Can you guys/gals help? Had Smitfraud, is it still there?

[rcbroncos]

Hi Guys/Gals,

Can you help me out here. Awhile back (about 6 months ago) I got the Smitfraud trojan. I detected it through Spybot (1.5.2) and tried things until PC Doctor seemed to get rid of it. It still doesn't show up when I run Spybot, but some other things are noticable (like my antivirus "locks up" on the file "xpsp3res.dll" every time and the overall system is much slower than usual). My fear is that there is some other remnant of Smitfraud that is not being detected.

Can you guide me through how to analyze this? Thanks!

Ron

[__RiP_ChAiN_]

Hello rcbroncos,

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[rcbroncos]

Gang,

Thanks for you reply. As directed, I've copied the results of HiJackThis to this message below.

Ron

=========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:25 PM, on 9/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Matrox X.tools\DSOutputEnabler.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4FCB2794-DAC4-4A04-9F78-2702CDE44BC8} - (no file)
O2 - BHO: (no name) - {51B9EC5D-2C1A-42BC-AC44-DF4509ACFDB6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {E5738F13-507D-4947-B0A5-E2FDEC4A945B} - (no file)
O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [DSOutputEnabler] "C:\Program Files\Matrox X.tools\DSOutputEnabler.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-21-3675345140-572454927-963639892-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3675345140-572454927-963639892-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-3675345140-572454927-963639892-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-3675345140-572454927-963639892-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-do...ard3.0.4.3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: cbXNEXRi - C:\WINDOWS\
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DigiCtrl - Matrox Electronic Systems - C:\Program Files\Matrox X.tools\System\digisc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 12734 bytes

[__RiP_ChAiN_]

Hello rcbroncos,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[rcbroncos]

Thanks, so much for your help and guidance!

Below is the results of the Malwarebytes log file.

Did this get rid of everything?

Ron

=====================================================
Malwarebytes' Anti-Malware 1.28
Database version: 1152
Windows 5.1.2600 Service Pack 2

9/14/2008 6:39:57 PM
mbam-log-2008-09-14 (18-39-57).txt

Scan type: Quick Scan
Objects scanned: 56178
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\winzip81.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
===================================================

[__RiP_ChAiN_]

Hello rcbroncos,

We will continue the process with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

[rcbroncos]

Rip Chain,

Thanks, again for your help. Below are the log files from "Combofix" and a rerun of HijackThis...

=========================================================
(Combofix log)

ComboFix 08-09-15.02 - Ron Chandler 2008-09-15 21:20:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.584 [GMT -6:00]
Running from: C:\Documents and Settings\Ron Chandler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ron Chandler\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\aJSvCccf.ini
C:\WINDOWS\SYSTEM32\aJSvCccf.ini2
C:\WINDOWS\SYSTEM32\BIPVvyay.ini
C:\WINDOWS\SYSTEM32\BIPVvyay.ini2
C:\WINDOWS\system32\mprrlxnb.ini
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-08-16 to 2008-09-16 )))))))))))))))))))))))))))))))
.

