Hi,

I got this malware when I was downloading motherboard drivers for a friend a few days ago. I tried to fix it using smitFraudFix. But I'm not sure coz my avg resident shield is still giving pop ups abt possible threats. I do use a P2P software but I know this wasnt due to that. However if required by the volunteers I will remove it. Please have a look at the log file and tell me what to do.

Thanks and regards!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17:26, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server.toolbar.rediff.com/toolbar/3.0/sidesearch.html?mode=toolbar
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {318F134D-1627-48A5-909A-8D1D9C82BDE0} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: {978f3a05-99b5-a4da-7a14-a94275d9ce77} - {77ec9d57-249a-41a7-ad4a-5b9950a3f879} - C:\WINDOWS\system32\qmuswo.dll
O2 - BHO: (no name) - {83445c84-ddaa-4754-b246-dd10275cb6ea} - (no file)
O2 - BHO: (no name) - {8658825D-21E5-4F04-8DB7-1AB67C8E8F6E} - (no file)
O2 - BHO: (no name) - {C893C01E-6875-4AEE-AFC7-E33CC4A5B91F} - C:\WINDOWS\system32\mlJCRlMG.dll (file missing)
O2 - BHO: (no name) - {DCA900CF-450B-4E35-9169-66767F2F9D67} - C:\WINDOWS\system32\geBqRige.dll (file missing)
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [f4df6a94] rundll32.exe "C:\WINDOWS\system32\ouyhcybe.dll",b
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205923938906
O17 - HKLM\System\CCS\Services\Tcpip\..\{435DDC2F-1357-41AC-8EA7-B183C67056BF}: NameServer = 202.56.215.54 202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{B07B71F7-C41E-4E49-8375-09A0F89FA668}: NameServer = 202.56.215.54,202.56.215.55
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: oykher.dll,zkrgkw.dll,avgrsstx.dll
O20 - Winlogon Notify: geBqRige - geBqRige.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6810 bytes

