View Full Version : Need help with Malware Problem: Virtumonde
Hello,
You guys helped me with this same computer I think about a month ago, its been infected again. I ran SBS&D numerous times in both normal mode and safe mode. I also downloaded and ran Spyware Blaster, Windows Defender, CCleaner, and SpywareGuard. I also have Symantec Anti-virus. After running SBS&D many times only the virtumonde keeps returning. Here are the log files, thanks in advance for your help.
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:36 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {47FD1D75-E4C0-4049-A882-60B57314032A} - C:\WINDOWS\system32\wvuvtqn.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C0FDF040-11FC-4E5D-8F5F-3AE6768F08C7} - C:\WINDOWS\system32\unc.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
O2 - BHO: (no name) - {D3B58F57-70F5-46EA-A321-7E543568A069} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EC88DC53-D9B0-4338-951D-E6332DBF6EC4} - C:\WINDOWS\system32\qomnl.dll
O2 - BHO: {7230fab5-f797-58f9-e924-1bb6ca425b9f} - {f9b524ac-6bb1-429e-9f85-797f5baf0327} - C:\WINDOWS\system32\mxbhubgd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [f87c6cd3] rundll32.exe "C:\WINDOWS\system32\afqpigwl.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55507D14-C1D1-4B48-9F57-C5978A5DC283}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DA3937-7E5D-4F39-9EA9-5579387A0907}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C104B33D-A78E-460C-80C5-5DE03268C98F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: wvuvtqn - wvuvtqn.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12597 bytes
End of file - 12597 bytes
KASPERSKY
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, November 21, 2007 11:33:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/11/2007
Kaspersky Anti-Virus database records: 463341
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 71382
Number of viruses found: 59
Number of infected objects: 168
Number of suspicious objects: 6
Duration of the scan process: 00:48:59
Infected Object Name / Virus Name / Last Action
C:\10.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\10.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\10.tmp NSIS: infected - 2 skipped
C:\12.tmp Infected: Trojan-Downloader.Win32.Small.gci skipped
C:\176905136/data0001 Infected: Trojan.Win32.DNSChanger.qb skipped
C:\176905136 NSIS: infected - 1 skipped
C:\78.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\78.tmp NSIS: infected - 1 skipped
C:\79.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\79.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\79.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\79.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\79.tmp NSIS: infected - 4 skipped
C:\7B.tmp Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Admin\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
I REMOVED A HUGE PORTION FROM THIS REPORT BECAUSE IT ALL WOULDNT FIT, I CAN POST IT IN SEPERATE WINDOWS IF NEED BE
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0246808.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP370\A0246838.exe Infected: not-virus:Hoax.Win32.Renos.kj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246898.dll Infected: Trojan-Downloader.Win32.VB.bkb skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.ehg skipped
C:\WINDOWS\b147.exe Infected: Trojan.Win32.Agent.bnd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\retadpu72.exe.tmp Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{887CF22D-72F5-49ED-B04D-C1393E4C7707}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\system32\cv7\discrven2.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped
C:\WINDOWS\system32\cv7\discrven2.exe NSIS: infected - 3 skipped
C:\WINDOWS\system32\drivers\system.exe Infected: Trojan-Downloader.Win32.Agent.erh skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ramtmb.dll Infected: Trojan-Spy.Win32.Agent.ags skipped
C:\WINDOWS\system32\rxqnbksa.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\WINDOWS\system32\unc.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogon.scr Infected: Trojan-Downloader.Win32.Agent.erh skipped
C:\WINDOWS\system32\xkiijiyf.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\TEMP\TMP0000003F34D963F668A9368E Object is locked skipped
C:\WINDOWS\tsitra11.exe Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\WINDOWS\tsitra11.exe.tmp Infected: Trojan-Downloader.Win32.Agent.enr skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\zze.exe Infected: Trojan-Proxy.Win32.Xorpix.t skipped
Scan process completed.
Hello rudyum1,
Well, you managed to reinfect yourself with Vundo and a host of others.
You need to disable both these programs.
Spyware Guard
You need to disable Spyware Guard as it may interfere with the fix.
Double click on the Red SG Icon in your system tray.
Go to Options and remove the Three security checkmarks.
OK your way out of the program
Dont forget to re enable this when we are done fixing your computer
Tea Timer
We need to disable the Tea Timer in Spybot Search and Destroy as to not interfere with the fix.
Open Spybot and go to Mode> Advanced Mode> Tools> Resident and take the checkmark out of Tea Timer
After you disable them you need to reboot your computer
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {47FD1D75-E4C0-4049-A882-60B57314032A} - C:\WINDOWS\system32\wvuvtqn.dll (file missing)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {C0FDF040-11FC-4E5D-8F5F-3AE6768F08C7} - C:\WINDOWS\system32\unc.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
O2 - BHO: (no name) - {D3B58F57-70F5-46EA-A321-7E543568A069} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {EC88DC53-D9B0-4338-951D-E6332DBF6EC4} - C:\WINDOWS\system32\qomnl.dll
O2 - BHO: {7230fab5-f797-58f9-e924-1bb6ca425b9f} - {f9b524ac-6bb1-429e-9f85-797f5baf0327} - C:\WINDOWS\system32\mxbhubgd.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [f87c6cd3] rundll32.exe "C:\WINDOWS\system32\afqpigwl.dll",b
O20 - Winlogon Notify: wvuvtqn - wvuvtqn.dll (file missing)
Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
This is important, do this before you post a HJT log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass )and rename it to Scanner.exe
I need to see......