2008-09-15 20:16 . 2008-09-15 20:16 59,477,232 --a------ C:\WINDOWS\SYSTEM32\SNAGIT7
2008-09-14 16:11 . 2008-09-14 16:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 16:11 . 2008-09-14 16:11 <DIR> d-------- C:\Documents and Settings\Ron Chandler\Application Data\Malwarebytes
2008-09-14 16:11 . 2008-09-14 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 16:11 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-14 16:11 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-13 15:54 . 2008-09-13 15:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 20:21 . 2008-09-09 20:35 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-09 20:21 . 2008-09-09 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-09-06 20:26 . 2008-09-07 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-30 11:44 . 2008-08-30 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-30 11:43 . 2008-08-30 11:36 160,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys
2008-08-30 11:36 . 2008-08-30 11:41 <DIR> d-------- C:\Program Files\Common Files\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 03:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 01:17 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-12 00:26 --------- d-----w C:\Program Files\MalwareRemovalBot
2008-09-12 00:26 --------- d-----w C:\Documents and Settings\Ron Chandler\Application Data\MalwareRemovalBot
2008-09-10 04:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-06 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 18:28 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-30 18:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-30 18:28 --------- d-----w C:\Documents and Settings\Ron Chandler\Application Data\Symantec
2008-08-30 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-30 17:59 --------- d-----w C:\Documents and Settings\Nancy Chandler\Application Data\Symantec
2008-08-30 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 06:29 --------- d-----w C:\Program Files\LogMeIn
2007-09-03 02:50 82,224 ------w C:\Documents and Settings\Ron Chandler\Application Data\GDIPFONTCACHEV1.DAT
2004-03-26 22:17 700 ---h--w C:\Documents and Settings\Ron Chandler\hpothb07.dat
2003-08-27 20:19 36,963 ------r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2002-05-02 98304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"MalwareRemovalBot"="C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe" [2008-06-26 19162360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG -off" [X]
"DSOutputEnabler"="C:\Program Files\Matrox X.tools\DSOutputEnabler.exe" [2003-10-22 61549]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-04-28 146432]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 94208]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 28672]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2001-09-05 163840]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-02 98304]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [2002-06-07 262144]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 2483496]
"ATIPTA"="atiptaxx.exe" [2002-06-21 Panel\atiptaxx.exe]
"CTHelper"="CTHELPER.EXE" [2003-06-19 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="CTASIO.DLL" [2003-06-19 C:\WINDOWS\SYSTEM32\CTASIO.DLL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\SYSTEM32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264]

C:\Documents and Settings\Ron Chandler\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2003-07-13 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-03 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-01-29 3325952]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"aux1"= ctwdm32.dll
"VIDC.PIM2"= RALCodec.dll
"vidc.dvsd"= digivcap.dll
"MSVIDEO"= MtxVidCap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--------- 2003-06-12 08:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--------- 2002-12-03 17:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 CINEMSUP;Cinemsup;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2002-07-19 6656]
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-01-29 5543]
R1 pctfw2;pctfw2;C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys [2008-08-30 160792]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 28672]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 21233]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R3 dgcodec;dgcodec;C:\WINDOWS\system32\Drivers\dgcodec.sys [2003-10-22 3239335]
R3 dgvideo;dgvideo;C:\WINDOWS\system32\Drivers\dgvideo.sys [2003-10-22 1246503]
R3 digim2ba;digim2ba;C:\WINDOWS\system32\Drivers\digim2ba.sys [2003-10-22 7908]
R3 DigiPnp;DigiPnp;C:\WINDOWS\system32\Drivers\DigiPnp.sys [2003-10-22 7266]
R3 digisclk;digisclk;C:\WINDOWS\system32\Drivers\digisclk.sys [2003-10-22 9348]
R3 digismem;digismem;C:\WINDOWS\system32\Drivers\digismem.sys [2003-10-22 28868]
R3 digisnif;digisnif;C:\WINDOWS\system32\Drivers\digisnif.sys [2003-10-22 74244]
R3 flex3dio;flex3dio;C:\WINDOWS\system32\Drivers\flex3dio.sys [2003-10-22 72644]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942]
R3 mvkG550rt;mvkG550rt;C:\WINDOWS\system32\DRIVERS\mvkG550rt.sys [2003-10-22 2989319]
R3 MvkMiniVFX;mvkMiniVFX;C:\WINDOWS\system32\Drivers\MvkMiniVFX.sys [2003-10-22 35147]
R3 mvkRTXio;mvkRTXio;C:\WINDOWS\system32\DRIVERS\mvkRtXIo.sys [2003-10-22 64359]
R3 mvkVideoBus;mvkVideoBus;C:\WINDOWS\system32\DRIVERS\mvkMinicuda.sys [2003-10-22 48973]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [ ]
S3 RioDrv;Rio600 driver;C:\WINDOWS\system32\Drivers\RioDrv.sys [2001-08-18 12032]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 15576]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{4FCB2794-DAC4-4A04-9F78-2702CDE44BC8} - (no file)
BHO-{51B9EC5D-2C1A-42BC-AC44-DF4509ACFDB6} - (no file)
BHO-{E5738F13-507D-4947-B0A5-E2FDEC4A945B} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-cbXNEXRi - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.foxnews.com/
R0 -: HKLM-Main,Start Page = hxxp://www.dellnet.com
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 -: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} - hxxp://ebot.digitalriver.com/v2.0-doc/dlwizard/wizard3.0.4.3.cab
C:\WINDOWS\Downloaded Program Files\master.inf
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 21:26:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\devldr32.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\searchindexer.exe
.
**************************************************************************
.
Completion time: 2008-09-15 21:36:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-16 03:36:35

