Please help! [Archive] - Safer-Networking Forums

View Full Version : Please help!

PumpyChowdown

2009-02-01, 04:10

Seem to be one or more "bugs" in my system. :oops:
I've read the sticky's and rules. :bigthumb:

Really hope someone can help me. :angel:

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:48 PM, on 1/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CPM931b8bdc] Rundll32.exe "c:\windows\system32\sepajimo.dll",a
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.knmservices.com.au/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9815 bytes

ken545

2009-02-05, 04:25

Hello

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

You need to read the stickies, it will make the clean up process go so much faster. You need to disable the TeaTimer in Spybot and post a new HJT log please

Disable the TeaTimer, leave it disabled until we're done or it will prevent fixes from taking

Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect

PumpyChowdown

2009-02-05, 10:31

G'day Ken545!

Disabled TeaTimer (might be worth noting in the stickies that if you click on the link in Firefox it takes to to text only. You must use IE to download the file).

Ran new HJT log. Below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:32 PM, on 5/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program

Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CPM931b8bdc] Rundll32.exe "c:\windows\system32\sepajimo.dll",a
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31

"EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -

https://remote.knmservices.com.au/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program

Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9823 bytes

ken545

2009-02-05, 11:54

Hello,

You have a point about using Firefox, I will have them add that, thank you. In the future you need to turn off Wordwrap in Notepad because the way you posted your HJT log its almost impossible to read, do it this way.

Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Submit Reply and not start a New Thread.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O4 - HKLM\..\Run: [CPM931b8bdc] Rundll32.exe "c:\windows\system32\sepajimo.dll",a

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

PumpyChowdown

2009-02-05, 12:33

I'll address this in two posts. First is the HJT log with WordWrap unchecked.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:32 PM, on 5/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CPM931b8bdc] Rundll32.exe "c:\windows\system32\sepajimo.dll",a
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.knmservices.com.au/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9823 bytes

PumpyChowdown

2009-02-05, 14:00

ComboFix log.

ComboFix 09-02-04.04 - David 2009-02-05 21:29:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.152 [GMT 10:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG 7.5.524 *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David\Application Data\Google\torsi2225487.exe
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-05 to 2009-02-05 )))))))))))))))))))))))))))))))
.

