Spyware and Trojan Viruses That I Cannot Eliminate

**bloom9** · 2007-10-06, 17:27

A couple of days ago, my computer was suddenly infested with a half dozen pieces of spyware and who knows what else. Took the follow steps:
- Uninstalled the spyware programs that had uninstall programs (I think there were four of them).
- Ran Adaware, Spybot, VundoFix, ComboFix and PC-Cillin 2007. Managed to get rid of most of the infections (also tried Windows Defender, which found nothing).
- Ran PREVX CSI Free scan found a few more files, of which I managed to manually delete most of them in Safe Mode.
- Deleted winshow.exe which several sites insisted was a problem (though none of the spyware programs agreed). The program was in three folders, two of which it shouldn't have been, so it was suspicious enough for me.
- Installed the MVP Hosts file.

I still have problems:
- PC-Cillin periodically informs me that it found a virus (usually named "valera" or "pzd") that it cannot quarantine or delete. However, full system scans find nothing.
- I'm still getting occasional pop-ups in Internet Explorer - if I am not using the browser, Internet Explorer will start up itself to show me pogo.com. It is not as bad as it was as originally I was getting constant pop-ups.
- Somehow the hosts file has reverted back to its original state (just the "localhost" entry).

So, anyway, I still have something (or somethings) and I am at a loss on how to get rid of it.

Here is the HJT log. The Kaspersky log is in the next post, as both logs will not fit in a single post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:36 AM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vantbycv.dll",sitypnow
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147627438890
O16 - DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} (CCheckCtrl Object) - http://mediadownloads.walmart.com/mm...martcheck2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B64F8FFA-9FB9-4721-A515-184F780CE1E4}: NameServer = 64.8.192.8,64.8.192.9
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9319 bytes

**bloom9** · 2007-10-06, 17:29

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 06, 2007 9:49:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 6/10/2007
Kaspersky Anti-Virus database records: 428122
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 239831
Number of viruses found: 13
Number of infected objects: 32
Number of suspicious objects: 0
Duration of the scan process: 02:56:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10052007-203347.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{7817813D-0658-4834-8CF6-36DDE101898D} Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\k11u72.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\Documents and Settings\Owner\Local Settings\Temp\k11u72.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FPVODIHQ\valera[1] Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\OldComputer\DriveC\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\365D082C Infected: Trojan-Downloader.Win32.Swizzor.a skipped
C:\OldComputer\DriveC\WINDOWS\SYSTEM\DC Girls-uninstall.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\OldComputer\DriveC\WINDOWS\SYSTEM\Direct Connect-uninstall.exe Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000021.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\OpenCase\OpenCASE Media Agent\logs\csm.log Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\Program Files\Messenger\ryzycy4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Messenger\ryzycy83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\eojyoids.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\TTC-4444.exe.vir NSIS: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP2\A0000074.dll Infected: Trojan-Downloader.Win32.Agent.dpq skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP4\change.log Object is locked skipped
C:\Temp\regit.exe/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Temp\regit.exe/data0003/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Temp\regit.exe/data0003 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Temp\regit.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\Temp\regit.exe/data0005 Infected: Email-Worm.Win32.Zhelatin.kb skipped
C:\Temp\regit.exe/data0006/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\Temp\regit.exe/data0006/stream Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\Temp\regit.exe/data0006 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\Temp\regit.exe NSIS: infected - 8 skipped
C:\VundoFix Backups\eojyoids.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.wm skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\abc2\aisven2.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\abc2\aisven2.exe/stream Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\WINDOWS\system32\abc2\aisven2.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd8973.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\rev1\gbb83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\rev1\gbb83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\ss9\rw1000dr.exe Infected: Email-Worm.Win32.Zhelatin.kb skipped
C:\WINDOWS\system32\vMW10a\vMW10a1099.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_332.lck Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

**Shaba** · 2007-10-11, 08:27

Hi bloom9

Rename HijackThis.exe to bloom.exe and post back a fresh HijackThis log

Post also combofix report as you seem to have run it already.

**bloom9** · 2007-10-12, 01:49

As you requested, I renamed the file and ran the scan.
---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:53 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\bloom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Link...www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4FB50E93-6A63-4F5E-BF85-28931BF4CBF1} - C:\WINDOWS\system32\jkhhg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\qlunafgq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147627438890
O16 - DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} (CCheckCtrl Object) - http://mediadownloads.walmart.com/mm...martcheck2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B64F8FFA-9FB9-4721-A515-184F780CE1E4}: NameServer = 64.8.192.8,64.8.192.9
O20 - Winlogon Notify: iifdbaw - iifdbaw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\taqjcqke.exe (file missing)
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10333 bytes

**bloom9** · 2007-10-12, 01:52

Note that I ran this a week ago.