Hi murphypaul1979

We will begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix 08-08-06.04 - r 2008-08-07 19:57:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.578 [GMT 5.5:30]
Running from: C:\Documents and Settings\r\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\bkhwpygq.ini
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\ebychyuo.ini
C:\WINDOWS\system32\GMlRCJlm.ini
C:\WINDOWS\system32\GMlRCJlm.ini2
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\prsgrc.dll
C:\WINDOWS\system32\sawkalmy.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 17:09 . 2008-08-07 17:10 <DIR> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter
2008-08-07 04:32 . 2008-08-07 17:27 <DIR> d-------- C:\Program Files\OCR-TextScan 2 Word 1
2008-08-07 04:32 . 2008-08-07 04:32 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-08-06 22:18 . 2008-08-06 22:18 184 --a------ C:\WINDOWS\Readiris.ini
2008-08-06 21:02 . 2008-08-06 23:17 <DIR> d-------- C:\Program Files\Readiris Pro 11 Corporate Edition Demo
2008-08-06 18:35 . 2008-08-06 18:35 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-06 17:59 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-06 17:58 . 2008-08-06 17:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-06 17:49 . 2008-08-06 18:03 141,147 --a------ C:\WINDOWS\hpoins14.dat
2008-08-06 17:48 . 2007-09-20 06:44 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-08-06 01:09 . 2008-08-06 01:09 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-08-06 01:07 . 2006-02-28 17:30 2,178,131 --a--c--- C:\WINDOWS\system32\dllcache\shvlres.dll
2008-08-06 01:06 . 2006-02-28 17:30 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2008-08-06 01:02 . 2008-08-06 01:08 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-08-06 01:02 . 2008-08-06 01:13 <DIR> d-------- C:\Inetpub
2008-08-05 10:25 . 2008-08-05 10:46 <DIR> d-------- C:\AllokRMFolder
2008-08-05 10:24 . 2008-08-05 10:25 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-03 20:17 . 2008-08-03 20:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 19:30 . 2008-08-03 19:42 1,934 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 19:27 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 19:27 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 19:27 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 19:27 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 19:27 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 19:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 19:27 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 19:27 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-03 18:44 . 2008-08-06 04:19 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-02 20:41 . 2008-08-02 20:41 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-02 20:41 . 2008-08-02 20:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-02 20:40 . 2008-08-07 16:46 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-02 20:40 . 2008-08-02 20:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-02 19:52 . 2006-03-23 09:42 139,264 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-08-02 19:49 . 2008-08-02 19:49 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-08-02 19:44 . 2008-08-02 19:44 12,889 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-02 19:31 . 2006-02-28 17:30 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-08-02 19:29 . 2006-02-28 17:30 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-02 19:28 . 2006-02-28 17:30 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-02 19:27 . 2006-02-28 17:30 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-02 18:37 . 2008-08-02 19:26 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-08-02 18:37 . 2008-08-02 19:26 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-08-02 15:00 . 2008-08-03 19:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 15:00 . 2008-08-04 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 10:18 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-27 23:39 . 2008-07-27 23:39 82,996 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.bmp
2008-07-27 23:39 . 2008-07-27 23:39 10,960 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.dat
2008-07-27 23:37 . 2008-07-27 23:37 <DIR> d-------- C:\Program Files\Free RM to MP3 Converter
2008-07-27 20:39 . 2008-07-27 20:39 <DIR> d-------- C:\Program Files\Illustrate
2008-07-27 03:02 . 2008-07-27 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 20:18 . 2008-07-26 20:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-26 10:34 . 2008-07-26 10:34 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-07-26 10:27 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-26 10:27 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-07-26 10:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-07-26 10:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-26 10:26 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-07-26 10:06 . 2008-07-26 10:06 <DIR> d-------- C:\Program Files\MagicISO
2008-07-25 11:41 . 2006-08-31 10:54 327,680 --a------ C:\WINDOWS\system32\PrmSrvInstall.dll
2008-07-25 11:41 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-07-25 11:41 . 2006-07-14 10:03 65,636 --a------ C:\WINDOWS\system32\PrmSrvUninst.exe
2008-07-25 11:24 . 2008-07-25 11:39 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-25 11:23 . 2008-07-25 11:23 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-07-22 12:31 . 2008-07-26 17:23 <DIR> d-------- C:\Program Files\Autodesk
2008-07-22 12:31 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-22 00:42 . 2008-07-28 10:28 <DIR> d-------- C:\Documents and Settings\r\Application Data\Autodesk
2008-07-21 23:48 . 2008-07-28 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-21 14:02 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-21 14:00 . 2008-07-21 14:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-21 13:58 . 2008-07-21 14:00 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-07-21 13:54 . 2008-07-21 13:54 <DIR> dr-h----- C:\MSOCache
2008-07-15 21:26 . 2008-07-15 21:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-15 10:58 . 2008-07-15 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-15 10:56 . 2008-08-06 18:01 <DIR> d-------- C:\Documents and Settings\r\Application Data\HPAppData
2008-07-15 10:55 . 2008-07-15 10:55 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-15 10:55 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-15 10:54 . 2008-07-15 10:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-15 10:53 . 2008-07-15 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-15 10:53 . 2007-03-17 21:41 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-07-15 10:53 . 2007-03-17 21:41 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-07-15 10:53 . 2007-03-08 09:50 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-15 10:53 . 2007-03-08 09:50 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-15 10:53 . 2007-03-17 21:41 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-07-15 10:53 . 2007-03-30 20:37 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-15 10:53 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-07-15 10:53 . 2007-03-08 09:50 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-15 10:53 . 2007-03-08 09:50 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-15 10:53 . 2007-03-08 09:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-15 10:51 . 2008-08-06 17:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-15 10:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-13 22:44 . 2008-07-28 10:40 <DIR> d-------- C:\Program Files\StarDict
2008-07-07 15:50 . 2008-07-07 15:50 <DIR> d-------- C:\WINDOWS\Favorites
2008-07-07 15:50 . 2008-07-07 15:50 <DIR> d-------- C:\Program Files\ElefunMultimedia
2008-07-07 15:34 . 2008-07-13 11:09 445 --a------ C:\WINDOWS\EntPack.dat
2008-07-07 15:34 . 2008-07-13 11:09 51 --a------ C:\WINDOWS\EntPack.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 13:57 --------- d-----w C:\Documents and Settings\r\Application Data\uTorrent
2008-08-07 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 18:29 --------- d-----w C:\Program Files\WinASO
2008-08-06 12:31 --------- d-----w C:\Program Files\HP
2008-08-04 15:20 --------- d-----w C:\Program Files\DivX
2008-08-04 15:19 --------- d-----w C:\Program Files\Google
2008-08-04 15:17 --------- d-----w C:\Program Files\Replay Media Catcher
2008-08-02 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-02 14:23 --------- d-----w C:\Program Files\Realtek
2008-08-02 13:02 --------- d-----w C:\Program Files\Gabest
2008-08-02 12:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-27 18:09 --------- d-----w C:\Program Files\Jardinains!
2008-07-27 15:09 --------- d-----w C:\Program Files\One-click Audio Converter
2008-07-26 14:50 --------- d-----w C:\Program Files\Conduit
2008-07-25 12:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-25 06:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-15 05:47 --------- d-----w C:\Documents and Settings\r\Application Data\HP
2008-07-01 13:53 2,788,800 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-07-01 13:51 7,710,016 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-07-01 13:47 --------- d-----w C:\Documents and Settings\r\Application Data\GetRightToGo
2008-07-01 13:35 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-06-28 11:11 --------- d-----w C:\Program Files\YouTube Downloader
2008-05-21 09:37 120 ----a-w C:\drmHeader.bin
2008-04-04 23:20 0 ----a-w C:\Documents and Settings\r\run.bat
1765-05-30 03:37 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 09:47 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 09:43 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 09:47 118784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-02 20:40 1232152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 14:51 16270848 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "C:\WINDOWS\system32\ShellHook.dll" [2007-12-13 03:29 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oykher.dll,zkrgkw.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
backup=C:\WINDOWS\pss\LoadRunner Agent Process.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra--c--- 2006-11-14 11:55 363008 C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a--c--- 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CheckTestDirectorUserAccount"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=2 (0x2)
"SCardSvr"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\launch_service\\bin\\magentproc.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\WebTours\\xigui32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-02 20:40]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-02 20:40]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 20:40]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-02 20:41]
R2 paldrv;paldrv;C:\WINDOWS\system32\pal_drv.sys [2005-07-27 18:03]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2006-02-28 17:30]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2006-02-28 17:30]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2006-02-28 17:30]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2006-02-28 17:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf55fbcf-8ce7-11dc-a788-001a929060e6}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\WinASORegistryOptimizerForr.job
- C:\Program Files\WinASO\Registry Optimizer 3.0\RegOpt.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-geBqRige - geBqRige.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\r\Application Data\Mozilla\Firefox\Profiles\v2rzr5nz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 20:07:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-07 20:13:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-07 14:43:18

