Cannnot remove Smitfraud-C. and ldcore.dll

Status
Not open for further replies.
Good job:bigthumb: I think we are getting there thanks to folks like Atribune and sUBs. They make the swords, all I do is swing them.

The HJT log appears clean of malware, let's see what Kaspersky finds. Keep in mind you still have infected System Restore files to clean so it is going to find some infected files, please use these setting when you run Kaspersky.

Run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
* Scan using the following Anti-Virus database:
* Standard
* Scan Options:
* Scan Archives
* Scan Mail Bases
* Click OK
* Now under select a target to scan:
* Select My Computer
* This will program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
* Now click on the Save as Text button:
* Save the file to your desktop.

Then post it here.

Thanks
 
Scan does not produce log

Hi Phil,

I have run the online Kaspersky scan 3 times (takes about 1hour, 20 minutes each) and it does not give me the option to save the log at the end of the scan.

Any suggestions?

John
 
* Now click on the Save as Text button:
* Save the file to your desktop.
Click to expand...
That's the same instructions I post all of the time? Even if it finds nothing it should tell you that. If you have no issues, don't be concerned. Just enjoy your computer and have Happy Holidays:santa:

Thanks...Phil
 
Thanks again Phil, for your expertise and help

Thank you so very much. We will be traveling to the Clearwater/St Pete area over Christmas to enjoy the warm weather. We've kind of made it our annual winter getaway destination. Its -5 outside this am so anything will be warmer.

Again, thank you so very much!!!!!!!

HAPPY HOLIDAYS

MERRY CHRISTMAS

John
 
Ooooppps!! Still getting pop-ups....

Phil,

I am still getting pop-up ads. I am running a full Kaspersky scan and will post the log and HJT when it is finished.

John
 
Recent log scans

Kaspersky will only scan to about 63%, then it crashes... twice now..

Below is the most recent HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:28 PM, on 12/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\Program Files\Intuit\QuickBooks Pro\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wildboards.wildtangent.com/R...okup/Decoder.aspx?g=bounce&dp=hpdesktop&l=HSP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\fmgqagqn.dll",b
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3"
O4 - HKLM\..\RunOnce: [0003 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0004 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O23 - Service: McAfee Application Installer Cleanup (0101491197654224) (0101491197654224mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\010149~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 10554 bytes
 
OK, thanks for the feedback, it appears we did not get all of the infection, this is an outware sign:
O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\fmgqagqn.dll",b

Because the tools do not update, please make sure you have deleted Vundofix and combofix from the computer completely. The tools are constantly updated and we need the very newest versions.

1) Thanks to Atribune and any others who helped with this fix.

http://vundofix.atribune.org/ <<< tutorial

"Download VundoFix" to your Desktop

http://www.atribune.org/ccount/click.php?id=4

Double-click VundoFix.exe to run it.
When VundoFix opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will attempt run on reboot, simply follow the above instructions starting from "Click
the Scan for Vundo button." when VundoFix appears at reboot. Vundofix.txt will be on the C:\

(wait until you finish to post reports and logs)

2) Thanks to sUBs and anyone else who helped with this fix.

Download ComboFix from Here or Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the Vundofix.txt, combofix log and a new HJT log.

Thanks
 
New logs for review - Page 1/2 VundoFix, HJT

Hi Phil,

I was out of town for the weekend so here is the requested files.

1) VundoFix.txt

VundoFix V6.7.7

Checking Java version...

Scan started at 7:40:51 AM 12/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\anruoyxw.dll
C:\WINDOWS\system32\fmgqagqn.dll
C:\WINDOWS\system32\gcophcbc.exe
C:\WINDOWS\system32\hjvwtbow.dll
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ixvjosoe.dll
C:\WINDOWS\system32\jolauolf.dll
C:\WINDOWS\system32\jwefqagl.exe
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\nqgaqgmf.ini
C:\WINDOWS\system32\ultwinio.exe
C:\WINDOWS\system32\wxyourna.ini
C:\WINDOWS\system32\yrrrsqlf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\anruoyxw.dll
C:\WINDOWS\system32\anruoyxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fmgqagqn.dll
C:\WINDOWS\system32\fmgqagqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gcophcbc.exe
C:\WINDOWS\system32\gcophcbc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjvwtbow.dll
C:\WINDOWS\system32\hjvwtbow.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\ijjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ixvjosoe.dll
C:\WINDOWS\system32\ixvjosoe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jolauolf.dll
C:\WINDOWS\system32\jolauolf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jwefqagl.exe
C:\WINDOWS\system32\jwefqagl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\mljji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nqgaqgmf.ini
C:\WINDOWS\system32\nqgaqgmf.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ultwinio.exe
C:\WINDOWS\system32\ultwinio.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wxyourna.ini
C:\WINDOWS\system32\wxyourna.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yrrrsqlf.dll
C:\WINDOWS\system32\yrrrsqlf.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.7.7

Checking Java version...