1. Vundofix log
2. Combofix log
3. New HJT log renamed to Scanner.exe
hey, thanks for the quick response.
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:01 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55507D14-C1D1-4B48-9F57-C5978A5DC283}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DA3937-7E5D-4F39-9EA9-5579387A0907}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C104B33D-A78E-460C-80C5-5DE03268C98F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 10336 bytes
VundoFix
VundoFix V6.5.10
Checking Java version...
Scan started at 1:20:47 PM 11/22/2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.10
Checking Java version...
Scan started at 1:23:45 PM 11/22/2007
Listing files found while scanning....
ComboFix 07-11-19.3 - Admin 2007-11-22 13:25:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Admin\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Jen\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Jen\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Jen\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Mom and Dad\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mom and Dad\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mom and Dad\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1\??crosoft\
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1\logonui.exe
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\F.tmp
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\mbols~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\kazooupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Temporary
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\w?aclt.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\system.exe
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fpqkoeix.dllbox
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qbfznqqe.dllbox
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\tsitra11.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 15:21 80,960 --a------ C:\WINDOWS\system32\mxbhubgd.dll
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:27 80,960 --a------ C:\WINDOWS\system32\xpywlfue.dll
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-21 13:21 80,960 --a------ C:\WINDOWS\system32\wxbtuanx.dll
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:28 77,888 --a------ C:\WINDOWS\system32\kpfxenfo.dll
2007-11-09 08:24 71,232 --a------ C:\WINDOWS\system32\xkiijiyf.exe
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-09 08:22 145,984 --a------ C:\WINDOWS\system32\rxqnbksa.dll
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-09-22 13:02 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Viewpoint
2007-09-22 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2005-07-29 20:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
.
ComboFix 07-11-19.3 - Admin 2007-11-22 13:25:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.152 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Admin\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Jen\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Jen\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Jen\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Jen\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Mom and Dad\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mom and Dad\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mom and Dad\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1\??crosoft\
C:\Documents and Settings\Mom and Dad\My Documents\CROSOF~1\logonui.exe
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\F.tmp
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\mbols~1
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\Insider
C:\Program Files\Insider\Insider.exe
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\bndloader.exe
C:\Program Files\ISM\dictionary.gz
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\kazooupd.exe
C:\Program Files\ISM\targets.gz
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\ISMPack7.exe
C:\Program Files\ISM2\targets.gz
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Temporary
C:\Program Files\wnsxs~1
C:\Program Files\wnsxs~1\w?aclt.exe
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b147.exe
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\system.exe
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\fpqkoeix.dllbox
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qbfznqqe.dllbox
C:\WINDOWS\system32\scurit~1
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\tsitra11.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-10-22 to 2007-11-22 )))))))))))))))))))))))))))))))
.
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 15:21 80,960 --a------ C:\WINDOWS\system32\mxbhubgd.dll
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:27 80,960 --a------ C:\WINDOWS\system32\xpywlfue.dll
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-21 13:21 80,960 --a------ C:\WINDOWS\system32\wxbtuanx.dll
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:28 77,888 --a------ C:\WINDOWS\system32\kpfxenfo.dll
2007-11-09 08:24 71,232 --a------ C:\WINDOWS\system32\xkiijiyf.exe
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-09 08:22 145,984 --a------ C:\WINDOWS\system32\rxqnbksa.dll
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-09-22 13:02 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Viewpoint
2007-09-22 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2005-07-29 20:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
.