Pre-Run: 10,855,993,344 bytes free
Post-Run: 10,783,682,560 bytes free

289 --- E O F --- 2008-07-26 21:32:19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:20, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {318F134D-1627-48A5-909A-8D1D9C82BDE0} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {77ec9d57-249a-41a7-ad4a-5b9950a3f879} - (no file)
O2 - BHO: (no name) - {83445c84-ddaa-4754-b246-dd10275cb6ea} - (no file)
O2 - BHO: (no name) - {8658825D-21E5-4F04-8DB7-1AB67C8E8F6E} - (no file)
O2 - BHO: (no name) - {C893C01E-6875-4AEE-AFC7-E33CC4A5B91F} - (no file)
O2 - BHO: (no name) - {DCA900CF-450B-4E35-9169-66767F2F9D67} - (no file)
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205923938906
O17 - HKLM\System\CCS\Services\Tcpip\..\{435DDC2F-1357-41AC-8EA7-B183C67056BF}: NameServer = 202.56.215.54 202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{B07B71F7-C41E-4E49-8375-09A0F89FA668}: NameServer = 202.56.215.54,202.56.215.55
O17 - HKLM\System\CS1\Services\Tcpip\..\{435DDC2F-1357-41AC-8EA7-B183C67056BF}: NameServer = 202.56.215.54 202.56.215.55
O17 - HKLM\System\CS3\Services\Tcpip\..\{435DDC2F-1357-41AC-8EA7-B183C67056BF}: NameServer = 202.56.215.54 202.56.215.55
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: oykher.dll,zkrgkw.dll,avgrsstx.dll
O20 - Winlogon Notify: geBqRige - C:\WINDOWS\
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 7239 bytes

Hi,

Thanks for your reply. Please have a look at the logs.

Regards.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Hi shaba,

This is the list you mentioned.

regards.


32 Bit HP CIO Components Installer
3dsmax ancillary install
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Allok RM RMVB to AVI MPEG DVD Converter 1.3.4
ASUSUpdate
AVG Free 8.0
AVI MPEG WMV RM to MP3 Converter 1.0.1
DivX Codec
Free RM to MP3 Converter 1.12
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
InstallMICGenericHook
Intel(R) Graphics Media Accelerator Driver
IsoBuster 2.2
Jardinains!
Java(TM) SE Runtime Environment 6 Update 1
jetAudio Basic
Magic ISO Maker v5.5 (build 0265)
Marvell Miniport Driver
Mercury LoadRunner 8.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Script Debugger
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
PowerDVD
QuickTest Professional
Readiris Pro 11 Corporate Edition Demo
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Spybot - Search & Destroy
TestDirector
Tetris 5000(v1.10 full version)
Ultra Video Converter 2.1.0
Unified Report
VideoLAN VLC media player 0.8.6d
WinAce Archiver
WinASO Registry Optimizer 4.0.6
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format Runtime
WinRAR archiver
WinRunner
Yahoo! Install Manager
Yahoo! Messenger

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Delete this folder:

C:\Documents and Settings\r\Application Data\uTorrent

Empty Recycle Bin

Please run a new combofix scan when finished and post the log back here.

Hi Shaba,

This is the log you mentioned.

regards.



