PDA

View Full Version : Help with VIRTUMONDE


chasingghosts
2008-11-07, 23:34
Help! This stupid trojan will not go away, no matter how many times I run Spybot or any other software to get rid of it it comes back. I read a little bit about it's removal in the forum and ran RSIT. Here are the log and info texts.
LOG first:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-07 13:19:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 161 GB (53%) free of 302 GB
Total RAM: 3326 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:21 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\trend micro\Owner.exe

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4} - C:\WINDOWS\system32\fccaAqop.dll
O2 - BHO: (no name) - {EE1E37DC-1037-46DD-8CD8-F1AE94C2FBB4} - (no file)
O2 - BHO: (no name) - {F1D72058-A62D-4215-8D63-CFBA9DC3C47B} - C:\WINDOWS\system32\ssqOGvTm.dll
O2 - BHO: (no name) - {F2A1C63E-9F5D-4E9D-B68D-EFFB74B042CC} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [SpybotDeletingA3733] command /c del "C:\WINDOWS\system32\mcrvkiyi.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3387] cmd /c del "C:\WINDOWS\system32\mcrvkiyi.dll_old"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9502] command /c del "C:\WINDOWS\system32\mcrvkiyi.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1289] cmd /c del "C:\WINDOWS\system32\mcrvkiyi.dll_old"
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O20 - AppInit_DLLs: zohutr.dll
O20 - Winlogon Notify: fccaAqop - C:\WINDOWS\SYSTEM32\fccaAqop.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 5835 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}]
C:\WINDOWS\system32\fccaAqop.dll [2008-10-24 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE1E37DC-1037-46DD-8CD8-F1AE94C2FBB4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1D72058-A62D-4215-8D63-CFBA9DC3C47B}]
C:\WINDOWS\system32\ssqOGvTm.dll [2008-11-06 244736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A1C63E-9F5D-4E9D-B68D-EFFB74B042CC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-01-09 16859648]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-07-09 36352]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA3733"=command /c del C:\WINDOWS\system32\mcrvkiyi.dll_old []
"SpybotDeletingC3387"=cmd /c del C:\WINDOWS\system32\mcrvkiyi.dll_old []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=C:\Program Files\BitComet\BitComet.exe /tray []
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-10-23 342336]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB9502"=command /c del C:\WINDOWS\system32\mcrvkiyi.dll_old []
"SpybotDeletingD1289"=cmd /c del C:\WINDOWS\system32\mcrvkiyi.dll_old []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="zohutr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-04-10 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccaAqop]
C:\WINDOWS\system32\fccaAqop.dll [2008-10-24 33792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}"=C:\WINDOWS\system32\fccaAqop.dll [2008-10-24 33792]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqOGvTm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\FlashFXP\flashfxp.exe"="C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\FlashFXP\flashfxp.exe"="C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3"