Pre-Run: 7,326,789,632 bytes free
Post-Run: 7,624,634,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

216 --- E O F --- 2008-09-10 04:33:11

======================================================
(HiJackThis Log)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:06 PM, on 9/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Matrox X.tools\DSOutputEnabler.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Matrox X.tools\System\digisc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [DSOutputEnabler] "C:\Program Files\Matrox X.tools\DSOutputEnabler.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-do...ard3.0.4.3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?223
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DigiCtrl - Matrox Electronic Systems - C:\Program Files\Matrox X.tools\System\digisc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10685 bytes
==================================================

[__RiP_ChAiN_]

Hello rcbroncos,

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs. ))

MalwareRemovalBot

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Program Files\MalwareRemovalBot
C:\Documents and Settings\Ron Chandler\Application Data\MalwareRemovalBot
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MalwareRemovalBot"=-

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[rcbroncos]

Hi RipChain,

I've attached the results of the latest Combofix run below.

Was that program "Malwareremovalbot" a bad program?

Thanks, again for the continued help!

Ron

====================================================
(Combofix log)

ComboFix 08-09-16.05 - Ron Chandler 2008-09-18 21:04:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.553 [GMT -6:00]
Running from: C:\Documents and Settings\Ron Chandler\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ron Chandler\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ron Chandler\Application Data\MalwareRemovalBot
C:\Documents and Settings\Ron Chandler\Application Data\MalwareRemovalBot\Log\2008 Sep 18 - 06_10_40 PM_250.log
C:\Documents and Settings\Ron Chandler\Application Data\MalwareRemovalBot\rs.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-17 20:46 . 2008-09-18 20:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-09-15 20:16 . 2008-09-15 20:16 59,477,232 --a------ C:\WINDOWS\SYSTEM32\SNAGIT7
2008-09-14 16:11 . 2008-09-14 16:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-14 16:11 . 2008-09-14 16:11 <DIR> d-------- C:\Documents and Settings\Ron Chandler\Application Data\Malwarebytes
2008-09-14 16:11 . 2008-09-14 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 16:11 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-09-14 16:11 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-09-13 15:54 . 2008-09-13 15:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-09 20:21 . 2008-09-09 20:35 <DIR> d-------- C:\Program Files\Security Task Manager
2008-09-09 20:21 . 2008-09-09 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-09-06 20:26 . 2008-09-07 22:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-30 11:44 . 2008-08-30 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-30 11:43 . 2008-08-30 11:36 160,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys
2008-08-30 11:36 . 2008-08-30 11:41 <DIR> d-------- C:\Program Files\Common Files\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 03:00 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-19 00:42 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-18 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-06 20:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 18:28 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-30 18:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-30 18:28 --------- d-----w C:\Documents and Settings\Ron Chandler\Application Data\Symantec
2008-08-30 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-30 17:59 --------- d-----w C:\Documents and Settings\Nancy Chandler\Application Data\Symantec
2008-08-30 14:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 06:29 --------- d-----w C:\Program Files\LogMeIn
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-19 04:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 04:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-19 04:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 04:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 04:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 04:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 04:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-19 04:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-19 04:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-19 04:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:57 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2007-09-03 02:50 82,224 ------w C:\Documents and Settings\Ron Chandler\Application Data\GDIPFONTCACHEV1.DAT
2004-03-26 22:17 700 ---h--w C:\Documents and Settings\Ron Chandler\hpothb07.dat
2003-08-27 20:19 36,963 ------r C:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-15_21.36.03.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-27 01:49:48 1,011,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSDAIPP.DLL