ComboFix 08-08-10.02 - r 2008-08-11 15:30:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.596 [GMT 5.5:30]
Running from: C:\Documents and Settings\r\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2008-08-08 19:10 . 2006-02-28 17:30 538,624 --a------ C:\WINDOWS\system32\spider.exe
2008-08-08 19:10 . 2006-02-28 17:30 538,624 --a--c--- C:\WINDOWS\system32\dllcache\spider.exe
2008-08-08 03:41 . 2008-08-09 04:49 <DIR> d-------- C:\VideoConverterOutput
2008-08-08 03:40 . 2008-08-08 03:41 <DIR> d-------- C:\Program Files\Ultra Video Converter
2008-08-08 03:40 . 2006-05-05 06:59 421,888 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-08-08 03:40 . 2006-07-18 22:11 376,832 --a------ C:\WINDOWS\system32\MpegSplitter.ax
2008-08-08 03:26 . 2008-08-08 03:42 <DIR> d-------- C:\Program Files\321 Xvid Converter
2008-08-08 03:26 . 2008-08-08 03:26 66 --a------ C:\WINDOWS\321 Xvid Converter.INI
2008-08-08 02:58 . 2008-08-08 02:58 66 --a------ C:\WINDOWS\PowerVideoConverter.INI
2008-08-08 02:19 . 2008-08-08 02:19 66 --a------ C:\WINDOWS\Power Video Converter.INI
2008-08-07 17:09 . 2008-08-07 17:10 <DIR> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter
2008-08-07 04:32 . 2008-08-07 17:27 <DIR> d-------- C:\Program Files\OCR-TextScan 2 Word 1
2008-08-07 04:32 . 2008-08-07 04:32 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-08-06 22:18 . 2008-08-06 22:18 184 --a------ C:\WINDOWS\Readiris.ini
2008-08-06 21:02 . 2008-08-06 23:17 <DIR> d-------- C:\Program Files\Readiris Pro 11 Corporate Edition Demo
2008-08-06 18:35 . 2008-08-06 18:35 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-06 17:59 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-06 17:58 . 2008-08-06 17:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-06 17:49 . 2008-08-06 18:03 141,147 --a------ C:\WINDOWS\hpoins14.dat
2008-08-06 17:48 . 2007-09-20 06:44 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-08-06 01:09 . 2008-08-06 01:09 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-08-06 01:08 . 2001-08-17 22:36 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2008-08-06 01:08 . 2001-08-17 22:36 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-08-06 01:08 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2008-08-06 01:08 . 2001-08-17 22:36 43,520 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2008-08-06 01:08 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-08-06 01:08 . 2001-08-17 22:36 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-08-06 01:08 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2008-08-06 01:08 . 2001-08-17 22:36 12,288 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
2008-08-06 01:08 . 2001-08-17 22:36 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2008-08-06 01:08 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2008-08-06 01:06 . 2006-02-28 17:30 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-08-06 01:02 . 2008-08-06 01:08 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-08-06 01:02 . 2008-08-08 19:11 <DIR> d-------- C:\Inetpub
2008-08-05 10:25 . 2008-08-05 10:46 <DIR> d-------- C:\AllokRMFolder
2008-08-05 10:24 . 2008-08-05 10:25 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-03 20:17 . 2008-08-03 20:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 19:30 . 2008-08-03 19:42 1,934 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 19:27 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 19:27 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 19:27 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 19:27 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 19:27 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 19:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 19:27 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 19:27 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-03 18:44 . 2008-08-11 14:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-02 20:41 . 2008-08-02 20:41 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-02 20:41 . 2008-08-02 20:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-02 20:40 . 2008-08-10 10:19 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-02 20:40 . 2008-08-02 20:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-02 19:52 . 2006-03-23 09:42 139,264 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-08-02 19:49 . 2008-08-02 19:49 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-08-02 19:44 . 2008-08-02 19:44 12,889 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-02 19:31 . 2006-02-28 17:30 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-08-02 19:29 . 2006-02-28 17:30 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-02 19:28 . 2006-02-28 17:30 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-02 19:27 . 2006-02-28 17:30 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-02 18:37 . 2008-08-08 02:19 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-08-02 18:37 . 2008-08-08 02:19 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-08-02 15:00 . 2008-08-03 19:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 15:00 . 2008-08-04 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 10:18 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-27 23:39 . 2008-07-27 23:39 82,996 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.bmp
2008-07-27 23:39 . 2008-07-27 23:39 10,960 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.dat
2008-07-27 23:37 . 2008-07-27 23:37 <DIR> d-------- C:\Program Files\Free RM to MP3 Converter
2008-07-27 20:39 . 2008-07-27 20:39 <DIR> d-------- C:\Program Files\Illustrate
2008-07-27 03:02 . 2008-07-27 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 20:18 . 2008-07-26 20:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-26 10:34 . 2008-07-26 10:34 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-07-26 10:27 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-26 10:27 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-07-26 10:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-07-26 10:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-26 10:26 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-07-26 10:06 . 2008-07-26 10:06 <DIR> d-------- C:\Program Files\MagicISO
2008-07-25 11:41 . 2006-08-31 10:54 327,680 --a------ C:\WINDOWS\system32\PrmSrvInstall.dll
2008-07-25 11:41 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-07-25 11:41 . 2006-07-14 10:03 65,636 --a------ C:\WINDOWS\system32\PrmSrvUninst.exe
2008-07-25 11:24 . 2008-07-25 11:39 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-25 11:23 . 2008-07-25 11:23 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-07-22 12:31 . 2008-07-26 17:23 <DIR> d-------- C:\Program Files\Autodesk
2008-07-22 12:31 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-22 00:42 . 2008-07-28 10:28 <DIR> d-------- C:\Documents and Settings\r\Application Data\Autodesk
2008-07-21 23:48 . 2008-07-28 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-21 14:02 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-21 14:00 . 2008-07-21 14:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-21 13:58 . 2008-07-21 14:00 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-07-21 13:54 . 2008-07-21 13:54 <DIR> dr-h----- C:\MSOCache
2008-07-15 21:26 . 2008-07-15 21:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-15 10:58 . 2008-07-15 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-15 10:56 . 2008-08-06 18:01 <DIR> d-------- C:\Documents and Settings\r\Application Data\HPAppData
2008-07-15 10:55 . 2008-07-15 10:55 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-15 10:55 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-15 10:54 . 2008-07-15 10:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-15 10:53 . 2008-07-15 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-15 10:53 . 2007-03-17 21:41 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-07-15 10:53 . 2007-03-17 21:41 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-07-15 10:53 . 2007-03-08 09:50 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-15 10:53 . 2007-03-08 09:50 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-15 10:53 . 2007-03-17 21:41 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-07-15 10:53 . 2007-03-30 20:37 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-15 10:53 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-07-15 10:53 . 2007-03-08 09:50 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-15 10:53 . 2007-03-08 09:50 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-07-15 10:53 . 2007-03-08 09:50 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-07-15 10:51 . 2008-08-06 17:56 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-15 10:51 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-13 22:44 . 2008-07-28 10:40 <DIR> d-------- C:\Program Files\StarDict