Scan started at 8:26:19 AM 12/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\flqsrrry.ini
C:\WINDOWS\system32\yrrrsqlf.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\flqsrrry.ini
C:\WINDOWS\system32\flqsrrry.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yrrrsqlf.dll
C:\WINDOWS\system32\yrrrsqlf.dll Has been deleted!

Performing Repairs to the registry.
Done!



2) HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:53 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wildboards.wildtangent.com/R...okup/Decoder.aspx?g=bounce&dp=hpdesktop&l=HSP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {405EA3D6-E011-4130-A568-DB56A0364B8D} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {e18328d1-05e9-3d9b-c904-a926e7939e9d} - {d9e9397e-629a-409c-b9d3-9e501d82381e} - C:\WINDOWS\system32\jolauolf.dll (file missing)
O2 - BHO: (no name) - {EC26F05B-DF64-42C4-99EA-7EC44516F4A2} - C:\WINDOWS\system32\mljji.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\yrrrsqlf.dll",b
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3"
O4 - HKLM\..\RunOnce: [0003 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0004 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 11128 bytes
 
New logs for review - Page 2/2 Combofix

3) ComboFix.exe (Scan Log is too big , must post on 3 pages)

Page 1 of ComboFix

ComboFix 07-12-17.1 - Owner 2007-12-17 9:18:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.106 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\bkR11
C:\WINDOWS\cookies.ini
C:\WINDOWS\hg173.exe
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 )))))))))))))))))))))))))))))))
.

2007-12-12 14:03 . 2007-12-12 14:09 916,902 ---hs---- C:\WINDOWS\system32\nwsxrami.ini
2007-12-12 12:32 . 2007-12-13 09:33 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-11 09:28 . 2007-12-17 08:26 <DIR> d-------- C:\VundoFix Backups
2007-12-11 08:48 . 2007-12-11 08:48 <DIR> d-------- C:\Program Files\Sun
2007-12-11 08:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-11 08:20 . 2007-12-11 08:20 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-05 10:15 . 2007-12-05 10:15 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-05 10:15 . 2007-12-05 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 15:24 . 2003-10-10 23:19 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-12-04 15:24 . 2003-10-13 23:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-04 15:24 . 2003-10-10 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-12-04 15:24 . 2003-10-10 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-12-04 15:24 . 2003-10-13 23:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-12-04 15:20 . 2007-12-04 15:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-04 13:49 . 2007-12-04 13:49 63 --a------ C:\WINDOWS\mdm.ini
2007-12-04 13:17 . 2007-12-05 07:33 816,724 --ahs---- C:\WINDOWS\system32\antslmid.ini
2007-12-03 16:06 . 2007-12-03 16:07 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-12-03 16:02 . 2007-12-03 16:02 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-12-03 07:33 . 2007-12-03 07:33 793,820 --ahs---- C:\WINDOWS\system32\ptolrjme.tmp
2007-11-30 10:01 . 2007-11-30 10:01 <DIR> d-------- C:\WINDOWS\system32\daSgo06
2007-11-29 14:41 . 2007-10-10 17:55 6,065,664 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-29 14:41 . 2007-04-17 03:32 2,455,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-29 14:41 . 2007-03-07 23:10 991,232 --a--c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-29 14:41 . 2007-10-10 17:55 459,264 --a--c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-29 14:41 . 2007-10-10 17:55 383,488 --a--c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-29 14:41 . 2007-10-10 17:55 267,776 --a--c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-29 14:41 . 2007-10-10 17:55 63,488 --a--c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-29 14:41 . 2007-10-10 17:55 52,224 --a--c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-29 14:41 . 2007-10-10 04:59 13,824 --a--c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-29 14:33 . 2007-11-29 14:34 <DIR> d-------- C:\57f6375070a0c43864d847d3025c7ccd
2007-11-29 11:45 . 2007-12-10 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-11-21 14:06 . 2006-10-04 08:06 764,868 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-11-21 14:06 . 2006-10-04 08:06 217,118 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-11-21 14:05 . 2007-11-21 14:05 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 14:03 . 2007-11-21 14:03 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 14:03 . 2007-11-21 14:04 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-21 14:03 . 2007-11-21 14:04 <DIR> d-------- C:\70c677fd719e930ec8
2007-11-21 14:02 . 2007-11-21 14:03 <DIR> d-------- C:\fc66d72d2b72b8ddbd81ebcfe9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 15:10 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-17 14:25 --------- d-----w C:\Program Files\McAfee
2007-12-14 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 20:31 --------- d-----w C:\Program Files\Zone.com Deluxe Games
2007-12-14 20:30 --------- d-----w C:\Program Files\interMute
2007-12-14 20:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\interMute
2007-12-13 14:26 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-12 20:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-11 14:48 --------- d-----w C:\Program Files\Java
2007-12-06 18:21 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SiteAdvisor
2007-11-24 09:56 --------- d-----w C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-11-13 20:53 --------- d--h--w C:\Program Files\Zero G Registry
2007-11-13 20:53 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-13 20:50 --------- d-----w C:\Program Files\HP
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-17 21:32 --------- d-----w C:\Program Files\Interbank FX Trader 4
2006-02-24 17:57 3,167,744 ----a-w C:\Documents and Settings\Owner\gosetup.exe
2006-01-12 16:33 563,712 ----a-w C:\Documents and Settings\Owner\370_gotomypc.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-11_10.03.59.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 21:34:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
 