---

ComboFix 07-10-04.5 - Owner 2007-10-04 19:27:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.370 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\Spyware\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\My Documents\ASKS~1
C:\Program Files\Messenger\ryzycy4444.dll
C:\Program Files\Messenger\ryzycy83122.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\eojyoids.dll
C:\WINDOWS\system32\z12
C:\WINDOWS\TTC-4444.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-04 19:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-10-04 18:55 <DIR> d-------- C:\DOCUME~1\Administrator\WINDOWS
2007-10-03 22:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-10-03 22:18 1,338,027 ---hs---- C:\WINDOWS\system32\ghhkj.bak1
2007-10-03 22:01 <DIR> d-------- C:\VundoFix Backups
2007-10-03 07:32 307,808 --------- C:\WINDOWS\system32\jkhhg.dll
2007-10-03 07:27 707,538 --a------ C:\Temp\regit.exe
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\ss9
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\rev1
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\ep1
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\abc2
2007-10-03 07:27 <DIR> d-------- C:\Temp\xOe
2007-10-03 07:26 36,352 --a------ C:\WINDOWS\system32\iifdbaw.dll
2007-10-03 07:26 35,328 --a------ C:\WINDOWS\winshow.exe
2007-09-13 20:32 <DIR> d-------- C:\DOCUME~1\Owner\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 09:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-03 09:00 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-03 09:00 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-29 10:38 --------- d-------- C:\Program Files\Paint Shop Pro 5
2007-09-13 20:31 --------- d-------- C:\Program Files\MSN Messenger
2007-09-02 20:36 --------- d-------- C:\Program Files\MSXML 6.0
2007-09-02 20:35 --------- d-------- C:\Program Files\MSBuild
2007-09-02 20:31 --------- d-------- C:\Program Files\Reference Assemblies
2007-09-02 17:27 --------- d-------- C:\Program Files\Trend Micro
2007-09-02 17:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-02 16:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-02 16:47 --------- d-------- C:\Program Files\Bonjour
2007-09-02 16:41 --------- d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-09-02 16:41 --------- d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-09-02 16:41 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-08-16 22:12 --------- d-------- C:\Program Files\AER
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2004-06-16 20:06 457 --a--c--- C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{392D5CAD-F4C5-4C1C-B5A3-9AE26B16BF96}]
2007-10-03 07:32 307808 --------- C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 22:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-18 10:53]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 11:52 C:\WINDOWS\ltmsg.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2003-08-07 12:39]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [2006-09-07 08:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbaw]
iifdbaw.dll 2007-10-03 07:26 36352 C:\WINDOWS\system32\iifdbaw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg.dll
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Wal-Mart Video Download Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Wal-Mart Video Download Manager.lnk
backup=C:\WINDOWS\pss\Wal-Mart Video Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DF-FB-B9-92-ZN}]
C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
R2 tmxpflt;tmxpflt;C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 19:38:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ghhkj.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2007-10-04 19:48:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 19:47
.
--- E O F ---

**Shaba** · 2007-10-12, 10:16

Hi

Delete that copy of combofix, it's old one.

After that:

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report

**bloom9** · 2007-10-12, 15:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:56 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\bloom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\tbu119\toolbaru.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147627438890
O16 - DPF: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C} (CCheckCtrl Object) - http://mediadownloads.walmart.com/mm...martcheck2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B64F8FFA-9FB9-4721-A515-184F780CE1E4}: NameServer = 64.8.192.8,64.8.192.9
O20 - Winlogon Notify: iifdbaw - iifdbaw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10115 bytes