((((((((((((((((((((((((((((( snapshot@2007-10-16_19.16.50.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-24 04:47:44 49,152 ----a-w C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
+ 2006-07-14 15:52:22 121,856 ----a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2006-05-25 14:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 14:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-24 16:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 16:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 49,152 -c----w C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll
+ 2004-09-15 17:28:08 28,672 -c----w C:\WINDOWS\$NtUninstallKB914440$\custsat.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
- 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-08-22 13:12:15 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-08-22 13:12:16 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
- 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-08-22 13:12:16 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-08-21 10:30:45 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
- 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-08-22 13:12:16 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
- 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-08-22 13:12:16 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
- 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
- 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-08-22 13:12:17 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
- 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-08-22 13:12:17 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
- 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
- 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
- 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
- 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-08-22 13:12:18 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
- 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-08-22 13:12:18 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
- 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653_0$\xpsp3res.dll
- 2007-09-28 13:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 1999-12-21 11:58:02 21,312 ----a-w C:\WINDOWS\choice.exe
- 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2004-08-04 10:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 10:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 10:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 10:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 10:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 10:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 10:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 10:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 10:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 10:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 10:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 10:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 10:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 10:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 10:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 10:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll.000
+ 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 10:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 10:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll.000
+ 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 10:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll.000
+ 2004-08-04 10:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 10:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll.000
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll.000
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe.000
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll.000
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll.000
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll.000
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll.000
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll.000
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe.000
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll.000
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll.000
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll.000
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll.000
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll.000
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll.000
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-10-25 01:57:12 13,056 ----a-w C:\WINDOWS\system32\acespy\systune.exe
- 2004-08-04 10:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 10:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-13 22:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-20 10:04:34 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-22 13:12:15 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-08-22 13:12:15 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-13 22:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
- 2004-09-15 17:28:08 28,672 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 22:54:10 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-08-22 13:12:16 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-08-22 13:12:16 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 13:12:16 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 22:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-20 10:04:34 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-21 10:30:45 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-08-22 13:12:16 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-13 22:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-17 10:20:54 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 22:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-22 13:12:16 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-20 10:04:39 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ------w
C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-08-22 13:12:17 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-20 19:34:42 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-08-22 13:12:17 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 13:12:17 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-22 13:12:17 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-08-22 13:12:18 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-08-22 13:12:18 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-20 10:04:42 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-22 13:12:18 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 22:54:10 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-20 10:04:42 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-22 13:12:18 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-20 10:04:43 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-06-23 15:04:47 246,312 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-17 19:22:40 147,608 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 10:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 10:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 10:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 10:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 10:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 10:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 10:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 10:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 02:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 02:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 03:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
- 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
- 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-06-13 10:23:07 72,209 ----a-w C:\WINDOWS\system32\kdgev.exe
- 2004-08-04 10:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 22:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 10:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 19:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 10:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 21:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 12:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 10:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-10-16 19:43:57 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-08 15:59:20 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-16 19:43:57 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-08 15:59:20 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-04-27 08:40:52 11,264 ----a-w C:\WINDOWS\system32\SpOrder.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 21:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-10-05 14:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-04 10:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 10:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 10:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 10:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 22:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-17 18:30:59 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2005-09-23 04:48:08 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2005-09-23 04:48:08 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 04:48:06 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-22 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-22 17:59:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 13:34:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-22 13:37:03 - machine was rebooted
.
--- E O F ---
Hello,
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad
File::
C:\WINDOWS\system32\mxbhubgd.dll
C:\WINDOWS\system32\xpywlfue.dll
C:\WINDOWS\system32\wxbtuanx.dll
C:\WINDOWS\system32\lwgipqfa.ini
C:\WINDOWS\system32\afqpigwl.dll
C:\WINDOWS\system32\kpfxenfo.dll
C:\WINDOWS\system32\xkiijiyf.exe
C:\WINDOWS\system32\lnmoq.bak2
C:\WINDOWS\system32\rxqnbksa.dll
C:\WINDOWS\system32\navwanvd.ini
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Please download SuperAntiSpyware (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program
Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.
Let me see the New Combofix log, the SAS log and a new HJT log and let me know how your system is running now??