New logs for Review - Combofix.exe

Page 2 of ComboFix Log

+ 2006-08-08 23:33:50 350,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\801AEE179C9018D4F82A4DC807862124\17.0.4001\awApi4.dll
- 2007-07-16 14:02:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:04 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:15 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_1.exe
+ 2007-12-13 14:32:00 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_1.exe
- 2007-07-16 14:02:17 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_2.exe
+ 2007-12-13 14:32:05 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\_7AE715922BD74E0E938522AC3FDACFB1_2.exe
- 2007-07-16 14:02:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:05 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:06 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:06 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:06 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:23 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:07 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:23 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:19 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:07 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:23 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:19 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:18 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:08 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:23 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:19 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:19 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:08 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:20 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:20 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:08 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:20 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:13 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:20 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:13 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:02 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut201_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:20 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:13 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:03 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut241_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-12-13 14:32:14 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut25_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-12-13 14:32:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut26_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-07-16 14:02:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-12-13 14:32:14 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut27_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-07-16 14:02:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
+ 2007-12-13 14:32:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut28_6C2287199EDD4CAA8285D3095F51E522.exe
- 2007-07-16 14:02:26 45,056 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut29_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:26 45,056 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut29_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:15 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:26 45,056 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:25 45,056 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut30_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:23 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:15 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut32_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:01 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut32_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:16 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut33_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:01 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut33_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut34_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:03 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut34_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:15 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut37_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:31:59 65,536 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut37_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:15 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut39_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:01 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut39_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:21 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut40_7AE715922BD74E0E938522AC3FDACFB1.exe
+ 2007-12-13 14:32:05 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut40_7AE715922BD74E0E938522AC3FDACFB1.exe
- 2007-07-16 14:02:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:24 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:26 40,960 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2007-12-13 14:32:24 40,960 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:16 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:26 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:26 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:22 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:17 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-07-16 14:02:26 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2007-12-13 14:32:25 450,560 ----a-r C:\WINDOWS\Installer\{71EEA108-09C9-4D81-8FA2-D48C70681242}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
- 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
 