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 21:19 --------- d-----w C:\Program Files\DivX
2008-08-07 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 18:29 --------- d-----w C:\Program Files\WinASO
2008-08-06 12:31 --------- d-----w C:\Program Files\HP
2008-08-04 15:19 --------- d-----w C:\Program Files\Google
2008-08-04 15:17 --------- d-----w C:\Program Files\Replay Media Catcher
2008-08-02 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-02 14:23 --------- d-----w C:\Program Files\Realtek
2008-08-02 13:02 --------- d-----w C:\Program Files\Gabest
2008-08-02 12:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-27 18:09 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-27 18:09 --------- d-----w C:\Program Files\Jardinains!
2008-07-27 15:09 --------- d-----w C:\Program Files\One-click Audio Converter
2008-07-26 14:50 --------- d-----w C:\Program Files\Conduit
2008-07-25 06:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-15 05:47 --------- d-----w C:\Documents and Settings\r\Application Data\HP
2008-07-07 10:20 --------- d-----w C:\Program Files\ElefunMultimedia
2008-07-01 13:53 2,788,800 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-07-01 13:51 7,710,016 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-07-01 13:47 --------- d-----w C:\Documents and Settings\r\Application Data\GetRightToGo
2008-07-01 13:35 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-06-28 11:11 --------- d-----w C:\Program Files\YouTube Downloader
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 09:37 120 ----a-w C:\drmHeader.bin
2008-04-04 23:20 0 ----a-w C:\Documents and Settings\r\run.bat
1765-05-30 03:37 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-07_20.13.01.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-05 19:46:32 91,968 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-08 13:41:57 75,142 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-05 19:46:32 502,732 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-08 13:41:57 454,016 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 09:43 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-02 20:40 1232152]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 14:51 16270848 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "C:\WINDOWS\system32\ShellHook.dll" [2007-12-13 03:29 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqRige]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oykher.dll,zkrgkw.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
backup=C:\WINDOWS\pss\LoadRunner Agent Process.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra--c--- 2006-11-14 11:55 363008 C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a--c--- 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CheckTestDirectorUserAccount"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=2 (0x2)
"SCardSvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\launch_service\\bin\\magentproc.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\WebTours\\xigui32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-02 20:40]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-02 20:40]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 20:40]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-02 20:41]
R2 paldrv;paldrv;C:\WINDOWS\system32\pal_drv.sys [2005-07-27 18:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf55fbcf-8ce7-11dc-a788-001a929060e6}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-11 C:\WINDOWS\Tasks\WinASORegistryOptimizerForr.job
- C:\Program Files\WinASO\Registry Optimizer 3.0\RegOpt.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{318F134D-1627-48A5-909A-8D1D9C82BDE0} - (no file)
BHO-{77ec9d57-249a-41a7-ad4a-5b9950a3f879} - (no file)
BHO-{83445c84-ddaa-4754-b246-dd10275cb6ea} - (no file)
BHO-{8658825D-21E5-4F04-8DB7-1AB67C8E8F6E} - (no file)
BHO-{C893C01E-6875-4AEE-AFC7-E33CC4A5B91F} - (no file)
BHO-{DCA900CF-450B-4E35-9169-66767F2F9D67} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\r\Application Data\Mozilla\Firefox\Profiles\v2rzr5nz.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 15:33:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-11 15:35:42
ComboFix-quarantined-files.txt 2008-08-11 10:05:38
ComboFix2.txt 2008-08-07 14:43:22

Pre-Run: 16,255,246,336 bytes free
Post-Run: 16,227,975,168 bytes free

301 --- E O F --- 2008-07-26 21:32:19

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste the file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\spider.exe
Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Hi Shaba,

The scan did not find anything. Although I could not understand what you wanted me to to when you mentioned this:

C:\WINDOWS\system32\spider.exe.

regards.

Yes, it looks like to be legit.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the codebox below into it:


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geBqRige]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