======List of files/folders created in the last 1 months======

2008-11-07 13:19:12 ----D---- C:\Program Files\trend micro
2008-11-07 13:19:11 ----D---- C:\rsit
2008-11-07 12:56:39 ----ASH---- C:\WINDOWS\system32\mTvGOqss.ini2
2008-11-07 09:57:26 ----A---- C:\WINDOWS\system32\hclcpkdq.dll
2008-11-07 08:49:32 ----ASH---- C:\WINDOWS\system32\RsAcefii.ini
2008-11-07 08:49:26 ----A---- C:\WINDOWS\system32\iifecAsR.dll
2008-11-06 22:31:59 ----D---- C:\Program Files\Enigma Software Group
2008-11-06 22:02:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-06 16:57:19 ----A---- C:\WINDOWS\system32\cnnasnww.dll
2008-11-06 16:52:02 ----A---- C:\WINDOWS\system32\sijbvygi.dll
2008-11-06 16:51:18 ----ASH---- C:\WINDOWS\system32\lRCbdfii.ini
2008-11-06 16:51:11 ----A---- C:\WINDOWS\system32\iifdbCRl.dll
2008-11-06 09:50:55 ----ASH---- C:\WINDOWS\system32\mTvGOqss.ini
2008-11-06 09:50:49 ----A---- C:\WINDOWS\system32\ssqOGvTm.dll
2008-11-01 11:04:58 ----D---- C:\Program Files\Comical
2008-10-31 16:00:20 ----ASH---- C:\WINDOWS\system32\lmpVCJlm.ini
2008-10-27 11:04:36 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-10-27 10:55:44 ----D---- C:\Program Files\Microsoft Works
2008-10-27 10:55:25 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-27 10:51:16 ----D---- C:\WINDOWS\SHELLNEW
2008-10-27 10:50:15 ----D---- C:\Program Files\Microsoft Office
2008-10-27 10:50:12 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-27 10:49:30 ----RHD---- C:\MSOCache
2008-10-24 20:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-24 20:41:36 ----D---- C:\Documents and Settings\Owner\Application Data\Logitech
2008-10-24 20:39:54 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-10-24 20:39:19 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-10-24 20:39:13 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-10-24 20:39:13 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-10-24 20:39:13 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-10-24 20:39:13 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-10-24 20:39:01 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-24 20:38:54 ----D---- C:\Program Files\Common Files\Logishrd
2008-10-24 20:38:51 ----D---- C:\Program Files\Logitech
2008-10-24 17:38:37 ----D---- C:\Program Files\Lavasoft
2008-10-24 17:38:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-24 17:37:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 17:28:33 ----D---- C:\Documents and Settings\Owner\Application Data\McAfee
2008-10-24 17:19:32 ----A---- C:\WINDOWS\wininit.ini
2008-10-24 15:54:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-24 15:54:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 10:20:00 ----A---- C:\WINDOWS\system32\4727c72d-.txt
2008-10-24 10:14:21 ----A---- C:\WINDOWS\system32\vtULBsQK.dll
2008-10-24 10:14:21 ----A---- C:\WINDOWS\system32\fccaAqop.dll
2008-10-24 10:14:05 ----A---- C:\WINDOWS\unvise32.exe
2008-10-24 10:14:03 ----D---- C:\Program Files\FlashFXP
2008-10-24 09:59:24 ----D---- C:\Program Files\Winamp Toolbar
2008-10-24 02:48:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-24 02:00:27 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-24 02:00:27 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-24 02:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-23 21:05:42 ----D---- C:\Documents and Settings\Owner\Application Data\vlc
2008-10-23 21:04:25 ----D---- C:\Program Files\VideoLAN
2008-10-23 18:05:50 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-10-23 18:05:33 ----D---- C:\Program Files\WinRAR
2008-10-23 10:32:23 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-23 10:25:54 ----D---- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-10-23 10:24:21 ----D---- C:\Program Files\DNA
2008-10-23 10:24:21 ----D---- C:\Documents and Settings\Owner\Application Data\DNA
2008-10-23 10:24:20 ----D---- C:\Program Files\BitTorrent
2008-10-22 20:33:00 ----D---- C:\Documents and Settings\Owner\Application Data\Thunderbird
2008-10-22 20:32:54 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-22 10:41:26 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-10-22 10:41:26 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-10-22 10:26:16 ----D---- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-10-22 10:25:56 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-10-22 10:25:28 ----N---- C:\WINDOWS\system32\px.dll
2008-10-22 10:25:26 ----D---- C:\Program Files\Winamp
2008-10-22 10:25:26 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-10-22 10:17:16 ----D---- C:\Downloads
2008-10-22 10:16:35 ----D---- C:\Program Files\BitComet
2008-10-22 09:51:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 09:37:29 ----SHD---- C:\RECYCLER
2008-10-22 09:32:17 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-10-22 09:32:05 ----D---- C:\Program Files\ATI Technologies
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-10-22 09:31:44 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\atioglx2.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ATIODE.exe
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-22 09:31:43 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-10-22 09:31:28 ----D---- C:\Intel
2008-10-22 09:12:43 ----A---- C:\WINDOWS\system32\dunzip32.dll
2008-10-22 09:10:49 ----D---- C:\Program Files\McAfee.com
2008-10-22 09:10:46 ----D---- C:\Program Files\Common Files\McAfee
2008-10-22 09:10:43 ----D---- C:\Program Files\McAfee
2008-10-22 08:54:34 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-22 08:42:03 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-22 08:41:45 ----D---- C:\Program Files\Mozilla Firefox
2008-10-22 08:32:37 ----D---- C:\WINDOWS\system32\Lang