2009-02-05 18:20 . 2009-02-05 18:20 <DIR> d-------- c:\program files\ERUNT
2009-02-01 18:41 . 2009-02-01 18:39 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-01 09:25 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-31 23:16 . 2009-01-31 23:16 29 --a------ c:\windows\DEBUGSM.INI
2009-01-31 19:56 . 2009-01-31 23:16 <DIR> d-------- c:\documents and settings\David\Application Data\EPSON
2009-01-31 19:16 . 2009-01-31 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL
2009-01-31 19:12 . 2009-01-31 19:12 <DIR> d-------- c:\program files\ArcSoft
2009-01-31 19:03 . 2004-11-25 15:07 79,679 --a------ c:\windows\system32\E_FLMAGP.DLL
2009-01-31 19:03 . 2003-05-21 12:27 64,000 --a------ c:\windows\system32\E_FBCBAGP.DLL
2009-01-31 19:03 . 2004-09-11 06:12 49,152 --a------ c:\windows\system32\E_DCINST.DLL
2009-01-31 19:03 . 2000-06-07 11:01 34,304 --a------ c:\windows\system32\E_FBCHAGP.DLL
2009-01-31 18:49 . 2009-01-31 19:19 <DIR> d-------- c:\program files\epson
2009-01-31 18:49 . 2009-01-31 18:51 143,178 --a------ c:\windows\EPSTPLOG.BAK
2009-01-31 18:49 . 2005-02-25 00:00 46,080 --a------ c:\windows\system32\escimgd.dll
2009-01-31 18:49 . 2005-02-25 00:00 29,696 --a------ c:\windows\system32\escwiad.dll
2009-01-31 18:48 . 2005-02-25 00:00 22,016 --a------ c:\windows\system32\esccmd.dll
2009-01-31 18:48 . 2009-01-31 18:48 25 --a------ c:\windows\CDE RX530EC.ini
2009-01-29 00:30 . 2009-01-29 00:30 <DIR> d--hs---- c:\documents and settings\David\IETldCache
2009-01-29 00:10 . 2009-01-29 00:14 <DIR> d--h-c--- c:\windows\ie8
2009-01-29 00:07 . 2009-01-11 15:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-01-22 19:37 . 2009-01-22 19:37 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-15 02:22 . 2009-01-15 02:22 1,228,800 --------- c:\windows\system32\ieframe.dll.mui
2009-01-15 02:22 . 2009-01-15 02:22 49,152 --------- c:\windows\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 10,240 --------- c:\windows\system32\advpack.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-01-15 02:17 . 2009-01-15 02:17 636,264 -----c--- c:\windows\system32\dllcache\iexplore.exe
2009-01-15 02:06 . 2009-01-15 02:06 236,544 -----c--- c:\windows\system32\dllcache\webcheck.dll
2009-01-15 02:06 . 2009-01-15 02:06 105,984 -----c--- c:\windows\system32\dllcache\url.dll
2009-01-15 02:05 . 2009-01-15 02:05 109,056 -----c--- c:\windows\system32\dllcache\occache.dll
2009-01-15 02:03 . 2009-01-15 02:03 420,352 -----c--- c:\windows\system32\dllcache\vbscript.dll
2009-01-15 02:03 . 2009-01-15 02:03 172,544 -----c--- c:\windows\system32\dllcache\ie4uinit.exe
2009-01-15 02:03 . 2009-01-15 02:03 128,512 -----c--- c:\windows\system32\dllcache\advpack.dll
2009-01-15 02:01 . 2009-01-15 02:01 34,304 -----c--- c:\windows\system32\dllcache\imgutil.dll
2009-01-15 02:00 . 2009-01-15 02:00 1,639,936 -----c--- c:\windows\system32\dllcache\mshtml.tlb
2009-01-15 01:50 . 2009-01-15 01:50 156,160 -----c--- c:\windows\system32\dllcache\msls31.dll
2009-01-08 23:26 . 2009-01-08 23:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-08 23:26 . 2009-01-08 23:26 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2009-01-08 23:26 . 2009-01-08 23:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-08 23:26 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-08 23:26 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 11:22 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-04 15:12 1,357,312 ----a-w c:\windows\Internet Logs\xDB139.tmp
2009-02-01 21:57 1,461,029 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-02-01 08:39 --------- d-----w c:\program files\Java
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\AVG7
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\ArcSoft
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\Apple Computer
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\Ahead
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\AdobeUM
2009-02-01 01:22 --------- d-----w c:\documents and settings\David\Application Data\Ableton
2009-01-31 10:41 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-31 10:40 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-14 16:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-14 16:05 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-01-14 16:04 18,944 ----a-w c:\windows\system32\corpol.dll
2009-01-14 16:03 72,704 ----a-w c:\windows\system32\admparse.dll
2009-01-14 16:03 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-01-14 16:03 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-01-14 16:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-14 16:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-14 16:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-14 15:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-08 13:55 196,608 ----a-w c:\windows\Internet Logs\xDB137.tmp
2009-01-06 10:21 --------- d-----w c:\program files\Soulseek
2009-01-06 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 22:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-05 12:35 --------- d-----w c:\documents and settings\David\Application Data\uTorrent
2008-12-21 13:42 --------- d-----w c:\program files\Common Files\Futuremark Shared
2008-12-21 12:48 --------- d-----w c:\documents and settings\David\Application Data\Canon
2008-12-19 14:16 196,608 ----a-w c:\windows\Internet Logs\xDB136.tmp
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-07 08:00 4,953,600 ----a-w c:\windows\Internet Logs\xDB134.tmp
2008-12-07 05:40 --------- d-----w c:\program files\Google
2008-12-06 09:08 --------- d-----w c:\program files\Common Files\Adobe
2008-09-19 10:50 560 ----a-w c:\documents and settings\David\Application Data\momento_log.dat
2008-09-01 08:31 25,664 -c--a-w c:\documents and settings\David\Application Data\GDIPFONTCACHEV1.DAT
2004-10-27 01:41 1,519,800 -c--a-w c:\documents and settings\David\dMC-r10.exe
2004-10-21 03:35 765,001 -c--a-w c:\documents and settings\David\slsk152.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-09_ 0.45.19.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-07-25 07:13:18 24,576 ----a-w c:\windows\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 07:13:12 196,608 ----a-w c:\windows\Downloaded Program Files\dwusplay.exe
+ 2002-07-25 07:05:32 172,032 ----a-w c:\windows\Downloaded Program Files\isusweb.dll
+ 2005-10-20 02:02:28 163,328 ----a-w c:\windows\ERDNT\5-02-2009\ERDNT.EXE
+ 2005-10-20 02:02:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\5-02-2009\ERDNT.EXE
+ 2009-02-05 10:50:45 13,684,736 ----a-w c:\windows\ERDNT\AutoBackup\5-02-2009\Users\00000001\NTUSER.DAT
+ 2009-02-05 10:50:47 184,320 ----a-w c:\windows\ERDNT\AutoBackup\5-02-2009\Users\00000002\UsrClass.dat
- 2008-08-21 17:21:04 49,736 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
+ 2009-01-14 16:23:42 59,880 -c--a-w c:\windows\ie8\spuninst\iecustom.dll
- 2008-06-12 01:27:58 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
+ 2008-10-13 03:55:34 231,456 -c--a-w c:\windows\ie8\spuninst\spuninst.exe
- 2008-06-12 01:28:00 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2008-10-13 03:55:34 382,496 -c--a-w c:\windows\ie8\spuninst\updspapi.dll
+ 2009-01-14 16:06:46 2,048 -c----w c:\windows\ie8updates\KB961813-IE8\iecompat.dll
+ 2007-11-30 12:39:22 231,288 -c----w c:\windows\ie8updates\KB961813-IE8\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w c:\windows\ie8updates\KB961813-IE8\spuninst\updspapi.dll
- 2000-08-30 22:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 22:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2008-08-21 17:06:16 128,512 ----a-w c:\windows\system32\advpack.dll
+ 2009-01-14 16:03:12 128,512 ----a-w c:\windows\system32\advpack.dll