Its running well. Although it wasnt running that bad to begin with. Windows security keeps warning me that my antivirus is turned off. Im not sure how to get it back on.
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:02 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55507D14-C1D1-4B48-9F57-C5978A5DC283}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DA3937-7E5D-4F39-9EA9-5579387A0907}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C104B33D-A78E-460C-80C5-5DE03268C98F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 10572 bytes
ComboFix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:02 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55507D14-C1D1-4B48-9F57-C5978A5DC283}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DA3937-7E5D-4F39-9EA9-5579387A0907}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C104B33D-A78E-460C-80C5-5DE03268C98F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 10572 bytes
SAS Report
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/22/2007 at 11:04 PM
Application Version : 3.9.1008
Core Rules Database Version : 3348
Trace Rules Database Version: 1349
Scan type : Complete Scan
Total Scan Time : 00:53:16
Memory items scanned : 447
Memory threats detected : 0
Registry items scanned : 5525
Registry threats detected : 100
File items scanned : 39609
File threats detected : 231
Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\ProgID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKU\.DEFAULT\Software\BndDrive
HKU\S-1-5-18\Software\BndDrive
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071122-131605-705.DLL
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\ISM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM2\ISMPACK6.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM2\ISMPACK7.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP318\A0222798.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP343\A0240684.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241059.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246572.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246574.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246963.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0246983.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0246995.EXE
Adware.180solutions/ZangoSearch
C:\Program Files\Zango Programs
Malware.SpyLocked
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\0
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\0\win32
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\FLAGS
HKCR\TypeLib\{04B12611-E1E1-45E3-9376-91984B957880}\1.0\HELPDIR
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\ProxyStubClsid
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\ProxyStubClsid32
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\TypeLib
HKCR\Interface\{212DF34E-EAD7-4831-89D8-70CB70581D82}\TypeLib#Version
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\ProxyStubClsid
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\ProxyStubClsid32
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\TypeLib
HKCR\Interface\{69F0456D-B449-4FAC-AF03-B0FBB4B39C53}\TypeLib#Version
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\ProxyStubClsid
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\ProxyStubClsid32
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\TypeLib
HKCR\Interface\{7A3BABC0-3D33-4B9D-B11E-EF36E1BFFFBF}\TypeLib#Version
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\ProxyStubClsid
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\ProxyStubClsid32
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\TypeLib
HKCR\Interface\{8F71D7E5-202B-4B8D-94EB-2B30E4212C18}\TypeLib#Version
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\ProxyStubClsid
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\ProxyStubClsid32
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\TypeLib
HKCR\Interface\{8FF07C20-5965-476E-84E8-82374C559BE7}\TypeLib#Version
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\ProxyStubClsid
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\ProxyStubClsid32
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\TypeLib
HKCR\Interface\{9ADA0950-D83C-4C52-83AE-D8258A4B527E}\TypeLib#Version
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\ProxyStubClsid
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\ProxyStubClsid32
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\TypeLib
HKCR\Interface\{A829592E-08BA-4D4D-87C8-6524687D90E6}\TypeLib#Version
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\ProxyStubClsid
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\ProxyStubClsid32
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\TypeLib
HKCR\Interface\{AC66E7A3-928B-4F20-B7AC-B3A86298005C}\TypeLib#Version
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\ProxyStubClsid
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\ProxyStubClsid32
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\TypeLib
HKCR\Interface\{B14649A3-BD2E-4483-B8D6-BF80F82F5D24}\TypeLib#Version
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\ProxyStubClsid
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\ProxyStubClsid32
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\TypeLib
HKCR\Interface\{B87C48D1-28E3-48FC-9B27-EEDBB7619A17}\TypeLib#Version
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\ProxyStubClsid
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\ProxyStubClsid32
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\TypeLib
HKCR\Interface\{CA091197-32FE-48D8-8696-AF64D8A1CA44}\TypeLib#Version
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\ProxyStubClsid
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\ProxyStubClsid32
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\TypeLib
HKCR\Interface\{CF4DDC95-8A4B-47C1-A89E-0CBF849DE042}\TypeLib#Version
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\ProxyStubClsid
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\ProxyStubClsid32
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\TypeLib
HKCR\Interface\{D74998BF-0AB6-4C8D-801D-EB50CB73FFDF}\TypeLib#Version
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\ProxyStubClsid
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\ProxyStubClsid32
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\TypeLib
HKCR\Interface\{E849D321-F077-4946-94EF-696F864F0BE5}\TypeLib#Version
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\ProxyStubClsid
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\ProxyStubClsid32
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\TypeLib
HKCR\Interface\{EA5973F9-1064-4393-838F-1B44CB09A1DE}\TypeLib#Version
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\ProxyStubClsid
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\ProxyStubClsid32
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\TypeLib
HKCR\Interface\{F0091942-BEF6-447E-8F73-B844A4F62851}\TypeLib#Version
Adware.Tracking Cookie
C:\Documents and Settings\Guest\Cookies\guest@adopt.specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@anad.tacoda[1].txt
C:\Documents and Settings\Guest\Cookies\guest@crazyxxx3dworld[1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@richmedia.yahoo[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sex4000[1].txt
C:\Documents and Settings\Guest\Cookies\guest@updates.liquiddigitalmedia[2].txt
C:\Documents and Settings\Jen\Cookies\jen@a.websponsors[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ad.outerinfo[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ad.yieldmanager[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adopt.specificclick[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.cnn[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.glispa[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.k8l[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.monster[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.realtechnetwork[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads.sheknows[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ads2.k8l[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adsby.zwoops[1].txt
C:\Documents and Settings\Jen\Cookies\jen@adv.webmd[1].txt
C:\Documents and Settings\Jen\Cookies\jen@advertising[2].txt
C:\Documents and Settings\Jen\Cookies\jen@affiliates.ticketsnow[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ath.belnk[1].txt
C:\Documents and Settings\Jen\Cookies\jen@atwola[1].txt
C:\Documents and Settings\Jen\Cookies\jen@banners.searchingbooth[1].txt
C:\Documents and Settings\Jen\Cookies\jen@belnk[1].txt
C:\Documents and Settings\Jen\Cookies\jen@burstnet[1].txt
C:\Documents and Settings\Jen\Cookies\jen@candlefind.advertserve[1].txt
C:\Documents and Settings\Jen\Cookies\jen@da-tracking[2].txt
C:\Documents and Settings\Jen\Cookies\jen@doubleclick[2].txt
C:\Documents and Settings\Jen\Cookies\jen@eas.apm.emediate[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Jen\Cookies\jen@ehg-wachovia.hitbox[2].txt
C:\Documents and Settings\Jen\Cookies\jen@entrepreneur[1].txt
C:\Documents and Settings\Jen\Cookies\jen@exitexchange[2].txt
C:\Documents and Settings\Jen\Cookies\jen@eyewonder[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ez-tracks[2].txt
C:\Documents and Settings\Jen\Cookies\jen@fastclick[2].txt
C:\Documents and Settings\Jen\Cookies\jen@findwhat[1].txt
C:\Documents and Settings\Jen\Cookies\jen@h.starware[1].txt
C:\Documents and Settings\Jen\Cookies\jen@i.screensavers[2].txt
C:\Documents and Settings\Jen\Cookies\jen@icc.intellisrv[2].txt
C:\Documents and Settings\Jen\Cookies\jen@kanoodle[1].txt
C:\Documents and Settings\Jen\Cookies\jen@login.tracking101[1].txt
C:\Documents and Settings\Jen\Cookies\jen@lynxtrack[1].txt
C:\Documents and Settings\Jen\Cookies\jen@mediaonenetwork[1].txt
C:\Documents and Settings\Jen\Cookies\jen@mediatraffic[2].txt
C:\Documents and Settings\Jen\Cookies\jen@nextag[1].txt
C:\Documents and Settings\Jen\Cookies\jen@partner2profit[1].txt
C:\Documents and Settings\Jen\Cookies\jen@pro-market[2].txt
C:\Documents and Settings\Jen\Cookies\jen@pt.crossmediaservices[1].txt
C:\Documents and Settings\Jen\Cookies\jen@publishers.clickbooth[1].txt
C:\Documents and Settings\Jen\Cookies\jen@qnsr[1].txt
C:\Documents and Settings\Jen\Cookies\jen@questionmarket[1].txt
C:\Documents and Settings\Jen\Cookies\jen@regalinteractive[1].txt
C:\Documents and Settings\Jen\Cookies\jen@screensavers[2].txt