2008-10-22 08:31:43 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-10-22 08:31:24 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-22 08:31:23 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-22 08:31:00 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-22 08:30:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2008-10-22 08:30:57 ----A---- C:\WINDOWS\SoundMan.exe
2008-10-22 08:30:57 ----A---- C:\WINDOWS\SkyTel.exe
2008-10-22 08:30:57 ----A---- C:\WINDOWS\RtlUpd.exe
2008-10-22 08:30:56 ----A---- C:\WINDOWS\RTLCPL.exe
2008-10-22 08:30:55 ----D---- C:\Program Files\Realtek
2008-10-22 08:30:55 ----A---- C:\WINDOWS\RTHDCPL.exe
2008-10-22 08:30:55 ----A---- C:\WINDOWS\MicCal.exe
2008-10-22 08:30:55 ----A---- C:\WINDOWS\alcwzrd.exe
2008-10-22 08:30:55 ----A---- C:\WINDOWS\Alcmtr.exe
2008-10-22 08:30:51 ----A---- C:\WINDOWS\RtlExUpd.dll
2008-10-22 08:30:51 ----A---- C:\WINDOWS\HideWin.exe
2008-10-22 08:29:24 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-10-22 08:29:24 ----A---- C:\WINDOWS\system32\NicInstE.dll
2008-10-22 08:29:24 ----A---- C:\WINDOWS\system32\NicEtCoE.dll
2008-10-22 08:29:24 ----A---- C:\WINDOWS\system32\NicCo.dll
2008-10-22 08:29:23 ----A---- C:\WINDOWS\system32\e1000msg.dll
2008-10-22 08:09:07 ----D---- C:\Program Files\Intel
2008-10-22 08:08:42 ----D---- C:\Program Files\Digital Line Detect
2008-10-22 07:55:06 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-22 06:46:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-22 06:46:12 ----D---- C:\Documents and Settings\Owner\Application Data\InstallShield
2008-10-22 06:41:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-22 06:38:36 ----D---- C:\WINDOWS\system32\vmm32
2008-10-22 06:38:36 ----D---- C:\Program Files\Dell
2008-10-22 06:29:18 ----D---- C:\Documents and Settings\Owner\Application Data\Identities
2008-10-22 06:29:17 ----HD---- C:\Program Files\Uninstall Information
2008-10-22 06:29:11 ----ASH---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2008-10-22 06:29:10 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-10-22 06:29:07 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-22 06:29:06 ----D---- C:\WINDOWS\Prefetch
2008-10-22 06:29:05 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-22 06:29:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-22 04:27:37 ----D---- C:\WINDOWS\system32\xircom
2008-10-22 04:27:37 ----D---- C:\Program Files\xerox
2008-10-22 04:27:37 ----D---- C:\Program Files\microsoft frontpage
2008-10-22 04:27:36 ----D---- C:\DELL
2008-10-22 04:27:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 04:27:26 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-10-22 04:27:17 ----A---- C:\WINDOWS\control.ini
2008-10-22 04:27:17 ----A---- C:\AUTOEXEC.BAT
2008-10-22 04:27:09 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-22 04:27:06 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-22 04:26:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-22 04:26:29 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-22 04:26:29 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-22 04:26:25 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-22 04:26:22 ----HD---- C:\Program Files\WindowsUpdate
2008-10-22 04:26:05 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 04:25:44 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-22 04:25:41 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-22 04:25:41 ----A---- C:\WINDOWS\desktop.ini
2008-10-22 04:25:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-22 04:25:32 ----D---- C:\Program Files\Common Files\Services
2008-10-22 04:25:32 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-22 04:25:29 ----SD---- C:\WINDOWS\Tasks
2008-10-22 04:25:29 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-22 04:25:28 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-22 04:25:23 ----D---- C:\WINDOWS\srchasst
2008-10-22 04:25:22 ----D---- C:\WINDOWS\system32\Macromed
2008-10-22 04:25:19 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-22 04:25:19 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-22 04:25:19 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-22 04:25:19 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-22 04:25:18 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-22 04:25:17 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-22 04:25:17 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-22 04:25:13 ----D---- C:\Program Files\Movie Maker
2008-10-22 04:25:09 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-22 04:25:09 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-22 04:25:09 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-22 04:25:09 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-22 04:25:05 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-22 04:25:04 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 04:25:04 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-22 04:25:04 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-22 04:25:04 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-22 04:25:04 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-22 04:25:03 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-22 04:25:03 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-22 04:25:03 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-22 04:25:02 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-22 04:25:02 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-22 04:25:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-22 04:24:59 ----D---- C:\Program Files\NetMeeting