+ 2006-10-27 01:49:46 970,528 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109010090400000000000F01FEC\12.0.4518\MSONSEXT.DLL
+ 2006-10-27 21:00:10 576,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACACEDAO.DLL
+ 2006-10-27 03:18:12 162,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACCWIZ.DLL
+ 2006-10-27 21:00:12 1,751,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACECORE.DLL
+ 2006-10-27 21:00:10 576,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEDAO.DLL
+ 2006-10-27 21:00:06 47,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEERR.DLL
+ 2006-10-27 21:00:08 191,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEES.DLL
+ 2006-10-27 02:13:34 338,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEEXCH.DLL
+ 2006-10-27 02:13:44 629,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEEXCL.DLL
+ 2006-10-27 02:13:28 207,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACELTS.DLL
+ 2006-10-27 02:13:32 279,352 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODBC.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODDBS.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODEXL.DLL
+ 2006-10-27 02:13:08 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODPDX.DLL
+ 2006-10-27 02:13:12 15,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEODTXT.DLL
+ 2006-10-27 21:00:06 387,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEOLEDB.DLL
+ 2006-10-27 02:13:38 392,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEPDE.DLL
+ 2006-10-27 02:13:30 260,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACER2X.DLL
+ 2006-10-27 02:13:32 289,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACER3X.DLL
+ 2006-10-27 02:13:20 56,120 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACERCLR.DLL
+ 2006-10-27 02:13:38 551,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEREP.DLL
+ 2006-10-27 02:13:30 224,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACETXT.DLL
+ 2006-10-27 21:40:34 208,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEWSS.DLL
+ 2006-10-27 02:13:34 371,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ACEXBE.DLL
+ 2006-10-27 21:41:04 399,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CDLMSO.DLL
+ 2006-10-27 01:59:24 205,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CLVIEW.EXE
+ 2006-10-27 03:30:42 65,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\COLLIMP.DLL
+ 2006-10-27 02:12:52 189,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\CONTACTPICKER.DLL
+ 2006-10-27 06:48:08 234,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DRAT.EXE
+ 2006-10-27 01:48:14 439,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\DWDCW20.DLL
+ 2006-10-26 20:10:08 1,190,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FM20.DLL
+ 2006-10-26 20:04:58 75,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FORM.DLL
+ 2006-10-27 01:21:24 1,682,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2006-10-27 21:09:36 983,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2006-10-27 02:02:12 2,526,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GRAPH.EXE
+ 2006-10-27 21:37:44 338,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVE.EXE
+ 2006-10-27 21:38:02 6,191,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEACCOUNTMGR.DLL
+ 2006-10-27 21:37:44 284,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUDIO.DLL
+ 2006-10-27 06:47:54 65,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUDITSERVICE.EXE
+ 2006-10-27 21:37:40 34,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEAUTOPROXY.DLL
+ 2006-10-27 21:37:44 300,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECALENDARTOOL.DLL
+ 2006-10-27 06:47:44 33,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECLEAN.EXE
+ 2006-10-27 21:37:56 2,689,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMONCOMPONENTS.DLL
+ 2006-10-27 21:38:00 3,508,544 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSERVICES.DLL
+ 2006-10-27 21:37:40 117,584 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMMUNICATIONSSTATUSANDCONTROL.DLL
+ 2006-10-27 21:37:50 768,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECOMPONENTMGR.DLL
+ 2006-10-27 21:37:52 1,359,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVECRYPTO.DLL
+ 2006-10-27 06:48:24 377,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEDATAVIEWERTOOL.DLL
+ 2006-10-27 21:37:58 3,071,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEDOCUMENTSHARETOOL.DLL
+ 2006-10-27 21:37:44 284,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEFETCHSERVICES.DLL
+ 2006-10-27 06:48:00 197,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEGAMES.DLL
+ 2006-10-27 06:48:18 317,736 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMIGRATOR.EXE
+ 2006-10-27 06:48:40 1,555,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMISC.DLL
+ 2006-10-27 06:47:42 31,016 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEMONITOR.EXE
+ 2006-10-27 06:47:40 22,808 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVENEW.DLL