C:\Documents and Settings\Jen\Cookies\jen@sexiluv[1].txt
C:\Documents and Settings\Jen\Cookies\jen@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Jen\Cookies\jen@smileycentral[1].txt
C:\Documents and Settings\Jen\Cookies\jen@ticketsnow[1].txt
C:\Documents and Settings\Jen\Cookies\jen@toplist[1].txt
C:\Documents and Settings\Jen\Cookies\jen@toseeka[2].txt
C:\Documents and Settings\Jen\Cookies\jen@track[2].txt
C:\Documents and Settings\Jen\Cookies\jen@trafficmp[1].txt
C:\Documents and Settings\Jen\Cookies\jen@try.screensavers[1].txt
C:\Documents and Settings\Jen\Cookies\jen@updates.liquiddigitalmedia[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.adtrak[1].txt
C:\Documents and Settings\Jen\Cookies\jen@www.burstbeacon[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.ez-tracks[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.screensavers[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.ticketsnow2[2].txt
C:\Documents and Settings\Jen\Cookies\jen@www.ticketsnow[1].txt
C:\Documents and Settings\Jen\Cookies\jen@yadro[2].txt
C:\Documents and Settings\Jen\Cookies\jen@yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
C:\Documents and Settings\Mom and Dad\Cookies\mom_and_dad@ad.outerinfoads[2].txt
SAS Continued.............
Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\MOM AND DAD\FAVORITES\ONLINE SECURITY TEST.URL
Trojan.Downloader-Gen/QDRModule
C:\PROGRAM FILES\QDRMODULE\QDRMODULE9.EXE
Adware.Vundo-Variant/Small-A
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071122-131605-363.DLL
C:\WINDOWS\SYSTEM32\MXBHUBGD.DLL
C:\WINDOWS\SYSTEM32\WXBTUANX.DLL
C:\WINDOWS\SYSTEM32\XPYWLFUE.DLL
Adware.Vundo-Variant
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071122-131605-378.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241126.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246717.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP369\A0246808.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246965.DLL
C:\WINDOWS\SYSTEM32\KPFXENFO.DLL
C:\WINDOWS\SYSTEM32\RXQNBKSA.DLL
Trojan.Downloader-Gen/Burre
C:\PROGRAM FILES\TREND MICRO\HIJACKTHIS\BACKUPS\BACKUP-20071122-131605-807.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246964.DLL
Trojan.Net-Wintouch/V2
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\MOM AND DAD\APPLICATION DATA\WINTOUCH\WINTOUCH.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241113.EXE
Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\MOM AND DAD\MY DOCUMENTS\CROSOF~1\LOGONUI.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\ICROSO~1.NET\NOPDB.EXE.VIR
C:\qoobox\Quarantine\C\Program Files\WNSXS~1\WACLTE~1.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MQYA.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NLJM.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0220466.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0230155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0230181.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0230227.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0230273.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP324\A0230298.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP325\A0230392.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0230477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0230600.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0230658.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0232946.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0232951.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0233996.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0233997.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234097.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234108.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234132.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234133.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234159.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0234243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0234290.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235341.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235420.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235475.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0235542.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP335\A0235595.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP335\A0235605.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP336\A0235755.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241054.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241055.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241106.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0245298.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0245299.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246579.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246582.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246925.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0247001.EXE
Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\HAMMER.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP342\A0240249.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0241022.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0241024.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP344\A0241030.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241122.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241272.DLL
Unclassified.Unknown Origin
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINDOWS MEDIA PLAYER\HOKENOWA4444.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINDOWS MEDIA PLAYER\HOKENOWA83122.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241056.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241057.DLL
Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\Q21\ADED83122.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSINTSV.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\TTC-4444.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0220469.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP317\A0221575.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP317\A0221614.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP318\A0222817.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222888.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222910.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP322\A0230158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP323\A0230230.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP325\A0230395.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0230480.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP327\A0230603.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP328\A0230661.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0232949.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234000.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234101.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234136.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP331\A0234162.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0234246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP332\A0234293.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235423.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP333\A0235478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP334\A0235546.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP335\A0235598.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP336\A0235750.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP340\A0240061.VBS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241047.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241048.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241120.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241125.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP363\A0245302.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246585.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0246978.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0246979.EXE
C:\WINDOWS\QWRTAW4\KQLQUQB.VBS
Trojan.Downloader-Gen/Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\B122.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0244256.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP366\A0246710.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP373\A0246980.EXE
Trojan.Agent-Deinstall
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\F1\BWER12DRVR.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241119.EXE
Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LVYMHBRN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SFQETQUN.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VBIMFKOQ.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241051.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241052.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241053.EXE
Adware.WebBuying Assistant/Resident
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WLPJFLJ.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP345\A0241058.DLL
Trojan.Downloader-Gen/RETADPU
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0220416.EXE
C:\WINDOWS\RETADPU72.EXE.TMP
Adware.ClickSpring/Resident
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP315\A0220479.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222884.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP319\A0222906.DLL
Adware.WebBuying Assistant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP339\A0236934.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP340\A0240062.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP340\A0240063.EXE
Trojan.Downloader-Gen/TStamp
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP343\A0240731.EXE
Adware.Adservs
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP346\A0241204.EXE
Trojan.Downloader-Gen/WinAble-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP362\A0244257.EXE
Adware.Vundo-Variant/Small
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP371\A0246884.DLL
Trojan.Downloader-FakeRX
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP372\A0246898.DLL
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
Trojan.Downloader-Gen/DDC
C:\WINDOWS\SYSTEM32\XKIIJIYF.EXE
Good Morning,
Your HJT log looks great :bigthumb: Although you never posted the Combofix log, you posted your HJT log twice.