2008-10-22 04:24:59 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-22 04:24:59 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-22 04:24:58 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-22 04:24:58 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-22 04:24:55 ----D---- C:\Program Files\Outlook Express
2008-10-22 04:24:55 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-22 04:24:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-22 04:24:55 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-22 04:24:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-22 04:24:54 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-22 04:24:54 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-22 04:24:54 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-22 04:24:48 ----D---- C:\Program Files\Common Files\System
2008-10-22 04:24:47 ----D---- C:\Program Files\Internet Explorer
2008-10-22 04:24:37 ----D---- C:\Program Files\ComPlus Applications
2008-10-22 04:24:35 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-22 04:24:35 ----A---- C:\WINDOWS\vb.ini
2008-10-22 04:24:31 ----D---- C:\WINDOWS\Registration
2008-10-22 04:24:11 ----D---- C:\Program Files\Windows Media Player
2008-10-22 04:24:11 ----D---- C:\Program Files\Online Services
2008-10-22 04:24:07 ----D---- C:\Program Files\Messenger
2008-10-22 04:24:03 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-22 04:24:03 ----A---- C:\WINDOWS\system32\write.exe
2008-10-22 04:23:55 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-22 04:23:55 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-22 04:23:55 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-22 04:23:54 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-22 04:23:54 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-22 04:23:54 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-22 04:23:47 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-22 04:23:47 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-22 04:23:46 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-22 04:23:46 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-22 04:23:46 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-22 04:23:46 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-22 04:23:45 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-22 04:23:44 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-22 04:23:43 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-22 04:23:42 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-22 04:23:42 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-22 04:23:38 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-22 04:23:21 ----D---- C:\Program Files\MSN
2008-10-22 04:23:20 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-22 04:23:20 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-22 04:23:20 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-22 04:23:20 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-22 04:23:19 ----D---- C:\Program Files\Windows NT
2008-10-22 04:23:19 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-22 04:23:19 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-22 04:23:18 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-22 04:23:18 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-22 04:23:17 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-22 04:23:16 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-22 04:23:15 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-22 04:23:15 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-22 04:23:15 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-22 04:23:15 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-22 04:23:15 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-22 04:23:14 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-22 04:23:14 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-22 04:23:14 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-22 04:23:13 ----D---- C:\WINDOWS\system32\Com
2008-10-22 04:23:13 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-22 04:23:13 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-22 04:23:13 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-22 04:23:13 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-22 04:23:13 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-22 04:23:12 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-22 04:23:12 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-22 04:23:11 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-22 04:23:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-22 04:23:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-22 04:23:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-22 04:23:06 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-21 21:22:17 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-21 18:05:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-21 18:03:29 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-21 18:02:46 ----A---- C:\WINDOWS\imsins.BAK
2008-10-21 18:02:45 ----SHD---- C:\WINDOWS\Installer
2008-10-21 18:02:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-21 18:02:44 ----D---- C:\Program Files\Common Files\ODBC
2008-10-21 18:02:44 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-21 18:02:41 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-21 18:02:40 ----RD---- C:\Program Files
2008-10-21 18:02:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-21 18:02:40 ----D---- C:\Program Files\Common Files