- 2008-08-21 17:06:30 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
+ 2009-01-14 16:03:32 72,704 -c--a-w c:\windows\system32\dllcache\admparse.dll
- 2008-08-21 17:07:08 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll
+ 2009-01-14 16:04:28 18,944 -c--a-w c:\windows\system32\dllcache\corpol.dll
- 2008-08-21 17:05:16 346,624 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-01-14 16:01:22 348,160 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-21 17:05:10 217,088 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2009-01-14 16:01:16 216,064 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-21 17:00:28 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
+ 2009-01-14 15:53:40 68,608 -c--a-w c:\windows\system32\dllcache\hmmapi.dll
- 2008-08-21 17:06:36 124,928 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2009-01-14 16:03:42 125,952 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-21 17:06:40 228,864 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2009-01-14 16:03:50 228,352 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-21 17:06:24 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2009-01-14 16:03:20 163,840 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-21 17:06:44 385,024 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-01-14 16:17:22 392,040 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-08-21 17:05:24 186,880 -c--a-w c:\windows\system32\dllcache\iepeers.dll
+ 2009-01-14 16:01:52 183,808 -c--a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-08-21 17:06:20 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2009-01-14 16:03:14 55,808 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-21 17:06:24 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
+ 2009-01-14 16:03:18 71,680 -c--a-w c:\windows\system32\dllcache\iesetup.dll
- 2008-08-21 17:06:16 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
+ 2009-01-14 16:03:14 94,720 -c--a-w c:\windows\system32\dllcache\inseng.dll
- 2008-08-21 17:06:30 552,960 -c--a-w c:\windows\system32\dllcache\jscript.dll
+ 2009-01-14 16:03:58 724,992 -c--a-w c:\windows\system32\dllcache\jscript.dll
- 2008-08-21 17:06:58 28,672 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2009-01-14 16:04:16 25,600 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2008-08-21 17:08:00 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
+ 2009-01-14 16:05:34 43,008 -c--a-w c:\windows\system32\dllcache\licmgr10.dll
- 2008-08-21 17:04:54 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
+ 2009-01-14 16:00:38 45,568 -c--a-w c:\windows\system32\dllcache\mshta.exe
- 2008-12-14 13:59:44 5,699,584 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-14 16:13:18 5,888,512 -c--a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-21 17:05:08 70,656 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2009-01-14 16:01:06 66,560 -c--a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-21 17:05:00 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
+ 2009-01-14 16:00:46 48,128 -c--a-w c:\windows\system32\dllcache\mshtmler.dll
- 2008-08-21 17:07:50 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2009-01-14 16:05:34 193,536 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-21 17:05:34 630,272 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2009-01-14 16:02:20 611,840 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-21 17:05:14 45,056 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2009-01-14 16:01:18 46,592 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-06-12 01:27:56 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
+ 2008-10-13 03:55:32 134,144 -c----w c:\windows\system32\dllcache\sqmapi.dll
- 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-08-21 17:08:22 1,206,784 -c--a-w c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-14 16:06:48 1,182,720 -c--a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-21 17:07:20 755,200 -c--a-w c:\windows\system32\dllcache\VGX.dll
+ 2009-01-14 16:04:56 755,200 -c--a-w c:\windows\system32\dllcache\VGX.dll
- 2008-08-21 17:08:06 878,592 -c--a-w c:\windows\system32\dllcache\wininet.dll
+ 2009-01-14 16:05:42 911,872 -c--a-w c:\windows\system32\dllcache\wininet.dll
- 2008-08-21 17:05:16 346,624 ----a-w c:\windows\system32\dxtmsft.dll
+ 2009-01-14 16:01:22 348,160 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-21 17:05:10 217,088 ----a-w c:\windows\system32\dxtrans.dll
+ 2009-01-14 16:01:16 216,064 ----a-w c:\windows\system32\dxtrans.dll
+ 2004-03-02 17:10:00 65,536 ----a-w c:\windows\system32\EPPicMgr.dll
+ 2004-03-02 17:10:00 26,154 ----a-w c:\windows\system32\EPPICPattern1.dat
+ 2004-03-02 17:10:00 20,148 ----a-w c:\windows\system32\EPPICPattern2.dat
+ 2004-03-02 17:10:00 24,903 ----a-w c:\windows\system32\EPPICPattern3.dat
+ 2004-03-02 17:10:00 11,811 ----a-w c:\windows\system32\EPPICPattern4.dat
+ 2004-03-02 17:10:00 21,390 ----a-w c:\windows\system32\EPPICPattern5.dat
+ 2004-03-02 17:10:00 4,943 ----a-w c:\windows\system32\EPPICPattern6.dat
+ 2004-03-02 17:10:00 101,159 ----a-w c:\windows\system32\EPPICPrinterDB.dat
+ 2004-03-02 17:10:00 114,688 ----a-w c:\windows\system32\EpPicPrt.dll
- 2008-08-21 17:05:20 61,952 ------w c:\windows\system32\icardie.dll
+ 2009-01-14 16:01:40 59,904 ------w c:\windows\system32\icardie.dll
- 2008-06-12 01:27:42 26,112 ----a-w c:\windows\system32\idndl.dll
+ 2008-10-13 03:55:22 26,112 ----a-w c:\windows\system32\idndl.dll
- 2008-08-21 17:06:24 162,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2009-01-14 16:03:28 172,544 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-21 17:06:36 124,928 ----a-w c:\windows\system32\ieakeng.dll
+ 2009-01-14 16:03:42 125,952 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-21 17:06:40 228,864 ----a-w c:\windows\system32\ieaksie.dll
+ 2009-01-14 16:03:50 228,352 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-21 17:06:24 163,840 ----a-w c:\windows\system32\ieakui.dll
+ 2009-01-14 16:03:20 163,840 ----a-w c:\windows\system32\ieakui.dll
- 2008-07-29 12:58:08 3,670,112 ------w c:\windows\system32\ieapfltr.dat
+ 2008-12-14 07:12:42 3,698,040 ------w c:\windows\system32\ieapfltr.dat
- 2008-08-21 16:42:22 443,392 ------w c:\windows\system32\ieapfltr.dll
+ 2009-01-14 15:35:10 445,440 ------w c:\windows\system32\ieapfltr.dll
- 2008-08-21 17:06:44 385,024 ----a-w c:\windows\system32\iedkcs32.dll
+ 2009-01-14 16:17:22 392,040 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-08-21 17:10:34 11,985,408 ------w c:\windows\system32\ieframe.dll
+ 2009-01-14 16:12:12 10,963,968 ------w c:\windows\system32\ieframe.dll
- 2008-08-21 17:05:24 186,880 ----a-w c:\windows\system32\iepeers.dll
+ 2009-01-14 16:01:52 183,808 ----a-w c:\windows\system32\iepeers.dll
- 2008-08-21 17:06:20 55,808 ----a-w c:\windows\system32\iernonce.dll
+ 2009-01-14 16:03:14 55,808 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-21 17:06:02 1,778,688 ------w c:\windows\system32\iertutil.dll
+ 2009-01-14 16:02:50 1,975,296 ------w c:\windows\system32\iertutil.dll
- 2008-08-21 17:06:24 36,864 ----a-w c:\windows\system32\ieudinit.exe
+ 2009-01-14 16:03:18 36,864 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-21 16:58:12 181,760 ------w c:\windows\system32\ieui.dll
+ 2009-01-14 15:50:50 164,352 ------w c:\windows\system32\ieui.dll
- 2008-08-21 17:06:16 94,720 ----a-w c:\windows\system32\inseng.dll
+ 2009-01-14 16:03:14 94,720 ----a-w c:\windows\system32\inseng.dll
- 2008-06-09 15:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-02-01 08:39:59 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 15:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-02-01 08:39:59 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-09 16:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-02-01 08:39:59 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-08-21 17:06:30 552,960 ----a-w c:\windows\system32\jscript.dll