Ken :)
oops, sorry about that, here is the combo fix log.
ComboFix 07-11-19.3 - Admin 2007-11-22 21:55:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 15:21 80,960 --a------ C:\WINDOWS\system32\mxbhubgd.dll
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:27 80,960 --a------ C:\WINDOWS\system32\xpywlfue.dll
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-21 13:21 80,960 --a------ C:\WINDOWS\system32\wxbtuanx.dll
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:28 77,888 --a------ C:\WINDOWS\system32\kpfxenfo.dll
2007-11-09 08:24 71,232 --a------ C:\WINDOWS\system32\xkiijiyf.exe
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-09 08:22 145,984 --a------ C:\WINDOWS\system32\rxqnbksa.dll
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2001-11-19 17:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 19:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 22:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2005-07-29 20:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-22 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-23 02:48:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 21:58:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-22 21:59:35
C:\ComboFix2.txt ... 2007-11-22 13:37
.
--- E O F ---
You did not run the CFscript for Combofix or did not run it correctly as all the bad files where not removed. These are all part of Vundo and need to go.
Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad
File::
C:\WINDOWS\system32\mxbhubgd.dll
C:\WINDOWS\system32\xpywlfue.dll
C:\WINDOWS\system32\wxbtuanx.dll
C:\WINDOWS\system32\lwgipqfa.ini
C:\WINDOWS\system32\afqpigwl.dll
C:\WINDOWS\system32\kpfxenfo.dll
C:\WINDOWS\system32\xkiijiyf.exe
C:\WINDOWS\system32\lnmoq.bak2
C:\WINDOWS\system32\lnmoq.bak1
C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\rxqnbksa.dll
C:\WINDOWS\system32\navwanvd.ini
Save this as CFScript to your desktop.
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://i24.photobucket.com/albums/c30/ken545/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
sorry Im not sure what happened.
Hope this is better.
ComboFix 07-11-19.3 - Admin 2007-11-23 15:10:19.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.168 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-22 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-22 22:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-22 22:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2007-11-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2001-11-19 17:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 19:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 22:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
.
((((((((((((((((((((((((((((( snapshot_2007-11-22_13.35.23.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-23 03:07:17 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2007-11-23 03:07:17 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2007-11-23 03:07:17 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-23 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-23 17:32:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 15:13:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-23 15:14:39
C:\ComboFix2.txt ... 2007-11-22 21:59
C:\ComboFix3.txt ... 2007-11-22 13:37
.
--- E O F ---
Looking at the log it looks like those files are still showing up, I really thought I did it right.
I think you posted the wrong Combofix log. It creates new ones after each scan.
Completion time: 2007-11-23 15:14:39
C:\ComboFix2.txt ... 2007-11-22 21:59 <--Need this one
C:\ComboFix3.txt ... 2007-11-22 13:37
ComboFix 07-11-19.3 - Admin 2007-11-22 21:55:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 15:21 80,960 --a------ C:\WINDOWS\system32\mxbhubgd.dll
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:27 80,960 --a------ C:\WINDOWS\system32\xpywlfue.dll
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-21 13:21 80,960 --a------ C:\WINDOWS\system32\wxbtuanx.dll
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:28 77,888 --a------ C:\WINDOWS\system32\kpfxenfo.dll
2007-11-09 08:24 71,232 --a------ C:\WINDOWS\system32\xkiijiyf.exe
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-09 08:22 145,984 --a------ C:\WINDOWS\system32\rxqnbksa.dll
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2001-11-19 17:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 19:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 22:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2005-07-29 20:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-22 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-23 02:48:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 21:58:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-22 21:59:35
C:\ComboFix2.txt ... 2007-11-22 13:37
.
--- E O F ---
C:\ComboFix2.txt ... 2007-11-22 21:59 <--Need this one
Rudy,
Go to My Computer > your C:\ drive and look for Combofix.txt, you should have a two of them, right click each one and go to Properties and open the one with this date --> 2007-11-22 21:59 Copy and Paste it into this thread.