+ 2006-10-27 06:48:02 224,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEPROJECTTOOLSET.DLL
+ 2006-10-27 21:38:04 7,053,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVERESOURCE.DLL
+ 2006-10-27 06:48:42 2,210,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESHELLEXTENSIONS.DLL
+ 2006-10-27 06:48:18 363,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESKETCHTOOL.DLL
+ 2006-10-27 06:47:40 16,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESTDURLLAUNCHER.EXE
+ 2006-10-27 21:37:56 2,738,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESTORAGEMGR.DLL
+ 2006-10-27 21:37:38 35,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESYSTEMMODE.DLL
+ 2006-10-27 06:48:02 222,512 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVESYSTEMSERVICES.DLL
+ 2006-10-27 21:37:50 1,163,048 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVETEXTTOOLS.DLL
+ 2006-10-27 21:38:00 4,746,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVETRANSCEIVER.DLL
+ 2006-10-27 21:37:54 1,396,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEUIFRAMEWORK.DLL
+ 2006-10-27 06:48:34 955,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEUTIL.DLL
+ 2006-10-27 21:37:40 268,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBBROWSERTOOL2.DLL
+ 2006-10-27 06:48:26 572,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBPLATFORMSERVICES.DLL
+ 2006-10-27 21:37:48 631,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\GROOVEWEBSERVICES.DLL
+ 2006-10-27 02:12:52 173,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IEAWSDC.DLL
+ 2006-10-27 21:10:08 1,439,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\INFOPATH.EXE
+ 2006-10-27 21:10:10 5,456,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPDESIGN.DLL
+ 2006-10-27 21:10:10 5,281,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPEDITOR.DLL
+ 2006-10-27 03:42:00 176,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\IPOLK.DLL
+ 2006-10-27 01:55:10 828,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MEDCAT.DLL
+ 2006-10-27 21:01:34 10,371,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSACCESS.EXE
+ 2006-10-27 03:18:06 66,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSAEXP30.DLL
+ 2006-10-26 19:58:14 117,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSCONV97.DLL
+ 2006-10-27 20:59:06 161,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOCF.DLL
+ 2006-10-27 01:48:12 14,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOCFU.DLL
+ 2006-10-27 02:12:58 428,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSODCW.DLL
+ 2006-10-27 03:13:36 26,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSOEURO.DLL
+ 2006-10-27 02:00:08 6,635,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 19:56:36 436,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSORUN.DLL
+ 2006-10-27 01:50:04 672,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSQRY32.EXE
+ 2006-10-26 19:56:40 505,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSSOAP30.DLL
+ 2006-10-27 01:55:12 832,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSTORDB.EXE
+ 2006-10-27 01:55:06 538,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\MSTORES.DLL
+ 2006-10-27 02:12:30 65,824 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\NAME.DLL
+ 2006-10-27 21:14:34 14,151,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OART.DLL
+ 2006-10-27 02:06:54 232,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ODEPLOY.EXE
+ 2006-10-27 02:14:06 7,033,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OFFOWC.DLL
+ 2006-10-27 02:00:08 274,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OIS.EXE
+ 2006-10-27 02:00:12 998,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OISAPP.DLL
+ 2006-10-27 02:00:10 285,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OISGRAPH.DLL
+ 2006-10-27 21:39:36 687,432 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONBTTNOL.DLL
+ 2006-10-27 02:23:00 782,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\ONSYNCPC.DLL
+ 2006-10-27 02:07:04 6,536,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OSETUP.DLL
+ 2006-07-27 00:53:56 459,080 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\OUTLFLTR.DLL
+ 2006-10-27 03:30:44 482,088 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PORTCONN.DLL
+ 2006-10-27 01:52:10 2,012,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PPTVIEW.EXE
+ 2006-10-26 20:05:00 77,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PSOM.DLL
+ 2006-10-27 03:13:38 38,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REFEDIT.DLL
+ 2006-10-27 03:42:12 744,808 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REGFORM.EXE
+ 2006-10-26 20:04:44 19,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\REVERSE.DLL
+ 2006-10-27 02:13:00 503,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SELFCERT.EXE
+ 2006-10-27 02:06:58 439,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SETUP.EXE
+ 2006-10-27 03:18:16 502,608 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SOA.DLL
+ 2006-07-28 21:21:58 277,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\SSGEN.DLL
+ 2006-10-27 20:57:08 2,330,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\STSLIST.DLL