+ 2009-01-14 16:03:58 724,992 ----a-w c:\windows\system32\jscript.dll
- 2008-08-21 17:06:58 28,672 ----a-w c:\windows\system32\jsproxy.dll
+ 2009-01-14 16:04:16 25,600 ----a-w c:\windows\system32\jsproxy.dll
+ 2009-01-09 07:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
- 2008-08-05 07:55:38 265,720 ----a-w c:\windows\system32\msdbg2.dll
+ 2008-10-10 02:42:06 265,720 ----a-w c:\windows\system32\msdbg2.dll
- 2008-08-21 17:05:48 580,608 ------w c:\windows\system32\msfeeds.dll
+ 2009-01-14 16:02:40 593,920 ------w c:\windows\system32\msfeeds.dll
- 2008-08-21 17:05:22 53,760 ------w c:\windows\system32\msfeedsbs.dll
+ 2009-01-14 16:01:40 54,272 ------w c:\windows\system32\msfeedsbs.dll
- 2008-08-21 17:05:22 13,312 ------w c:\windows\system32\msfeedssync.exe
+ 2009-01-14 16:01:42 13,312 ------w c:\windows\system32\msfeedssync.exe
- 2008-12-14 13:59:44 5,699,584 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-14 16:13:18 5,888,512 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-21 17:05:08 70,656 ----a-w c:\windows\system32\mshtmled.dll
+ 2009-01-14 16:01:06 66,560 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-21 17:07:50 193,536 ----a-w c:\windows\system32\msrating.dll
+ 2009-01-14 16:05:34 193,536 ----a-w c:\windows\system32\msrating.dll
- 2008-08-21 17:05:34 630,272 ----a-w c:\windows\system32\mstime.dll
+ 2009-01-14 16:02:20 611,840 ----a-w c:\windows\system32\mstime.dll
- 2008-06-12 01:27:44 24,576 ----a-w c:\windows\system32\nlsdl.dll
+ 2008-10-13 03:55:22 24,576 ----a-w c:\windows\system32\nlsdl.dll
- 2008-06-12 01:27:42 23,552 ----a-w c:\windows\system32\normaliz.dll
+ 2008-10-13 03:55:22 23,552 ----a-w c:\windows\system32\normaliz.dll
- 2008-08-21 17:07:50 116,224 ----a-w c:\windows\system32\occache.dll
+ 2009-01-14 16:05:34 109,056 ----a-w c:\windows\system32\occache.dll
+ 2004-03-02 17:10:00 483,328 ----a-w c:\windows\system32\PICSDK.dll
- 2008-08-21 17:05:14 45,056 ----a-w c:\windows\system32\pngfilt.dll
+ 2009-01-14 16:01:18 46,592 ----a-w c:\windows\system32\pngfilt.dll
- 2008-06-12 01:27:58 16,928 ------w c:\windows\system32\spmsg.dll
+ 2008-10-13 03:55:34 16,928 ------w c:\windows\system32\spmsg.dll
+ 2005-04-13 04:00:00 2,747 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FAIFAGP.DAT
+ 2005-05-12 01:00:02 102,400 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FAIRAGP.DLL
+ 2005-03-08 04:00:00 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FAMDAGP.EXE
+ 2005-02-02 04:00:00 110,592 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FAMTAGP.EXE
+ 2005-05-13 04:00:00 409,600 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FAPRAGP.DLL
+ 2005-01-24 04:00:00 86,016 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FARNAGP.EXE
+ 2004-02-19 03:02:00 94,208 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FASKAGP.DLL
+ 2005-05-13 04:00:00 483,328 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FASRAGP.DLL
+ 2005-04-07 04:00:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FATIAGP.EXE
+ 2004-02-18 01:10:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBAGAGP.DLL
+ 2004-11-25 05:02:02 159,744 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBAPAGP.DLL
+ 2004-03-03 04:20:00 155,648 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBINAGP.EXE
+ 2004-12-16 05:06:00 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBLPAGP.DLL
+ 2005-05-12 04:20:00 10,752 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBR0AGP.DLL
+ 2002-07-16 04:00:00 29,184 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FBSRAGP.EXE
+ 2004-06-01 04:00:00 315,392 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FCONAGP.DLL
+ 2005-04-12 05:00:00 60,928 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FDSPAGP.DLL
+ 2005-04-11 03:01:00 17,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FGRCAGP.DLL
+ 2005-05-12 01:00:00 400,896 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHBRAGP.DLL
+ 2005-04-14 04:20:00 263,680 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHM0AGP.DLL
+ 2005-05-12 01:00:00 73,216 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHSRAGP.DLL
+ 2005-05-12 04:20:00 183,808 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHT0AGP.DLL
+ 2005-06-06 08:01:04 237,568 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHUTAGP.DLL
+ 2005-06-06 08:01:04 60,928 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FHUTAGP.EXE
+ 2005-04-12 04:00:00 350,720 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FJBCAGP.DLL
+ 2005-04-12 05:00:00 74,752 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FMAIAGP.DLL
+ 2005-05-31 04:20:00 59,392 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FMW0AGP.DLL
+ 2004-01-29 04:00:00 145,408 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FPREAGP.EXE
+ 2005-02-04 04:00:00 511,488 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FPRUAGP.DLL
+ 2005-05-13 04:20:00 1,030,656 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FSR0AGP.DLL
+ 2005-06-02 05:00:00 545,280 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FUICAGP.DLL
+ 2005-03-15 03:01:00 920,576 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_FUIRAGP.DLL
+ 2004-02-19 02:03:00 65,536 ----a-w c:\windows\system32\spool\drivers\w32x86\3\E_S00RP1.EXE
+ 2003-11-12 01:02:00 81,920 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EBPSHRE4.DLL
+ 2005-02-14 01:09:00 53,248 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2004-04-21 00:00:00 5,729 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
+ 2005-02-25 06:15:00 761,856 ----a-w c:\windows\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2004-04-30 01:07:00 122,880 ----a-w c:\windows\system32\spool\drivers\w32x86\3\SAGENT4.EXE
+ 2005-04-13 04:00:00 2,747 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FAIFAGP.DAT
+ 2005-05-12 01:00:02 102,400 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FAIRAGP.DLL
+ 2005-03-08 04:00:00 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FAMDAGP.EXE
+ 2005-02-02 04:00:00 110,592 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FAMTAGP.EXE
+ 2005-05-13 04:00:00 409,600 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FAPRAGP.DLL
+ 2005-01-24 04:00:00 86,016 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FARNAGP.EXE
+ 2004-02-19 03:02:00 94,208 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FASKAGP.DLL
+ 2005-05-13 04:00:00 483,328 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FASRAGP.DLL
+ 2005-04-07 04:00:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FATIAGP.EXE
+ 2004-02-18 01:10:00 98,304 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBAGAGP.DLL
+ 2004-11-25 05:02:02 159,744 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBAPAGP.DLL
+ 2004-03-03 04:20:00 155,648 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBINAGP.EXE
+ 2004-12-16 05:06:00 192,512 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBLPAGP.DLL
+ 2005-05-12 04:20:00 10,752 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBR0AGP.DLL
+ 2002-07-16 04:00:00 29,184 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FBSRAGP.EXE
+ 2004-06-01 04:00:00 315,392 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FCONAGP.DLL
+ 2005-04-12 05:00:00 60,928 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FDSPAGP.DLL
+ 2005-04-11 03:01:00 17,408 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FGRCAGP.DLL
+ 2005-05-12 01:00:00 400,896 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHBRAGP.DLL