Ken
ComboFix 07-11-19.3 - Admin 2007-11-22 21:55:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.209 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.
2007-11-22 13:20 <DIR> d-------- C:\VundoFix Backups
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 15:21 80,960 --a------ C:\WINDOWS\system32\mxbhubgd.dll
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:27 80,960 --a------ C:\WINDOWS\system32\xpywlfue.dll
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-21 13:21 80,960 --a------ C:\WINDOWS\system32\wxbtuanx.dll
2007-11-09 08:30 583,921 ---hs---- C:\WINDOWS\system32\lwgipqfa.ini
2007-11-09 08:30 88,128 --a------ C:\WINDOWS\system32\afqpigwl.dll
2007-11-09 08:28 77,888 --a------ C:\WINDOWS\system32\kpfxenfo.dll
2007-11-09 08:24 71,232 --a------ C:\WINDOWS\system32\xkiijiyf.exe
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-09 08:22 441,950 ---hs---- C:\WINDOWS\system32\lnmoq.bak2
2007-11-09 08:22 145,984 --a------ C:\WINDOWS\system32\rxqnbksa.dll
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-24 20:57 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-24 20:19 6,465 ---hs---- C:\WINDOWS\system32\lnmoq.bak1
2007-10-24 20:18 437,315 ---hs---- C:\WINDOWS\system32\lnmoq.ini
2007-10-24 20:16 92 --a------ C:\WINDOWS\system32\sznf.ascii
2007-10-24 20:15 14 --a------ C:\WINDOWS\system32\din.ip
2007-10-24 20:15 4 --a------ C:\WINDOWS\system32\navwanvd.ini
2007-10-24 20:15 2 --a------ C:\WINDOWS\system32\lt.res
2007-10-24 20:13 12,217 --a------ C:\WINDOWS\system32\winlogon.scr
2007-10-24 20:13 12,217 ---hs---- C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-24 20:13 3,739 --a------ C:\WINDOWS\system32\sft.res
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-09-23 18:18 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Walgreens
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2001-11-19 17:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 19:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 22:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
2005-07-29 20:24 472 --sha-r C:\WINDOWS\QWRtaW4\kqlQuqb.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-22 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-23 02:48:59 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-22 21:58:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-22 21:59:35
C:\ComboFix2.txt ... 2007-11-22 13:37
.
--- E O F ---
I can do another scan, it doesnt take long. Before every time I did a scan the log would come up automatically, and I would copy that right to the thread. Im sorry about the frustration.
Hello Rudy,
Sorry your having problems, why don't you do this, lets get rid of Combofix and all its related folders and then download a new copy as its updated on a regular basis. But do it this way first.
Go to Start > Run and copy and paste ComboFix /u into the box
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Delete these if still present but they should be gone.
C:\QooBox
C:\Combofix.txt
Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) by OldTimer.
Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\mxbhubgd.dll
C:\WINDOWS\system32\xpywlfue.dll
C:\WINDOWS\system32\wxbtuanx.dll
C:\WINDOWS\system32\lwgipqfa.ini
C:\WINDOWS\system32\afqpigwl.dll
C:\WINDOWS\system32\kpfxenfo.dll
C:\WINDOWS\system32\xkiijiyf.exe
C:\WINDOWS\system32\lnmoq.bak2
C:\WINDOWS\system32\lnmoq.bak1
C:\WINDOWS\system32\lnmoq.ini
C:\WINDOWS\system32\rxqnbksa.dll
C:\WINDOWS\system32\navwanvd.ini
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
Close OTMoveIt
Now go ahead and download and run Combofix.
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Post the OtMoveIt log , the Combofix log and a new HJT log please.
ComboFix
ComboFix 07-11-19.3 - Admin 2007-11-24 23:34:02.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.274 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))
.
2007-11-22 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-22 22:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-22 22:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2007-11-22 22:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-21 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-21 17:07 118 --a------ C:\WINDOWS\system32\MRT.INI
2007-11-21 14:59 <DIR> d-------- C:\Program Files\CCleaner
2007-11-21 14:32 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-21 14:25 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-09 08:22 <DIR> d-------- C:\Program Files\QdrModule
2007-11-08 10:50 4 --a------ C:\WINDOWS\system32\stfv.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-21 20:24 --------- d-----w C:\Program Files\SpywareGuard
2007-11-21 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-21 20:06 --------- d-----w C:\Program Files\Dell
2007-11-21 20:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-21 20:05 --------- d-----w C:\Program Files\CyberLink
2007-11-08 15:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 01:13 12,217 --sh--w C:\Documents and Settings\Mom and Dad\winmain.exe
2007-10-25 01:13 12,217 ----a-w C:\WINDOWS\system32\winlogon.scr
2007-10-17 19:04 --------- d-----w C:\Program Files\Wal-Mart Music Downloads Store
2007-10-17 19:03 --------- d-----w C:\Program Files\Sonic
2007-10-17 19:02 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-10-17 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-17 18:06 --------- d-----w C:\Program Files\Google
2007-10-17 17:54 --------- d-----w C:\Program Files\Common Files\Intuit
2007-10-17 17:24 --------- d-----w C:\Program Files\Java
2007-10-17 17:23 --------- d-----w C:\Program Files\Common Files\Java
2007-10-16 04:43 --------- d-----w C:\Program Files\Trend Micro
2007-10-15 23:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-15 23:22 --------- d-----w C:\Program Files\Yahoo!