2008-10-21 18:02:38 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-21 18:02:38 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-21 18:02:38 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-21 18:02:36 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-21 18:02:36 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-21 18:02:36 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-21 18:02:36 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-21 18:02:35 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-21 18:02:33 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-21 18:02:32 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-21 18:02:32 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-21 18:02:32 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-21 18:02:32 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-21 18:02:32 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-21 18:02:29 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-21 18:02:27 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-21 18:02:27 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-21 18:02:27 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-21 18:02:27 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-21 18:02:26 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-21 18:02:24 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-21 18:02:24 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-21 18:02:24 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-21 18:02:23 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-21 18:02:23 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-21 18:02:17 ----RA---- C:\WINDOWS\SET26.tmp
2008-10-21 18:02:17 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-21 18:02:16 ----RA---- C:\WINDOWS\SET25.tmp
2008-10-21 18:02:14 ----RA---- C:\WINDOWS\SET8.tmp
2008-10-21 18:02:12 ----RA---- C:\WINDOWS\SET4.tmp
2008-10-21 18:02:10 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-21 18:02:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-21 18:02:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-21 18:02:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-21 18:01:38 ----A---- C:\WINDOWS\setuplog.txt
2008-10-21 18:01:36 ----SHD---- C:\System Volume Information
2008-10-21 18:01:36 ----D---- C:\Documents and Settings
2008-10-21 18:00:36 ----SH---- C:\boot.ini
2008-10-21 17:53:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-21 17:53:50 ----RSD---- C:\WINDOWS\Fonts
2008-10-21 17:53:50 ----RD---- C:\WINDOWS\Web
2008-10-21 17:53:50 ----HD---- C:\WINDOWS\inf
2008-10-21 17:53:50 ----D---- C:\WINDOWS\WinSxS
2008-10-21 17:53:50 ----D---- C:\WINDOWS\twain_32
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Temp
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\wins
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\wbem
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\usmt
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\spool
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\Setup
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\ras
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\oobe
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\npp
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\mui
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\IME
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\icsxml
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\ias
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\export
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\drivers
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\dhcp
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\config
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\3076
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\2052
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1054
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1042
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1041
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1037
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1033
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1031
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1028
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32\1025
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system32
2008-10-21 17:53:50 ----D---- C:\WINDOWS\system
2008-10-21 17:53:50 ----D---- C:\WINDOWS\security
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Resources
2008-10-21 17:53:50 ----D---- C:\WINDOWS\repair
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Provisioning
2008-10-21 17:53:50 ----D---- C:\WINDOWS\PeerNet
2008-10-21 17:53:50 ----D---- C:\WINDOWS\pchealth
2008-10-21 17:53:50 ----D---- C:\WINDOWS\mui
2008-10-21 17:53:50 ----D---- C:\WINDOWS\msapps
2008-10-21 17:53:50 ----D---- C:\WINDOWS\msagent
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Media
2008-10-21 17:53:50 ----D---- C:\WINDOWS\java
2008-10-21 17:53:50 ----D---- C:\WINDOWS\ime
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Help
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Driver Cache
2008-10-21 17:53:50 ----D---- C:\WINDOWS\dell
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Debug
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Cursors
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Connection Wizard
2008-10-21 17:53:50 ----D---- C:\WINDOWS\Config
2008-10-21 17:53:50 ----D---- C:\WINDOWS\AppPatch
2008-10-21 17:53:50 ----D---- C:\WINDOWS\addins
2008-10-21 17:53:50 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-22 04:27:16 ----A---- C:\WINDOWS\win.ini
2008-10-21 18:02:40 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-10 3006976]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-15 4652544]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-24 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-04-10 540672]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-04-09 593920]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