ComboFix 08-08-10.02 - r 2008-08-12 21:30:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.654 [GMT 5.5:30]
Running from: C:\Documents and Settings\r\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\r\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 21:10 . 2008-04-23 09:46 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-12 21:10 . 2007-04-17 15:02 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-12 21:10 . 2007-03-08 10:40 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-12 21:10 . 2008-04-23 09:46 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-12 21:10 . 2008-04-23 09:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-12 21:10 . 2008-04-23 09:46 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-12 21:10 . 2008-04-23 09:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-12 21:10 . 2008-04-23 09:46 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-12 21:10 . 2008-04-22 13:09 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-12 20:47 . 2008-06-13 18:40 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-08 19:10 . 2006-02-28 17:30 538,624 --a------ C:\WINDOWS\system32\spider.exe
2008-08-08 19:10 . 2006-02-28 17:30 538,624 --a--c--- C:\WINDOWS\system32\dllcache\spider.exe
2008-08-08 03:41 . 2008-08-09 04:49 <DIR> d-------- C:\VideoConverterOutput
2008-08-08 03:40 . 2008-08-08 03:41 <DIR> d-------- C:\Program Files\Ultra Video Converter
2008-08-08 03:40 . 2006-05-05 06:59 421,888 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
2008-08-08 03:40 . 2006-07-18 22:11 376,832 --a------ C:\WINDOWS\system32\MpegSplitter.ax
2008-08-08 03:26 . 2008-08-08 03:42 <DIR> d-------- C:\Program Files\321 Xvid Converter
2008-08-08 03:26 . 2008-08-08 03:26 66 --a------ C:\WINDOWS\321 Xvid Converter.INI
2008-08-08 02:58 . 2008-08-08 02:58 66 --a------ C:\WINDOWS\PowerVideoConverter.INI
2008-08-08 02:19 . 2008-08-08 02:19 66 --a------ C:\WINDOWS\Power Video Converter.INI
2008-08-07 17:09 . 2008-08-07 17:10 <DIR> d-------- C:\Program Files\AVI MPEG WMV RM to MP3 Converter
2008-08-07 04:32 . 2008-08-07 17:27 <DIR> d-------- C:\Program Files\OCR-TextScan 2 Word 1
2008-08-07 04:32 . 2008-08-07 04:32 72,192 --a------ C:\WINDOWS\cadkasdeinst01e.exe
2008-08-06 22:18 . 2008-08-06 22:18 184 --a------ C:\WINDOWS\Readiris.ini
2008-08-06 21:02 . 2008-08-06 23:17 <DIR> d-------- C:\Program Files\Readiris Pro 11 Corporate Edition Demo
2008-08-06 18:35 . 2008-08-06 18:35 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-06 17:59 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-08-06 17:58 . 2008-08-06 17:58 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-06 17:49 . 2008-08-06 18:03 141,147 --a------ C:\WINDOWS\hpoins14.dat
2008-08-06 17:48 . 2007-09-20 06:44 2,000 --------- C:\WINDOWS\hpomdl14.dat
2008-08-06 01:09 . 2008-08-06 01:09 <DIR> d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-08-06 01:08 . 2001-08-17 22:36 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll
2008-08-06 01:08 . 2001-08-17 22:36 57,856 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
2008-08-06 01:08 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqadmin.dll
2008-08-06 01:08 . 2001-08-17 22:36 43,520 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_fcachdll.dll
2008-08-06 01:08 . 2001-08-17 22:36 38,912 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll
2008-08-06 01:08 . 2001-08-17 22:36 26,112 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_seos.dll
2008-08-06 01:08 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
2008-08-06 01:08 . 2001-08-17 22:36 12,288 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpctrs.dll
2008-08-06 01:08 . 2001-08-17 22:36 7,168 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_snprfdll.dll
2008-08-06 01:08 . 2001-08-17 22:36 5,632 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_adsiisex.dll
2008-08-06 01:06 . 2006-02-28 17:30 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-08-06 01:02 . 2008-08-06 01:08 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-08-06 01:02 . 2008-08-08 19:11 <DIR> d-------- C:\Inetpub
2008-08-05 10:25 . 2008-08-05 10:46 <DIR> d-------- C:\AllokRMFolder
2008-08-05 10:24 . 2008-08-05 10:25 <DIR> d-------- C:\Program Files\Allok RM RMVB to AVI MPEG DVD Converter
2008-08-03 20:17 . 2008-08-03 20:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-03 19:30 . 2008-08-03 19:42 1,934 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-03 19:27 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-03 19:27 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-03 19:27 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-03 19:27 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-08-03 19:27 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-03 19:27 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-03 19:27 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-03 19:27 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-03 18:44 . 2008-08-11 14:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-02 20:41 . 2008-08-02 20:41 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-02 20:41 . 2008-08-02 20:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-02 20:40 . 2008-08-12 16:16 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-02 20:40 . 2008-08-02 20:40 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-02 19:52 . 2006-03-23 09:42 139,264 -ra------ C:\WINDOWS\system32\igfxres.dll
2008-08-02 19:49 . 2008-08-02 19:49 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2008-08-02 19:44 . 2008-08-02 19:44 12,889 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-02 19:31 . 2006-02-28 17:30 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-08-02 19:29 . 2006-02-28 17:30 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-08-02 19:28 . 2006-02-28 17:30 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-02 19:27 . 2006-02-28 17:30 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-02 19:23 . 2008-08-02 19:23 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-02 19:02 . 2006-02-28 17:30 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-02 18:37 . 2008-08-08 02:19 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-08-02 18:37 . 2008-08-08 02:19 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-08-02 15:00 . 2008-08-03 19:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 15:00 . 2008-08-04 08:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 10:18 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-27 23:39 . 2008-07-27 23:39 82,996 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.bmp
2008-07-27 23:39 . 2008-07-27 23:39 10,960 --a------ C:\WINDOWS\system32\SpoonUninstall-Jardinains!.dat
2008-07-27 23:37 . 2008-07-27 23:37 <DIR> d-------- C:\Program Files\Free RM to MP3 Converter
2008-07-27 20:39 . 2008-07-27 20:39 <DIR> d-------- C:\Program Files\Illustrate
2008-07-27 03:02 . 2008-07-27 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-26 20:18 . 2008-07-26 20:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-07-26 10:34 . 2008-07-26 10:34 <DIR> d-------- C:\Program Files\Microsoft WSE
2008-07-26 10:27 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-07-26 10:27 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-07-26 10:26 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-07-26 10:26 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-26 10:26 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-07-26 10:06 . 2008-07-26 10:06 <DIR> d-------- C:\Program Files\MagicISO
2008-07-25 11:41 . 2006-08-31 10:54 327,680 --a------ C:\WINDOWS\system32\PrmSrvInstall.dll
2008-07-25 11:41 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\system32\UNWISE.EXE
2008-07-25 11:41 . 2006-07-14 10:03 65,636 --a------ C:\WINDOWS\system32\PrmSrvUninst.exe
2008-07-25 11:24 . 2008-07-25 11:39 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-07-25 11:23 . 2008-07-25 11:23 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-07-22 12:31 . 2008-07-26 17:23 <DIR> d-------- C:\Program Files\Autodesk
2008-07-22 12:31 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-07-22 00:42 . 2008-07-28 10:28 <DIR> d-------- C:\Documents and Settings\r\Application Data\Autodesk
2008-07-21 23:48 . 2008-07-28 10:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-07-21 14:02 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll
2008-07-21 14:00 . 2008-07-21 14:00 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-07-21 13:58 . 2008-07-21 14:00 <DIR> d--h----- C:\WINDOWS\ShellNew
2008-07-21 13:54 . 2008-07-21 13:54 <DIR> dr-h----- C:\MSOCache
2008-07-15 21:26 . 2008-07-15 21:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-15 10:58 . 2008-07-15 10:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-15 10:56 . 2008-08-06 18:01 <DIR> d-------- C:\Documents and Settings\r\Application Data\HPAppData
2008-07-15 10:55 . 2008-07-15 10:55 <DIR> d-------- C:\Program Files\Common Files\HP
2008-07-15 10:55 . 2008-08-06 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-07-15 10:54 . 2008-07-15 10:54 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-07-15 10:53 . 2008-07-15 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-15 10:53 . 2007-03-17 21:41 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2008-07-15 10:53 . 2007-03-17 21:41 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2008-07-15 10:53 . 2007-03-08 09:50 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-07-15 10:53 . 2007-03-08 09:50 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-07-15 10:53 . 2007-03-17 21:41 303,104 -ra------ C:\WINDOWS\system32\hpovst10.dll
2008-07-15 10:53 . 2007-03-30 20:37 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-07-15 10:53 . 2007-03-28 14:01 117,760 --a------ C:\WINDOWS\system32\hpzll5ha.dll
2008-07-15 10:53 . 2007-03-08 09:50 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-07-15 10:53 . 2007-03-08 09:50 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 21:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-07 21:19 --------- d-----w C:\Program Files\DivX
2008-08-07 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-06 18:29 --------- d-----w C:\Program Files\WinASO
2008-08-06 12:31 --------- d-----w C:\Program Files\HP
2008-08-04 15:19 --------- d-----w C:\Program Files\Google
2008-08-04 15:17 --------- d-----w C:\Program Files\Replay Media Catcher
2008-08-02 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-02 14:23 --------- d-----w C:\Program Files\Realtek
2008-08-02 13:02 --------- d-----w C:\Program Files\Gabest
2008-08-02 12:57 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-27 18:09 164,352 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-07-27 18:09 --------- d-----w C:\Program Files\Jardinains!
2008-07-27 15:09 --------- d-----w C:\Program Files\One-click Audio Converter
2008-07-26 14:50 --------- d-----w C:\Program Files\Conduit
2008-07-25 06:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-15 05:47 --------- d-----w C:\Documents and Settings\r\Application Data\HP
2008-07-07 10:20 --------- d-----w C:\Program Files\ElefunMultimedia
2008-07-01 13:53 2,788,800 ----a-w C:\Program Files\FLV PlayerFCSetup.exe
2008-07-01 13:51 7,710,016 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2008-07-01 13:47 --------- d-----w C:\Documents and Settings\r\Application Data\GetRightToGo
2008-07-01 13:35 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2008-06-28 11:11 --------- d-----w C:\Program Files\YouTube Downloader
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 09:37 120 ----a-w C:\drmHeader.bin
2008-04-04 23:20 0 ----a-w C:\Documents and Settings\r\run.bat
1765-05-30 03:37 4,263 --sha-w C:\WINDOWS\windllreg1c.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-07_20.13.01.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 09:22:32 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 10:40:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3GDR\tzchange.exe
+ 2008-03-27 10:46:15 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP3QFE\tzchange.exe
- 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
- 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
- 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
- 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
- 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2007-03-06 01:22:34 22,752 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spcustom.dll
+ 2007-03-06 01:22:36 14,048 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:59 716,000 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\updspapi.dll
- 2006-12-22 05:19:12 765,952 -c--a-w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 13:24:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
- 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 13:09:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 13:05:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 13:05:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 13:24:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
- 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 13:09:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 13:09:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 13:09:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-08-13 12:26:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