2007-10-15 23:22 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-27 11:03 --------- d-----w C:\Documents and Settings\Jen\Application Data\Viewpoint
2007-08-17 00:39 61,648 ----a-w C:\Documents and Settings\Mom and Dad\Application Data\GDIPFONTCACHEV1.DAT
2007-03-16 16:42 53,848 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-09-09 00:55 0 ---ha-w C:\Documents and Settings\Jen\hpothb07.dat
2006-08-20 23:26 0 ---ha-w C:\Documents and Settings\Mom and Dad\hpothb07.dat
2006-01-18 01:37 0 ---ha-w C:\Documents and Settings\NetworkService\hpothb07.dat
2005-12-27 16:21 0 ---ha-w C:\Documents and Settings\LocalService\hpothb07.dat
2005-12-27 15:03 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
2005-12-27 15:03 0 ---ha-w C:\Documents and Settings\Administrator\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Guest\hpothb07.dat
2005-12-27 15:02 0 ---ha-w C:\Documents and Settings\Default User\hpothb07.dat
2001-11-19 17:14 61,440 ----a-w C:\WINDOWS\inf\i386\gl.dll
2001-10-29 19:30 245,760 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2001-08-17 22:43 32,768 ----a-w C:\WINDOWS\inf\i386\Wiamicro.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-01-31 16:35]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-31 21:10]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 11:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-07-20 23:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 04:40]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 01:02]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 09:14]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 16:23]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 14:57]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-20 16:15]
"PrintServer Diagnostic"="C:\Program Files\Print Server\PTP\PSDiagnostic.exe" [2004-11-24 17:09]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 07:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-02 10:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 17:22]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe" [2006-06-22 12:44]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-07-20 23:41:47]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\WINDOWS\system32\NavLogon.dll 2004-12-30 14:19 55104 C:\WINDOWS\system32\NavLogon.dll
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys
S3 pmxscan;Visioneer USB Kernel;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusbxp.sys
.
Contents of the 'Scheduled Tasks' folder
"2006-06-01 13:10:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY38L133BDK5.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY38L133BDK5
"2007-11-23 18:09:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
"2007-11-23 17:32:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-24 23:36:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-24 23:37:18
.
--- E O F ---
moveit
File/Folder C:\WINDOWS\system32\mxbhubgd.dll not found.
File/Folder C:\WINDOWS\system32\xpywlfue.dll not found.
File/Folder C:\WINDOWS\system32\wxbtuanx.dll not found.
File/Folder C:\WINDOWS\system32\lwgipqfa.ini not found.
File/Folder C:\WINDOWS\system32\afqpigwl.dll not found.
File/Folder C:\WINDOWS\system32\kpfxenfo.dll not found.
File/Folder C:\WINDOWS\system32\xkiijiyf.exe not found.
File/Folder C:\WINDOWS\system32\lnmoq.bak2 not found.
File/Folder C:\WINDOWS\system32\lnmoq.bak1 not found.
File/Folder C:\WINDOWS\system32\lnmoq.ini not found.
File/Folder C:\WINDOWS\system32\rxqnbksa.dll not found.
File/Folder C:\WINDOWS\system32\navwanvd.ini not found.
Created on 11/24/2007 23:41:28
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:40 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Print Server\PTP\PSDiagnostic.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PrintServer Diagnostic] C:\Program Files\Print Server\PTP\PSDiagnostic.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://email4.uncg.edu/iNotes6W.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55507D14-C1D1-4B48-9F57-C5978A5DC283}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{92DA3937-7E5D-4F39-9EA9-5579387A0907}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C104B33D-A78E-460C-80C5-5DE03268C98F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 10572 bytes
On the moveit log I originally copied the wrong thing, exited the program, so I ran it again with the same files you gave me and I posted the results in the thread, sorry about that.
Hello Rudy,
It looks like we had a little mix up on the Combofix logs but it all looks good. It appears that Combofix removed those files but you just posted the wrong log, not to worry, this stuff does get confusing. OtMoveIt could not find those files because Combofix removed them and they are no longer present. :bigthumb:
The rest of your HJT log looks fine :bigthumb: How are things running now??
everything is running good, although under windows security it still says my antivirus is off, I cant figure out how to put it back on. And it also has the exclamation point infront of it.
So what programs should I keep and which should I remove. I imagine I wont need combofix, OTMoveit, vundofix, and HiJackThis. How about the super antispyware?
Thankyou so much for all your help, Im really gonna try hard to keep this thing clean.
Rudy,
Try going to Start> Control Panel> Security Center and click on Change the Way Security Center Alerts Me and take the Checkmark out of Anti Virus. BUT make sure your Anti Virus software is up to date.
I am providing you with links to read about staying secure along with some free programs to install. Keep in mind that you only need ONE Anti Virus Program and only ONE Firewall running. Anymore is overkill and will cause you some problems.
Malware Complaints (http://malwarecomplaints.info/index.php)
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.
How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
Geeks To Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp) Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.
Glad we could help
Safe Surfn
Ken