**bloom9** · 2007-10-12, 15:59

ComboFix 07-10-12.4 - Owner 2007-10-12 9:10:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.348 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\Spyware\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ghhkj.bak1
C:\WINDOWS\system32\ghhkj.bak2
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\gmgxiiev.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\madvobkv.dll
C:\WINDOWS\system32\qlunafgq.dll
C:\WINDOWS\system32\rev1
C:\WINDOWS\system32\rev1\gbb83122.exe
C:\WINDOWS\system32\ss9
C:\WINDOWS\system32\ss9\rw1000dr.exe
C:\WINDOWS\system32\veiixgmg.ini
C:\WINDOWS\system32\vkbovdam.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-09 20:08 582,656 --a--c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 23:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-05 23:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-10-05 20:33 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-04 19:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-10-04 18:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-10-04 18:55 <DIR> d-------- C:\DOCUME~1\Administrator\WINDOWS
2007-10-03 22:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-10-03 22:01 <DIR> d-------- C:\VundoFix Backups
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\ep1
2007-10-03 07:27 <DIR> d-------- C:\WINDOWS\system32\abc2
2007-10-03 07:27 <DIR> d-------- C:\Temp\xOe
2007-10-03 07:27 707,538 --a------ C:\Temp\regit.exe
2007-09-13 20:32 <DIR> d-------- C:\DOCUME~1\Owner\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-07 22:16 --------- d-----w C:\Program Files\Paint Shop Pro 5
2007-10-06 14:41 --------- d-----w C:\Program Files\Trend Micro
2007-10-06 01:14 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-03 13:00 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-10-03 13:00 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-09-14 00:31 --------- d-----w C:\Program Files\MSN Messenger
2007-09-03 00:36 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 00:35 --------- d-----w C:\Program Files\MSBuild
2007-09-03 00:31 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-02 21:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-09-02 20:47 --------- d-----w C:\Program Files\Bonjour
2007-09-02 20:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2007-09-02 20:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2007-09-02 20:41 --------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Symantec
2007-08-17 02:12 --------- d-----w C:\Program Files\AER
2004-06-17 00:06 457 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-10-04_19.42.27.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-04 07:56:44 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-03-09 11:28:00 248,320 -c----w C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2006-10-17 17:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2006-10-17 17:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-07-19 06:59:59 3,583,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-06-27 14:34:58 1,152,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-06-27 14:34:59 823,808 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe

**bloom9** · 2007-10-12, 16:00

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-27 14:34:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-20 10:04:34 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-10-17 17:57:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-27 14:34:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-06-27 14:34:51 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-06-27 07:00:33 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-20 10:04:38 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-17 10:21:21 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-27 14:34:56 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-27 14:34:57 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-20 10:04:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-27 14:34:58 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-20 10:04:42 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-20 10:04:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-27 14:34:58 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-20 10:04:42 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-06-27 14:34:59 823,808 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-20 10:04:43 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-10-04 23:34:32 640,176 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
+ 2007-10-12 13:45:54 640,176 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
- 2007-10-04 23:34:44 640,176 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
+ 2007-10-12 13:47:00 640,176 ----a-w C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
- 2006-10-17 17:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-27 14:34:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-17 17:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-06-27 14:34:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-06-27 14:34:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-27 14:34:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-06-27 14:34:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-27 14:34:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 15:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-09-07 15:29:00 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-09-07 15:29:00 946,176 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-27 14:34:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-06-27 14:34:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-27 14:34:57 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-27 14:34:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-27 14:34:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-27 14:34:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-07-22 22:39:27 844,800 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-10-05 14:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-06-27 14:34:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-27 14:34:58 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-27 14:34:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-06-27 14:34:59 823,808 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 22:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-18 10:53]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 14:47 C:\WINDOWS\ALCXMNTR.EXE]
"LTMSG"="LTMSG.exe" [2003-07-14 11:52 C:\WINDOWS\ltmsg.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50]
"nwiz"="nwiz.exe" [2004-10-29 17:50 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:31]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 06:58]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2003-08-07 12:39]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [2006-09-07 08:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-07 06:26:28]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdbaw]
iifdbaw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhg.dll
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Wal-Mart Video Download Manager.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Wal-Mart Video Download Manager.lnk
backup=C:\WINDOWS\pss\Wal-Mart Video Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acme.PCHButton]
C:\PROGRA~1\HPINST~1\Pavilion\XPHNABP4EN\plugin\bin\pchbutton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atari Launcher 2]
C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Atari icon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
"C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTKit]
C:\hp\bin\AUTOTKIT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"C:\Windows\Creator\Remind_XP.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DF-FB-B9-92-ZN}]
C:\DOCUME~1\Owner\LOCALS~1\Temp\thinksnet.exe CHD003

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys
R2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe"
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys
S3 mqdmbus;Motorola DM Composite Driver (WDM);C:\WINDOWS\system32\DRIVERS\mqdmbus.sys
S3 mqdmmdfl;Motorola USB Modem (Filter);C:\WINDOWS\system32\DRIVERS\mqdmmdfl.sys
S3 mqdmmdm;Motorola USB Modem;C:\WINDOWS\system32\DRIVERS\mqdmmdm.sys
S3 mqdmserd;Motorola USB Diag;C:\WINDOWS\system32\DRIVERS\mqdmserd.sys
S3 WmFilter;Logitech WingMan HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

**bloom9** · 2007-10-12, 16:01

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 09:49:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 9:51:36 - machine was rebooted
.
--- E O F ---

Thread: Spyware and Trojan Viruses That I Cannot Eliminate

Thread Tools

Display

Spyware and Trojan Viruses That I Cannot Eliminate

The Kaspersky Log

"Bloom" Hijack Log

ComboFix Log

New HijackThis Log

New ComboFix Log (I Ran This BEFORE the HijackThis) - Part 1

ComboFix Log - Part 2

ComboFix Log - Part 3

Posting Permissions