- 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 13:09:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
- 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 13:09:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
- 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 13:09:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 13:13:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 13:24:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
- 2008-03-01 13:06:30 3,591,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 13:24:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 13:24:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 13:14:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 13:24:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
- 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 13:14:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-13 13:06:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\updspapi.dll
- 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 13:14:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 13:24:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
- 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 13:24:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2007-08-13 13:24:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2006-02-28 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2007-08-13 13:09:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-02-28 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 13:49:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2006-02-28 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2007-08-13 13:09:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-02-28 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 13:49:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2006-02-28 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-02-28 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2007-08-13 13:05:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-13 13:05:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-13 13:24:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-13 13:09:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-13 13:09:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-13 13:09:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-13 12:26:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-13 13:09:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-13 13:09:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-13 13:13:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-13 13:24:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 72,704 -c--a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2006-02-28 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2006-02-28 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-02-28 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-13 13:24:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 16:46:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-13 13:24:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-02-28 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-02-28 12:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-02-28 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-02-28 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-02-28 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-02-28 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-13 13:14:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-02-28 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2006-02-28 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2006-02-28 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-02-28 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-13 13:24:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-02-28 12:00:00 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2006-02-28 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2006-02-28 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-02-28 12:00:00 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 53,760 -c--a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2007-08-13 13:14:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2006-02-28 12:00:00 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 215,552 -c--a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2007-08-13 13:06:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-02-28 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-02-28 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-02-28 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w C:\WINDOWS\system32\dllcache\umandlg.dll
- 2007-08-13 13:14:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-13 13:24:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-02-28 12:00:00 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 50,176 -c--a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2007-08-13 13:24:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-13 13:24:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-13 13:24:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 08:14:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 12:10:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2005-01-28 08:14:28 2,370,296 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-02-28 12:00:00 430,592 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 13:49:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2006-02-28 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 13:49:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2006-02-28 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 13:49:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2006-02-28 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 13:49:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2006-02-28 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 13:48:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2006-02-28 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 13:49:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2006-02-28 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2006-02-28 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2007-08-13 13:05:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-13 13:05:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-13 13:24:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-13 13:09:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-13 13:09:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-13 13:09:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-13 12:26:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-13 13:09:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-13 13:09:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-13 13:09:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-13 13:24:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-02-28 12:00:00 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w C:\WINDOWS\system32\magnify.exe
- 2006-02-28 12:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2006-02-28 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2006-02-28 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-08-13 13:24:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-23 16:46:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-13 13:24:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-02-28 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2006-02-28 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2006-02-28 12:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2006-02-28 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2006-02-28 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2006-02-28 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2006-02-28 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-13 13:14:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-02-28 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2006-02-28 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2006-02-28 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-02-28 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-13 13:24:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-02-28 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-02-28 12:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2006-02-28 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-02-28 12:00:00 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w C:\WINDOWS\system32\narrator.exe
- 2007-08-13 13:14:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2006-02-28 12:00:00 215,552 ----a-w C:\WINDOWS\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w C:\WINDOWS\system32\osk.exe
- 2008-08-05 19:46:32 91,968 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-08 13:41:57 75,142 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-05 19:46:32 502,732 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-08 13:41:57 454,016 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-08-13 13:06:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-02-28 12:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-03-27 09:24:20 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2006-02-28 12:00:00 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w C:\WINDOWS\system32\umandlg.dll
- 2007-08-13 13:14:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-13 13:24:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-02-28 12:00:00 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w C:\WINDOWS\system32\utilman.exe
- 2007-08-13 13:24:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-13 13:24:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2005-01-28 08:14:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 12:10:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2005-01-28 08:14:28 2,370,296 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2006-02-28 12:00:00 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 13:49:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2006-02-28 12:00:00 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 13:49:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2006-02-28 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 13:49:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2006-02-28 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 13:49:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2006-02-28 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 13:48:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2006-02-28 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 13:49:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 09:43 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-02 20:40 1232152]
"SkyTel"="SkyTel.EXE" [2006-05-16 15:34 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 14:51 16270848 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A5949E07-8536-4625-A3D0-2DD83F559990}"= "C:\WINDOWS\system32\ShellHook.dll" [2007-12-13 03:29 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=oykher.dll,zkrgkw.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LoadRunner Agent Process.lnk]
backup=C:\WINDOWS\pss\LoadRunner Agent Process.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra--c--- 2006-11-14 11:55 363008 C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-11-10 16:19 1051648 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a--c--- 2006-12-05 22:55 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2006-11-23 15:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CheckTestDirectorUserAccount"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"gusvc"=2 (0x2)
"SCardSvr"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\launch_service\\bin\\magentproc.exe"=
"C:\\Program Files\\Mercury\\LoadRunner\\WebTours\\xigui32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\HP\\QuickTest Professional\\bin\\AQTRmtAgent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-02 20:40]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-02 20:40]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-02 20:40]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-02 20:41]
R2 paldrv;paldrv;C:\WINDOWS\system32\pal_drv.sys [2005-07-27 18:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf55fbcf-8ce7-11dc-a788-001a929060e6}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-12 C:\WINDOWS\Tasks\WinASORegistryOptimizerForr.job
- C:\Program Files\WinASO\Registry Optimizer 3.0\RegOpt.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{318F134D-1627-48A5-909A-8D1D9C82BDE0} - (no file)
BHO-{77ec9d57-249a-41a7-ad4a-5b9950a3f879} - (no file)
BHO-{83445c84-ddaa-4754-b246-dd10275cb6ea} - (no file)
BHO-{8658825D-21E5-4F04-8DB7-1AB67C8E8F6E} - (no file)
BHO-{C893C01E-6875-4AEE-AFC7-E33CC4A5B91F} - (no file)
BHO-{DCA900CF-450B-4E35-9169-66767F2F9D67} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 21:33:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-12 21:35:27
ComboFix-quarantined-files.txt 2008-08-12 16:04:58
ComboFix2.txt 2008-08-11 10:05:43
ComboFix3.txt 2008-08-07 14:43:22