+ 2006-10-26 20:04:48 29,976 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\THOCRAPI.DLL
+ 2006-10-26 20:05:04 126,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWCUTCHR.DLL
+ 2006-10-26 20:05:02 86,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWCUTLIN.DLL
+ 2006-10-26 20:04:56 58,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWLAY32.DLL
+ 2006-10-26 20:04:48 27,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWORIENT.DLL
+ 2006-10-26 20:04:54 51,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWRECE.DLL
+ 2006-10-26 20:04:44 19,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWRECS.DLL
+ 2006-10-26 20:04:58 76,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\TWSTRUCT.DLL
+ 2006-09-30 06:42:56 2,583,344 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\VBE6.DLL
+ 2006-10-27 04:58:38 3,732,792 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\VVIEWER.DLL
+ 2006-10-26 20:05:08 1,181,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XIMAGE3B.DLL
+ 2006-10-26 20:05:08 530,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\XPAGE3C.DLL
- 2008-01-21 17:14:51 217,864 ------r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-09-18 03:57:10 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-09-10 04:31:19 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-09-18 03:54:26 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-09-10 04:31:21 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-09-18 03:54:27 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-09-10 04:31:19 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-09-18 03:54:27 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-09-10 04:31:19 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-09-18 03:54:27 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-09-10 04:31:20 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-09-18 03:54:27 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-09-10 04:31:21 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-09-18 03:54:27 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-09-10 04:31:22 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-09-18 03:54:27 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-09-10 04:31:19 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-09-18 03:54:27 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-09-10 04:31:20 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-09-18 03:54:27 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-09-10 04:31:20 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-09-18 03:54:27 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-09-10 04:31:21 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-09-18 03:54:27 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-09-10 04:31:19 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-09-18 03:54:27 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2006-10-26 20:10:08 1,190,688 ------w C:\WINDOWS\SYSTEM32\FM20.DLL
+ 2007-08-23 07:03:38 1,195,888 ----a-w C:\WINDOWS\SYSTEM32\FM20.DLL
- 2008-09-16 01:01:00 47,924 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-09-19 00:15:13 47,808 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-09-16 01:01:00 335,552 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-09-19 00:15:13 335,244 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-08-23 06:18:08 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2007-08-23 06:18:08 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2007-08-23 06:18:08 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2007-08-23 06:18:08 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2007-08-23 06:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2007-08-23 06:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2007-08-23 06:18:08 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2007-08-23 06:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2007-08-23 06:18:08 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2002-05-02 98304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TCASUTIEXE"="TCAUDIAG -off" [X]
"DSOutputEnabler"="C:\Program Files\Matrox X.tools\DSOutputEnabler.exe" [2003-10-22 61549]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe" [2002-04-28 146432]
"StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 94208]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-09 28672]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"DellTouch"="C:\WINDOWS\MMKeybd.exe" [2001-09-05 163840]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [2001-03-28 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-02 98304]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe" [2002-06-07 262144]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2007-08-20 2483496]
"ATIPTA"="atiptaxx.exe" [2002-06-21 Panel\atiptaxx.exe]
"CTHelper"="CTHELPER.EXE" [2003-06-19 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="CTASIO.DLL" [2003-06-19 C:\WINDOWS\SYSTEM32\CTASIO.DLL]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\SYSTEM32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-02-23 67264]