INFO


info.txt logfile of random's system information tool 1.04 2008-11-07 13:19:22

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Comical 0.8-->"C:\Program Files\Comical\unins000.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
EncVorbis 1.1-->"C:\Program Files\Winamp\EncVorbis-Uninstall.exe"
FlashFXP v3.2.0 (Build 1080) Scene Edition-->C:\WINDOWS\unvise32.exe C:\Program Files\FlashFXP\uninstal.log
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Owner\Desktop\HijackThis.exe" /uninstall
Intel(R) PRO Network Connections 12.1.12.0-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Toolbar for Firefox-->"C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pkvvpv38.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


Thanks in advance for the Help

chasingghosts:)
chasingghosts
2008-11-08, 09:43
I ran combofix on my machine and got this log.

I want to point out that I'm not too sure if it is working properly because I am running a version of McAfee that is provided by Comcast and I can't seem to figure out how the disable it or shut it off...


Wg

ComboFix 08-11-07.01 - Owner 2008-11-07 23:27:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2457 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Sophie & Ella\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\system32\lRCbdfii.ini
c:\windows\system32\mTvGOqss.ini
c:\windows\system32\mTvGOqss.ini2
c:\windows\system32\RsAcefii.ini
c:\windows\system32\SAyFNqru.ini
c:\windows\system32\SAyFNqru.ini2
c:\windows\system32\ssqOGvTm.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-07 23:33 . 2008-11-07 23:33 245,760 --a------ c:\windows\system32\efcYQKAS.dll
2008-11-07 15:16 . 2008-11-07 15:16 245,760 --a------ c:\windows\system32\urqNFyAS.dll
2008-11-07 13:19 . 2008-11-07 13:19 <DIR> d-------- C:\rsit
2008-11-07 13:19 . 2008-11-07 13:19 <DIR> d-------- c:\program files\trend micro
2008-11-07 08:49 . 2008-11-07 08:49 245,760 --a------ c:\windows\system32\iifecAsR.dll
2008-11-06 22:31 . 2008-11-06 22:34 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-06 22:02 . 2008-11-06 22:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-06 16:51 . 2008-11-06 16:51 244,736 --a------ c:\windows\system32\iifdbCRl.dll
2008-11-01 11:04 . 2008-11-01 11:04 <DIR> d-------- c:\program files\Comical
2008-10-31 16:00 . 2008-11-05 10:58 404 --ahs---- c:\windows\system32\lmpVCJlm.ini
2008-10-29 17:05 . 2008-10-29 17:05 <DIR> d-------- c:\documents and settings\Sophie & Ella\Application Data\Logitech
2008-10-27 11:04 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-10-27 10:55 . 2008-10-27 10:55 <DIR> d-------- c:\program files\Microsoft Works
2008-10-27 10:51 . 2008-10-27 10:52 <DIR> d-------- c:\windows\SHELLNEW
2008-10-27 10:50 . 2008-10-27 11:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-27 10:49 . 2008-10-27 10:49 <DIR> dr-h----- C:\MSOCache
2008-10-24 20:41 . 2008-10-24 20:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\Logitech
2008-10-24 20:41 . 2008-10-24 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-24 20:40 . 2008-10-24 20:40 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-24 20:40 . 2008-10-24 20:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-24 20:40 . 2008-10-24 20:40 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-10-24 20:39 . 2008-10-24 20:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2008-10-24 20:39 . 2008-05-02 01:38 301,656 --a------ c:\windows\system32\BtCoreIf.dll
2008-10-24 20:39 . 2008-05-02 01:39 170,512 --a------ c:\windows\system32\kemutb.dll
2008-10-24 20:39 . 2008-05-02 01:39 145,936 --a------ c:\windows\system32\KemUtil.dll
2008-10-24 20:39 . 2008-05-02 01:40 117,264 --a------ c:\windows\system32\KemWnd.dll
2008-10-24 20:39 . 2008-05-02 01:40 84,496 --a------ c:\windows\system32\KemXML.dll
2008-10-24 20:38 . 2008-10-24 20:38 <DIR> d-------- c:\program files\Logitech
2008-10-24 20:38 . 2008-10-24 20:39 <DIR> d-------- c:\program files\Common Files\Logishrd
2008-10-24 17:38 . 2008-10-24 17:38 <DIR> d-------- c:\program files\Lavasoft
2008-10-24 17:38 . 2008-10-24 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-24 17:37 . 2008-10-24 17:37 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-24 17:28 . 2008-10-24 17:28 <DIR> d-------- c:\documents and settings\Owner\Application Data\McAfee
2008-10-24 17:19 . 2008-10-29 09:58 210 --a------ c:\windows\wininit.ini
2008-10-24 15:54 . 2008-11-06 23:00 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-24 15:54 . 2008-10-29 08:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-24 11:00 . 2008-10-24 11:00 <DIR> d---s---- c:\documents and settings\Owner\UserData
2008-10-24 10:14 . 2008-11-04 11:45 <DIR> d-------- c:\program files\FlashFXP
2008-10-24 10:14 . 2003-03-16 00:15 90,112 --a------ c:\windows\unvise32.exe
2008-10-24 10:14 . 2008-10-24 10:14 33,792 --a------ c:\windows\system32\vtULBsQK.dll
2008-10-24 10:14 . 2008-10-24 10:14 33,792 --a------ c:\windows\system32\fccaAqop.dll