+ 2005-04-14 04:20:00 263,680 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHM0AGP.DLL
+ 2005-05-12 01:00:00 73,216 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHSRAGP.DLL
+ 2005-05-12 04:20:00 183,808 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHT0AGP.DLL
+ 2005-06-06 08:01:04 237,568 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHUTAGP.DLL
+ 2005-06-06 08:01:04 60,928 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FHUTAGP.EXE
+ 2005-04-12 04:00:00 350,720 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FJBCAGP.DLL
+ 2005-04-12 05:00:00 74,752 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FMAIAGP.DLL
+ 2005-05-31 04:20:00 59,392 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FMW0AGP.DLL
+ 2004-01-29 04:00:00 145,408 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FPREAGP.EXE
+ 2005-02-04 04:00:00 511,488 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FPRUAGP.DLL
+ 2005-05-13 04:20:00 1,030,656 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FSR0AGP.DLL
+ 2005-06-02 05:00:00 545,280 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FUICAGP.DLL
+ 2005-03-15 03:01:00 920,576 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_FUIRAGP.DLL
+ 2004-02-19 02:03:00 65,536 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\E_S00RP1.EXE
+ 2003-11-12 01:02:00 81,920 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\EBPSHRE4.DLL
+ 2005-02-14 01:09:00 53,248 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\EPSET32.DLL
+ 2004-04-21 00:00:00 5,729 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\EPUPDATE.DAT
+ 2005-02-25 06:15:00 761,856 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\EPUPDATE.EXE
+ 2004-04-30 01:07:00 122,880 ----a-w c:\windows\system32\spool\drivers\w32x86\epsonstylus_photo_rx6dc8\SAGENT4.EXE
+ 2004-04-21 00:00:00 5,729 ----a-w c:\windows\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2005-02-25 06:15:00 761,856 ----a-w c:\windows\system32\spool\drivers\w32x86\EPUPDATE.EXE
- 2008-06-12 01:27:58 26,144 ----a-w c:\windows\system32\spupdsvc.exe
+ 2008-10-13 03:55:34 26,144 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-08-21 17:07:58 105,984 ----a-w c:\windows\system32\url.dll
+ 2009-01-14 16:06:00 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-21 17:08:22 1,206,784 ----a-w c:\windows\system32\urlmon.dll
+ 2009-01-14 16:06:48 1,182,720 ----a-w c:\windows\system32\urlmon.dll
- 2008-07-08 23:05:10 83,432 ----a-w c:\windows\system32\vsdata.dll
+ 2008-11-13 05:18:44 107,408 ----a-w c:\windows\system32\vsdata.dll
- 2008-07-08 23:05:22 394,952 ----a-w c:\windows\system32\vsdatant.sys
+ 2008-11-13 05:19:00 353,680 ----a-w c:\windows\system32\vsdatant.sys
- 2008-07-08 23:05:10 157,160 ----a-w c:\windows\system32\vsinit.dll
+ 2008-11-13 05:18:44 216,464 ----a-w c:\windows\system32\vsinit.dll
- 2008-07-08 23:05:10 103,912 ----a-w c:\windows\system32\vsmonapi.dll
+ 2008-11-13 05:18:44 107,408 ----a-w c:\windows\system32\vsmonapi.dll
- 2008-07-08 23:05:10 275,944 ----a-w c:\windows\system32\vspubapi.dll
+ 2008-11-13 05:18:44 310,160 ----a-w c:\windows\system32\vspubapi.dll
- 2008-07-08 23:05:10 71,144 ----a-w c:\windows\system32\vsregexp.dll
+ 2008-11-13 05:18:44 58,768 ----a-w c:\windows\system32\vsregexp.dll
- 2008-07-08 23:05:12 472,552 ----a-w c:\windows\system32\vsutil.dll
+ 2008-11-13 05:18:46 475,536 ----a-w c:\windows\system32\vsutil.dll
- 2008-07-08 23:05:12 46,568 ----a-w c:\windows\system32\vswmi.dll
+ 2008-11-13 05:18:46 30,096 ----a-w c:\windows\system32\vswmi.dll
- 2008-07-08 23:05:12 99,816 ----a-w c:\windows\system32\vsxml.dll
+ 2008-11-13 05:18:46 110,480 ----a-w c:\windows\system32\vsxml.dll
- 2008-08-21 17:08:08 236,544 ----a-w c:\windows\system32\webcheck.dll
+ 2009-01-14 16:06:08 236,544 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-21 17:08:22 208,384 ------w c:\windows\system32\WinFXDocObj.exe
+ 2009-01-14 16:06:22 208,384 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-06-12 01:28:02 121,856 ----a-w c:\windows\system32\xmllite.dll
+ 2008-10-13 03:55:36 121,856 ----a-w c:\windows\system32\xmllite.dll
- 2008-07-08 23:05:12 83,432 ----a-w c:\windows\system32\zlcomm.dll
+ 2008-11-13 05:18:46 69,008 ----a-w c:\windows\system32\zlcomm.dll
- 2008-07-08 23:05:12 71,144 ----a-w c:\windows\system32\zlcommdb.dll
+ 2008-11-13 05:18:46 106,384 ----a-w c:\windows\system32\zlcommdb.dll
- 2008-07-15 19:30:01 4,212 ---h--w c:\windows\system32\zllictbl.dat
+ 2009-01-31 23:26:34 4,212 ---ha-w c:\windows\system32\zllictbl.dat
- 2008-07-08 23:05:06 99,816 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
+ 2008-11-13 05:18:40 76,176 ----a-w c:\windows\system32\ZoneLabs\camupd.dll
- 2004-01-30 02:35:08 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
+ 2008-03-17 06:52:02 813,568 ----a-w c:\windows\system32\ZoneLabs\dbghelp.dll
- 2008-07-08 23:05:08 128,480 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
+ 2008-11-13 05:18:42 98,192 ----a-w c:\windows\system32\ZoneLabs\fbl.dll
- 2008-07-08 23:05:08 38,376 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-11-13 05:18:42 38,288 ----a-w c:\windows\system32\ZoneLabs\featuremap.dll
+ 2008-11-13 05:18:42 159,120 ----a-w c:\windows\system32\ZoneLabs\httpblocker.dll
+ 2008-05-19 04:59:00 525,792 ----a-w c:\windows\system32\ZoneLabs\icslta.dll
+ 2008-11-13 05:19:02 28,048 ----a-w c:\windows\system32\ZoneLabs\lib\Alert.zip.dll
- 2008-07-08 23:05:24 288,144 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-11-13 05:19:02 322,960 ----a-w c:\windows\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-11-13 05:19:02 122,768 ----a-w c:\windows\system32\ZoneLabs\lib\DashBoard.zip.dll
- 2008-07-15 22:13:12 152,976 ----a-w c:\windows\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-11-13 05:19:02 331,664 ----a-w c:\windows\system32\ZoneLabs\lib\LicenseUI.zip.dll
+ 2008-11-13 05:19:02 10,128 ----a-w c:\windows\system32\ZoneLabs\lib\MainLoop.zip.dll
+ 2008-11-13 05:19:04 18,320 ----a-w c:\windows\system32\ZoneLabs\lib\NavBar.zip.dll
+ 2008-11-13 05:19:04 110,992 ----a-w c:\windows\system32\ZoneLabs\lib\Overview.zip.dll
+ 2008-11-13 05:19:04 238,992 ----a-w c:\windows\system32\ZoneLabs\lib\Sandbox.zip.dll
+ 2008-11-13 05:19:04 156,048 ----a-w c:\windows\system32\ZoneLabs\lib\TrayTest.zip.dll
+ 2008-11-13 05:19:04 19,856 ----a-w c:\windows\system32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2008-11-13 05:19:04 43,920 ----a-w c:\windows\system32\ZoneLabs\lib\ZAlert.zip.dll
+ 2008-11-13 05:19:04 19,344 ----a-w c:\windows\system32\ZoneLabs\lib\zic.zip.dll
+ 2008-11-13 05:19:04 13,712 ----a-w c:\windows\system32\ZoneLabs\lib\zmenu.zip.dll
+ 2008-11-13 05:19:04 24,464 ----a-w c:\windows\system32\ZoneLabs\lib\zp4pc.zip.dll
+ 2008-11-13 05:19:04 30,608 ----a-w c:\windows\system32\ZoneLabs\lib\zpdp.zip.dll
- 2008-07-08 23:05:24 1,361,296 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-11-13 05:19:04 1,536,400 ----a-w c:\windows\system32\ZoneLabs\lib\zpy.zip.dll
+ 2008-11-13 05:19:04 18,832 ----a-w c:\windows\system32\ZoneLabs\lib\zsys.zip.dll
+ 2008-11-13 05:19:04 70,032 ----a-w c:\windows\system32\ZoneLabs\lib\ztv.zip.dll
- 2008-07-08 23:05:24 71,056 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-11-13 05:19:04 114,064 ----a-w c:\windows\system32\ZoneLabs\lib\zui.zip.dll
+ 2008-11-13 05:19:06 59,792 ----a-w c:\windows\system32\ZoneLabs\lib\zvpn.zip.dll
- 2008-02-26 17:10:26 714,208 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
+ 2008-04-20 21:19:42 718,272 ----a-w c:\windows\system32\ZoneLabs\qrbase.dll
- 2008-02-26 17:10:28 792,032 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