C:\Documents and Settings\Ron Chandler\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2003-07-13 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-03 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2004-01-29 3325952]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXNEXRi]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"aux1"= ctwdm32.dll
"VIDC.PIM2"= RALCodec.dll
"vidc.dvsd"= digivcap.dll
"MSVIDEO"= MtxVidCap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--------- 2003-06-12 08:47 135168 C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--------- 2002-12-03 17:06 45056 C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BthServ"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 CINEMSUP;Cinemsup;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS [2002-07-19 6656]
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2002-01-29 5543]
R1 pctfw2;pctfw2;C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys [2008-08-30 160792]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 28672]
R2 tcaicchg;tcaicchg;C:\WINDOWS\System32\tcaicchg.sys [2000-06-06 21233]
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R3 dgcodec;dgcodec;C:\WINDOWS\system32\Drivers\dgcodec.sys [2003-10-22 3239335]
R3 dgvideo;dgvideo;C:\WINDOWS\system32\Drivers\dgvideo.sys [2003-10-22 1246503]
R3 digim2ba;digim2ba;C:\WINDOWS\system32\Drivers\digim2ba.sys [2003-10-22 7908]
R3 DigiPnp;DigiPnp;C:\WINDOWS\system32\Drivers\DigiPnp.sys [2003-10-22 7266]
R3 digisclk;digisclk;C:\WINDOWS\system32\Drivers\digisclk.sys [2003-10-22 9348]
R3 digismem;digismem;C:\WINDOWS\system32\Drivers\digismem.sys [2003-10-22 28868]
R3 digisnif;digisnif;C:\WINDOWS\system32\Drivers\digisnif.sys [2003-10-22 74244]
R3 flex3dio;flex3dio;C:\WINDOWS\system32\Drivers\flex3dio.sys [2003-10-22 72644]
R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 6942]
R3 mvkG550rt;mvkG550rt;C:\WINDOWS\system32\DRIVERS\mvkG550rt.sys [2003-10-22 2989319]
R3 MvkMiniVFX;mvkMiniVFX;C:\WINDOWS\system32\Drivers\MvkMiniVFX.sys [2003-10-22 35147]
R3 mvkRTXio;mvkRTXio;C:\WINDOWS\system32\DRIVERS\mvkRtXIo.sys [2003-10-22 64359]
R3 mvkVideoBus;mvkVideoBus;C:\WINDOWS\system32\DRIVERS\mvkMinicuda.sys [2003-10-22 48973]
S1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [ ]
S3 RioDrv;Rio600 driver;C:\WINDOWS\system32\Drivers\RioDrv.sys [2001-08-18 12032]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 15576]
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2001-08-17 38144]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{4FCB2794-DAC4-4A04-9F78-2702CDE44BC8} - (no file)
BHO-{51B9EC5D-2C1A-42BC-AC44-DF4509ACFDB6} - (no file)
BHO-{E5738F13-507D-4947-B0A5-E2FDEC4A945B} - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 21:08:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-18 21:11:43
ComboFix-quarantined-files.txt 2008-09-19 03:11:05
ComboFix2.txt 2008-09-16 03:36:43

Pre-Run: 6,100,512,768 bytes free
Post-Run: 6,091,448,320 bytes free

372 --- E O F --- 2008-09-19 02:28:12

(end of Combofix log)
=============================================

[__RiP_ChAiN_]

Hello rcbroncos,

Was that program "Malwareremovalbot" a bad program?

It's not technically malware in itself, but it is something called a rogue program which will bring up false detections of malware, and then ask you to pay for the removal of them.

Could you please go to C:\Program Files\Trend Micro\HijackThis\ and rename thie file HijackThis.exe into Nameless.exe and post a new log from there?