-16 16:24:09]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-16 16:53:17]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk
backup=C:\WINDOWS\pss\VIA RAID TOOL.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 RDID1021;EDIROL UA-20;C:\WINDOWS\system32\Drivers\rdwm1021.sys
R3 UIA11;UIA11;C:\WINDOWS\system32\drivers\kdmrw2k.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 14:01:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 12:33:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-16 12:35:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-16 12:35
C:\ComboFix2.txt ... 2007-10-09 12:26
.
--- E O F ---
HiJackThis Log: (Thanks Shaba)
Logfile of HijackThis v1.99.1
Scan saved at 12:50:13 PM, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyspan\Remote\KDMRdmn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\farlen.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Keyspan Remote.lnk = C:\Program Files\Keyspan\Remote\KDMRdmn.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Hi
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
Fresh HiJackThis:
Logfile of HijackThis v1.99.1
Scan saved at 2:26:26 PM, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyspan\Remote\KDMRdmn.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\farlen.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: Keyspan Remote.lnk = C:\Program Files\Keyspan\Remote\KDMRdmn.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
Fresh Kaspersky Scan:
Tuesday, October 16, 2007 2:24:34 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/10/2007
Kaspersky Anti-Virus database records: 436812
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
F:\
G:\
Scan Statistics
Total number of scanned objects 156706
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 01:00:05
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\028f_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0290_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0291_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\0291_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\029a_pdm_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\029a_pdm_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\Report\report.rpt Object is locked skipped
C:\Documents and Settings\Jared\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\History\History.IE5\MSHist012007101620071017\index.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jared\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jared\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jared\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP73\A0019431.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP73\change.log Object is locked skipped
C:\VundoFix Backups\oxgbgpel.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.acx skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\cch~45e5a97d9.htp Object is locked skipped
C:\WINDOWS\TEMP\cch~45e5a9d31.htp Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_1a8.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP73\change.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{9C91DA62-D652-42EF-B330-18784A5DDFAE}\RP73\change.log Object is locked skipped
Scan process completed.
Hi
Logs look good.
All viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
No, everything seems okay.
Firefox needs to be reinstalled, but it's all good.
Thanks much, eh man, I appreciate it.
And if you could tell me how to get rid of the remnants that would be great, too.
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can remove all tools we used.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.