+ 2008-04-20 21:19:44 792,000 ----a-w c:\windows\system32\ZoneLabs\qrsrecl.dll
- 2008-07-08 23:05:08 173,544 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
+ 2008-11-13 05:18:42 132,496 ----a-w c:\windows\system32\ZoneLabs\scheduler.dll
- 2008-01-20 22:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
+ 2008-04-20 21:19:46 8,790,493 ----a-w c:\windows\system32\ZoneLabs\spyware.dat
- 2008-02-26 17:10:32 1,504,736 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
+ 2008-04-20 21:19:52 1,516,992 ----a-w c:\windows\system32\ZoneLabs\srescan.dll
- 2008-02-26 17:10:44 51,176 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
+ 2008-04-20 21:19:58 51,648 ----a-w c:\windows\system32\ZoneLabs\srescan.sys
- 2008-07-08 23:05:10 456,168 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
+ 2008-11-13 05:18:44 443,280 ----a-w c:\windows\system32\ZoneLabs\ssleay32.dll
- 2007-10-11 06:50:32 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
+ 2007-10-11 06:51:34 832,984 ----a-w c:\windows\system32\ZoneLabs\updating.dll
- 2008-07-08 23:05:18 144,936 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
+ 2008-11-13 05:18:54 176,016 ----a-w c:\windows\system32\ZoneLabs\updclient.exe
- 2008-07-08 23:05:10 83,432 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
+ 2008-11-13 05:18:44 106,896 ----a-w c:\windows\system32\ZoneLabs\vsdb.dll
- 2008-07-08 23:05:18 75,304 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
+ 2008-11-13 05:18:56 2,405,776 ----a-w c:\windows\system32\ZoneLabs\vsmon.exe
- 2008-07-08 23:05:12 1,361,384 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
+ 2008-11-13 05:18:46 1,655,184 ----a-w c:\windows\system32\ZoneLabs\vsruledb.dll
- 2008-07-08 23:05:12 239,080 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
+ 2008-11-13 05:18:46 172,432 ----a-w c:\windows\system32\ZoneLabs\vsvault.dll
- 2008-01-20 22:34:36 7,603,688 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
+ 2008-04-20 21:19:46 8,790,493 ----a-w c:\windows\system32\ZoneLabs\zlasdbup.dat
- 2008-07-08 23:05:12 177,640 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
+ 2008-11-13 05:18:46 178,576 ----a-w c:\windows\system32\ZoneLabs\zlparser.dll
- 2008-07-08 23:05:12 79,344 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
+ 2008-11-13 05:18:48 98,192 ----a-w c:\windows\system32\ZoneLabs\zlquarantine.dll
- 2008-07-08 23:05:14 382,440 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
+ 2008-11-13 05:18:48 311,696 ----a-w c:\windows\system32\ZoneLabs\zlsre.dll
- 2008-07-08 23:05:14 120,296 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2008-11-13 05:18:48 110,480 ----a-w c:\windows\system32\ZoneLabs\zlupdate.dll
+ 2009-02-05 10:47:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_270.dat
+ 2004-07-02 06:02:56 409,600 ----a-w c:\windows\twain_32\escndv\encm.dll
+ 2004-07-02 06:02:56 180,224 ----a-w c:\windows\twain_32\escndv\encmutil.dll
+ 2004-07-02 06:02:56 184,320 ----a-w c:\windows\twain_32\escndv\enll.dll
+ 2004-07-02 06:02:56 167,936 ----a-w c:\windows\twain_32\escndv\enludp.dll
+ 2004-07-02 06:02:56 409,600 ----a-w c:\windows\twain_32\escndv\es005d\encm.dll
+ 2004-07-02 06:02:56 180,224 ----a-w c:\windows\twain_32\escndv\es005d\encmutil.dll
+ 2004-07-02 06:02:56 184,320 ----a-w c:\windows\twain_32\escndv\es005d\enll.dll
+ 2004-07-02 06:02:56 167,936 ----a-w c:\windows\twain_32\escndv\es005d\enludp.dll
+ 2005-03-29 14:00:00 180,224 ----a-w c:\windows\twain_32\escndv\es005d\esdevcl.dll
+ 2005-05-11 14:00:00 131,072 ----a-w c:\windows\twain_32\escndv\es005d\esdevif.dll
+ 2005-02-21 14:00:00 49,152 ----a-w c:\windows\twain_32\escndv\es005d\esdscl.dll
+ 2005-05-30 14:00:00 323,584 ----a-w c:\windows\twain_32\escndv\es005d\esdtr.dll
+ 2005-01-19 14:00:00 143,360 ----a-w c:\windows\twain_32\escndv\es005d\esfit.dll
+ 2000-10-10 14:00:00 53,248 ----a-w c:\windows\twain_32\escndv\es005d\esicm.dll
+ 2005-03-08 14:00:00 278,528 ----a-w c:\windows\twain_32\escndv\es005d\esimfl.dll
+ 2005-02-21 14:00:00 208,896 ----a-w c:\windows\twain_32\escndv\es005d\esimgctl.dll
+ 2005-02-21 14:00:00 294,976 ----a-w c:\windows\twain_32\escndv\es005d\esmps.dll
+ 2005-02-21 14:00:00 561,235 ----a-w c:\windows\twain_32\escndv\es005d\esmpsres.dll
+ 2005-04-24 14:00:00 126,976 ----a-w c:\windows\twain_32\escndv\es005d\esnetbg.dll
+ 2005-03-06 14:00:00 2,371,584 ----a-w c:\windows\twain_32\escndv\es005d\esres.dll
+ 2005-05-11 14:00:00 294,912 ----a-w c:\windows\twain_32\escndv\es005d\esscncl.dll
+ 2005-02-21 14:00:00 40,960 ----a-w c:\windows\twain_32\escndv\es005d\estwm.exe
+ 2005-02-21 14:00:00 229,376 ----a-w c:\windows\twain_32\escndv\es005d\estwpmg.dll
+ 2005-05-11 14:00:00 634,880 ----a-w c:\windows\twain_32\escndv\es005d\esui.dll
+ 2005-02-21 14:00:00 118,784 ----a-w c:\windows\twain_32\escndv\es005d\esutwb.dll
+ 2005-02-21 14:00:00 69,632 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epbmp.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epbmpres.dll
+ 2005-02-21 14:00:00 94,208 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epipd.dll
+ 2005-02-21 14:00:00 147,456 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epjpg.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epjpgres.dll
+ 2005-02-21 14:00:00 90,112 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epmtf.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\epmtfres.dll
+ 2005-02-21 14:00:00 94,208 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppdf.dll
+ 2005-02-21 14:00:00 49,152 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppdfres.dll
+ 2005-02-21 14:00:00 86,016 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppij.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppijres.dll
+ 2005-02-21 14:00:00 81,920 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppit.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eppitres.dll
+ 2005-02-21 14:00:00 90,112 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eptif.dll
+ 2005-02-21 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\eptifres.dll
+ 2004-07-08 16:50:00 143,360 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\esexf.dll
+ 2004-06-28 16:50:00 98,304 ----a-w c:\windows\twain_32\escndv\es005d\ffmt\espimtif.dll
+ 2002-08-13 07:19:14 110,592 ----a-w c:\windows\twain_32\escndv\es005d\pfudsrv.dll
+ 2004-11-28 14:00:00 159,744 ----a-w c:\windows\twain_32\escndv\escfg.exe
+ 2005-03-03 14:00:00 77,824 ----a-w c:\windows\twain_32\escndv\escfgres.dll
+ 2005-02-21 14:00:00 114,688 ----a-w c:\windows\twain_32\escndv\escndv.exe
+ 2005-03-03 14:00:00 45,056 ----a-w c:\windows\twain_32\escndv\escndvrs.dll
+ 2005-04-24 14:00:00 126,976 ----a-w c:\windows\twain_32\escndv\esnetbg.dll
+ 2005-02-21 14:00:00 40,960 ----a-w c:\windows\twain_32\escndv\estwm.exe
+ 2007-11-06 10:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-06 15:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 15:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-07 638976]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-21 135168]
"EzButton"="c:\program files\EzButton\EzButton.EXE" [2004-05-14 712704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-16 53248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-04 1089589]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-09-27 184320]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-06-21 579584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EPSON Stylus Photo RX530 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE" [2005-04-07 98304]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"CPM931b8bdc"="c:\windows\system32\sepajimo.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-01-26 219136]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-24 443968]