2008-10-24 09:59 . 2008-10-24 09:59 <DIR> d-------- c:\program files\Winamp Toolbar
2008-10-24 02:48 . 2008-10-24 04:08 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-10-23 21:05 . 2008-10-23 21:07 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
2008-10-23 21:04 . 2008-10-23 21:04 <DIR> d-------- c:\program files\VideoLAN
2008-10-23 10:25 . 2008-11-07 12:55 <DIR> d-------- c:\documents and settings\Owner\Application Data\BitTorrent
2008-10-23 10:24 . 2008-11-07 23:32 <DIR> d-------- c:\program files\DNA
2008-10-23 10:24 . 2008-10-23 10:25 <DIR> d-------- c:\program files\BitTorrent
2008-10-23 10:24 . 2008-11-07 23:32 <DIR> d-------- c:\documents and settings\Owner\Application Data\DNA
2008-10-22 20:33 . 2008-10-22 20:33 <DIR> d-------- c:\documents and settings\Owner\Application Data\Thunderbird
2008-10-22 20:32 . 2008-11-07 13:31 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-10-22 17:43 . 2008-10-22 17:43 <DIR> d-------- c:\documents and settings\Momma
2008-10-22 13:23 . 2008-11-07 09:36 <DIR> d-------- c:\documents and settings\Sophie & Ella
2008-10-22 10:26 . 2008-10-22 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-10-22 10:25 . 2008-10-24 09:59 <DIR> d-------- c:\program files\Winamp
2008-10-22 10:25 . 2008-10-22 10:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\Winamp
2008-10-22 10:17 . 2008-10-22 10:17 <DIR> d-------- C:\Downloads
2008-10-22 10:16 . 2008-10-29 08:28 <DIR> d-------- c:\program files\BitComet
2008-10-22 09:52 . 2007-11-14 14:18 553 --a------ c:\windows\USetup.iss
2008-10-22 09:34 . 2008-10-22 09:34 0 --a------ c:\windows\ativpsrm.bin
2008-10-22 09:32 . 2008-10-22 09:32 <DIR> d-------- c:\program files\ATI Technologies
2008-10-22 09:32 . 2008-04-09 20:05 593,920 --a------ c:\windows\system32\ati2sgag.exe
2008-10-22 09:13 . 2008-11-07 23:33 5,073 --a------ c:\windows\system32\Config.MPF
2008-10-22 09:12 . 2006-03-03 07:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-10-22 09:11 . 2007-11-22 05:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-10-22 09:11 . 2007-07-13 05:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-10-22 09:11 . 2007-11-22 05:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-10-22 09:11 . 2007-12-02 11:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-10-22 09:11 . 2007-11-22 05:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-10-22 09:11 . 2007-11-22 05:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-10-22 09:10 . 2008-10-22 09:10 <DIR> d-------- c:\program files\McAfee.com
2008-10-22 09:10 . 2008-10-22 09:53 <DIR> d-------- c:\program files\McAfee
2008-10-22 09:10 . 2008-10-22 09:11 <DIR> d-------- c:\program files\Common Files\McAfee
2008-10-22 08:54 . 2008-10-24 17:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-10-22 08:42 . 2008-10-22 08:42 0 --a------ c:\windows\nsreg.dat
2008-10-22 08:32 . 2008-10-22 08:32 <DIR> d-------- c:\windows\system32\Lang
2008-10-22 08:32 . 2008-10-22 08:32 940,794 --a------ c:\windows\system32\LoopyMusic.wav
2008-10-22 08:32 . 2008-10-22 08:32 146,650 --a------ c:\windows\system32\BuzzingBee.wav
2008-10-22 08:30 . 2008-10-22 09:51 <DIR> d-------- c:\program files\Realtek
2008-10-22 08:29 . 2007-04-13 19:33 254,872 --a------ c:\windows\system32\drivers\e1e5132.sys
2008-10-22 08:29 . 2007-01-17 21:59 179,048 --a------ c:\windows\system32\e1000msg.dll
2008-10-22 08:29 . 2007-04-12 17:47 154,496 --a------ c:\windows\system32\Prounstl.exe
2008-10-22 08:29 . 2007-01-17 22:02 66,424 --a------ c:\windows\system32\NicEtCoE.dll
2008-10-22 08:29 . 2007-01-29 20:36 62,840 --a------ c:\windows\system32\NicInstE.dll
2008-10-22 08:29 . 2007-01-17 22:02 28,536 --a------ c:\windows\system32\NicCo.dll
2008-10-22 08:29 . 2006-06-02 23:00 2,889 --a------ c:\windows\system32\e1e5132.din
2008-10-22 08:29 . 2006-01-12 20:52 1,904 --a------ c:\windows\system32\SetupBD.din
2008-10-22 08:09 . 2008-10-22 08:30 <DIR> d-------- c:\program files\Intel
2008-10-22 08:08 . 2008-10-22 08:08 <DIR> d-------- c:\program files\Digital Line Detect
2008-10-22 08:06 . 2008-10-22 08:27 5 --a------ c:\windows\system32\drivers\DELL_INS_530.MRK
2008-10-22 08:06 . 2008-10-22 08:27 5 --a------ c:\windows\system32\drivers\1028_DELL_INS_530.MRK
2008-10-22 07:55 . 2007-05-14 15:51 356,352 --a------ c:\windows\system32\NVUNINST.EXE
2008-10-22 06:46 . 2008-10-24 20:38 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-10-22 06:46 . 2008-10-22 06:46 <DIR> d-------- c:\documents and settings\Owner\Application Data\InstallShield
2008-10-22 06:41 . 2008-10-22 09:32 <DIR> d-------- c:\program files\Common Files\InstallShield
2008-10-22 06:38 . 2008-10-22 06:38 <DIR> d-------- c:\windows\system32\vmm32
2008-10-22 06:38 . 2008-10-22 06:38 <DIR> d-------- c:\program files\Dell
2008-10-22 06:29 . 2008-10-22 06:29 <DIR> d---s---- c:\windows\system32\Microsoft
2008-10-22 06:29 . 2008-10-24 11:00 <DIR> d-------- c:\documents and settings\Owner
2008-10-22 06:29 . 2008-10-22 06:29 <DIR> d--hs---- c:\documents and settings\LocalService