Pre-Run: 13,574,078,464 bytes free
Post-Run: 13,578,428,416 bytes free

624 --- E O F --- 2008-08-12 15:54:26

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:48, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205923938906
O17 - HKLM\System\CCS\Services\Tcpip\..\{B07B71F7-C41E-4E49-8375-09A0F89FA668}: NameServer = 202.56.215.54,202.56.215.55
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O20 - AppInit_DLLs: oykher.dll,zkrgkw.dll,avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 5803 bytes

Hi Shaba,

Just wanted to tell you that all malware warning msgs have stoped since the past 2 days. Does this mean that the computer is clean now?

thanks and regards.

We can't be sure yet but yes looking better :)

Open HijackThis, click do a system scan only and checkmark this:

O20 - AppInit_DLLs: oykher.dll,zkrgkw.dll,avgrsstx.dll

Close all windows including browser and press fix checked.

Reboot.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 12, 2008 22:42:17
Records in database: 1087256
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 114456
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:11:04


File name / Threat name / Threats count
C:\Documents and Settings\r\My Documents\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:12, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINDOWS\system32\BHOManager.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205923938906
O17 - HKLM\System\CCS\Services\Tcpip\..\{435DDC2F-1357-41AC-8EA7-B183C67056BF}: NameServer = 202.56.215.54 202.56.215.55
O17 - HKLM\System\CCS\Services\Tcpip\..\{B07B71F7-C41E-4E49-8375-09A0F89FA668}: NameServer = 202.56.215.54,202.56.215.55
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 6035 bytes

That looks good :)

Still problems?

Hi Shaba,

No, As I menitoned I haven't seen any traces of malware since the past few days now. So I guess its all good now. Thanks a lot for your help.

Regards.

Great :)

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

These are leftovers and can be fixed:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll (file missing)
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll (file missing)

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.