c:\documents and settings\David\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-05-23 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a--c--- 2004-08-04 17:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra--c--- 2003-07-08 00:29 729088 c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a--c--- 2003-05-09 02:00 49152 c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
--a--c--- 2002-02-05 12:32 53248 c:\program files\REGSHAVE\Regshave.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-02-21 08:00 88363 c:\windows\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-01-23 15:44 101136 c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Maxtor\\OneTouch Status\\MaxMenuMgr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [2004-05-07 4816]
S3 cpuz130;cpuz130;\??\c:\docume~1\David\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\David\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd5bf73-c89e-11dd-ae5d-00023fd8c2ea}]
\Shell\AutoRun\command - f:\truecrypt\TrueCrypt.exe /q background /e /m rm /v "Personal\SportLongPass.gif"
\Shell\dismount\command - f:\truecrypt\TrueCrypt.exe /q /d
\Shell\start\command - f:\truecrypt\TrueCrypt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3301334166-1530195133-156066665-1006.job
- c:\documents and settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 05:02]

2004-10-21 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-08-04 17:56]

2009-02-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-20 07:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: {0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA} = 10.1.1.1,4.2.2.3
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\xbcj4yku.Default User\
FF - component: c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\xbcj4yku.Default User\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\David\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 21:38:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3301334166-1530195133-156066665-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-02-05 21:41:59
ComboFix-quarantined-files.txt 2009-02-05 11:41:15
ComboFix2.txt 2009-01-08 14:48:39