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 16:30 315,392 ----a-w c:\windows\HideWin.exe
2008-10-22 12:27 --------- d-----w c:\program files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}]
2008-10-24 10:14 33792 --a------ c:\windows\system32\fccaAqop.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-10-23 342336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-09 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 c:\windows\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-22 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-24 805392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{85DD4E0D-2B01-4D4D-9E66-3A165AB6EDA4}"= "c:\windows\system32\fccaAqop.dll" [2008-10-24 33792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccaAqop]
2008-10-24 10:14 33792 c:\windows\system32\fccaAqop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zohutr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashFXP\\flashfxp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22670:TCP"= 22670:TCP:BitComet 22670 TCP
"22670:UDP"= 22670:UDP:BitComet 22670 UDP

.
Contents of the 'Scheduled Tasks' folder

2008-10-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
- - - - ORPHANS REMOVED - - - -

BHO-{EE1E37DC-1037-46DD-8CD8-F1AE94C2FBB4} - (no file)
BHO-{F1D72058-A62D-4215-8D63-CFBA9DC3C47B} - c:\windows\system32\ssqOGvTm.dll
BHO-{F2A1C63E-9F5D-4E9D-B68D-EFFB74B042CC} - (no file)
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\pkvvpv38.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&hl=en&tab=wn
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 23:33:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\windows\system32\fccaAqop.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Logitech\SetPoint\LU\LULnchr.exe
c:\program files\Logitech\SetPoint\LU\LogitechUpdate.exe
c:\progra~1\McAfee\VIRUSS~1\mcvsmap.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\SoftwareDistribution\Download\f3174104a45ae9b1276d8609df91dcb9\update\update.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-07 23:36:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 07:36:08

Pre-Run: 168,583,917,568 bytes free
Post-Run: 168,482,017,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2008-10-24 10:00:31


What should I do next?
TIA:angel:
pskelley
2008-11-09, 17:54
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
The junk can be tough to remove, so do not expect fast or easy.
I read a little bit about it's removal in the forum and ran RSIT.
What you must do is read the directions and follow them. They are posted above and pinned (sticky) to the top of this forum.

1) Check Notepad under Format and make sure word wrap is NOT checked, leave it unchecked until we are finished.

2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
* Run Spybot-S&D in Advanced Mode.
* If it is not already set to do this Go to the Mode menu select "Advanced Mode"
* On the left hand side, Click on Tools
* Then click on the Resident Icon in the List
* Uncheck "Resident TeaTimer" and OK any prompts.
* Restart your computer.
(leave TT disabled until we finish)

3) Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

4) Add any comment you think will help.

Thanks
pskelley
2008-11-16, 12:48
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.