Pre-Run: 20,910,571,520 bytes free
Post-Run: 20,955,512,832 bytes free

650 --- E O F --- 2009-01-28 14:44:34

AND

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:04 PM, on 5/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CPM931b8bdc] Rundll32.exe "c:\windows\system32\sepajimo.dll",a
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.knmservices.com.au/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9572 bytes

ken545

2009-02-05, 14:29

Hi,

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPM931b8bdc"=-

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg

You need to enable windows to SHOW ALL FILES AND FOLDERS
Instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

c:\windows\system32\sepajimo.dll <-- Delete this if its still present

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a New Hijackthis log.

How are things running now???

PumpyChowdown

2009-02-05, 16:29

c:\windows\system32\sepajimo.dll <-- Delete this if its still present

Wasn't too sure how you wanted me to delete this, so I did a HJT and removed from there. Seemed to go okay.

Ran Malwarebytes and it didn't detect anything malicious, so it didn't prompt me to delete anything. Log below.

Malwarebytes' Anti-Malware 1.33
Database version: 1731
Windows 5.1.2600 Service Pack 2

6/02/2009 12:21:11 AM
mbam-log-2009-02-06 (00-21-11).txt

Scan type: Quick Scan
Objects scanned: 56588
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:33 AM, on 6/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX530 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE /P31 "EPSON Stylus Photo RX530 Series" /O6 "USB002" /M "Stylus Photo RX530"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by23fd.bay23.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://remote.knmservices.com.au/Remote/msrdp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS1\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O17 - HKLM\System\CS2\Services\Tcpip\..\{0794A9CF-EB5F-4698-B49C-15C5D3FAD9EA}: NameServer = 10.1.1.1,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = hq.viewit.ca
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9614 bytes

I'm yet to restart it, but I will after posting and see how things go. Will update post if anything weird goes on. Thanks so much for your help so far. :bigthumb:

PumpyChowdown

2009-02-05, 16:44

Yep, all restarted fine. I was having some error messages come up and really weird start up previously. All seems to be good now.

I can't thank you enough mate. You're a star!

ken545

2009-02-05, 19:29

c:\windows\system32\sepajimo.dll <-- We need to make sure this is gone, fixing the entry with HJT just removes the Registry entry, not the file itself.

Follow my previous instructions for Showing Hidden Files and Folders
Click on My Computer >C: > windows > System32 and look for the file, it will be alphabetical, if its still there, right click on it and select delete.

No need to post another log but let me know if the file is gone

PumpyChowdown

2009-02-05, 22:15

Hi again Ken545,

Checked through C Drive>Windows>System 32 and that entry is nowhere to be found. Computer is running very well.

Thanks again mate.

ken545

2009-02-06, 00:48

Great :bigthumb:

You need to update your Java, the older versions of Java leave holes in your system for this garbage to sneak in. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 6 Update 11 or 12, if not proceed with the instructions.

Download the latest version Here (http://java.sun.com/javase/downloads/index.jsp) save it, do not install it yet.

JRE 6 Update 12 <--This is what you need

Go to your Add Remove Programs in the Control Panel and uninstall any previous versions of Java
Reboot your computer
Install the latest version

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)

ATF Cleaner <-- Yours to keep, run it now and then to clean out the clutter.

Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.

Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png

When shown the disclaimer, Select "2"

The above procedure will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Safe Surfn
Ken

PumpyChowdown

2009-02-06, 10:39

Done.

Once again. A million thank you's. If you weren't on the other side of the planet, I'd offer to buy you a beer! :bigthumb::angel:

ken545

2009-02-06, 13:16

Your very welcome, glad all is well. :bigthumb:

Ken :)

ken545

2009-02-09, 12:49

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.