New logs for Review - ComboFix.exe

Page 3 Of ComboFix scan Log

- 2007-12-11 15:37:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-14 22:35:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-11 15:37:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-14 22:35:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-14 22:35:58 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-20 10:04:34 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:55:51 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2007-08-20 10:04:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-20 10:04:34 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:55:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-08-17 10:20:54 63,488 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-20 10:04:35 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-20 10:04:35 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-20 10:04:38 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:55:55 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-17 10:21:21 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 10:59:52 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-20 10:04:39 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-08-20 21:34:42 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-20 10:04:41 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-08-20 10:04:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:55:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-20 10:04:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-08-20 10:04:42 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:55:59 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-08-20 10:04:42 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:55:59 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-20 10:04:42 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-20 10:04:42 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:56:00 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-20 10:04:43 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:56:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-19 03:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-27 23:40:30 222,720 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-20 21:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-19 03:47:18 222,208 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 23:40:30 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{405EA3D6-E011-4130-A568-DB56A0364B8D}]
C:\WINDOWS\system32\awtsp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9e9397e-629a-409c-b9d3-9e501d82381e}]
C:\WINDOWS\system32\jolauolf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC26F05B-DF64-42C4-99EA-7EC44516F4A2}]
C:\WINDOWS\system32\mljji.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 03:56 C:\WINDOWS\system32\nview.dll]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-24 07:22]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-07-23 17:37]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 C:\WINDOWS\ltmsg.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:55]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 20:19]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-07-24 14:28]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" [2005-02-07 11:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"20ddfb3d"="C:\WINDOWS\system32\yrrrsqlf.dll" []
"TomcatStartup 2.5"="C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-11-12 10:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3"="C:\WINDOWS\command.com /c rmdir C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3" []
"0003 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"="C:\WINDOWS\command.com /c rmdir C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center" []
"0004 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"="C:\WINDOWS\command.com /c rmdir C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center" []
"0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3"="C:\WINDOWS\command.com /c rmdir C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2002-06-20 12:21:32]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-09 16:13:18]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-10-10 23:26:40]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AloPar.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Parallel Arbitrator]
@="Driver Group"

S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2003-07-30 03:15]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2003-07-30 03:15]
S3 HPPLSBULK;HPPLSBULK;C:\WINDOWS\system32\drivers\hpplsbulk.sys [2005-02-02 17:29]
S4 AloPar;AloPar;C:\WINDOWS\System32\Drivers\AloPar.sys [2003-08-01 08:00]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 14:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2007-11-01 06:00:38 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 09:23:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-17 9:27:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 13:48
C:\ComboFix3.txt ... 2007-12-11 10:05
.
2007-12-17 09:00:31 --- E O F ---
 
Make sure the computer is staying offine except when troubleshooting. If you compare the first scans by the tools and the most recent one, you can easily see the computer is getting infected as we work. If anyone else has access to this computer, take that access away.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

2) Open Vundofix by Doubleclicking on it, then point your mouse to the white box above the buttons and right click, then click on Add More Files. When the next window opens, copy and paste the files into the boxes and click on Add File(s), then click on Close Window. Then click Remove Vundo.

(files to add)

C:\WINDOWS\system32\yrrrsqlf.dll
C:\WINDOWS\system32\nwsxrami.ini
C:\WINDOWS\system32\mcrh.tmp

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {405EA3D6-E011-4130-A568-DB56A0364B8D} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: {e18328d1-05e9-3d9b-c904-a926e7939e9d} - {d9e9397e-629a-409c-b9d3-9e501d82381e} - C:\WINDOWS\system32\jolauolf.dll (file missing)
O2 - BHO: (no name) - {EC26F05B-DF64-42C4-99EA-7EC44516F4A2} - C:\WINDOWS\system32\mljji.dll (file missing)
O4 - HKLM\..\Run: [20ddfb3d] rundll32.exe "C:\WINDOWS\system32\yrrrsqlf.dll",b

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\system32\yrrrsqlf.dll <<< make sure that file is gone

5) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Post a new HJT log and some feedback.

Thanks
 
New HJT Scan Log

OK,

Other than downloading your instructions and uploading results of the scans, I am physically unplugging this pc from my network router. I am following this thread on another pc when waiting for further instructions.

1) Files and Folders were made visible...done

2) The 3 Vundofix files werre added and removed....done

3) The 4 files under the HJT scan were checked and removed....done

4) This file: C:\WINDOWS\system32\yrrrsqlf.dll was not found. a search of the drive came up empty.

5) Ran ATF-Cleaner....done

6) New HJT Log is below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 AM, on 12/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wildboards.wildtangent.com/R...okup/Decoder.aspx?g=bounce&dp=hpdesktop&l=HSP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 840C Series v2.3"
O4 - HKLM\..\RunOnce: [0003 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0004 - C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP Internet Connection Center"
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\Owner\Start Menu\Programs\HP DeskJet 930C Series v2.3"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

--
End of file - 10690 bytes


6) There are snowflakes falling on my POST REPLY page. ???????

John
 
There are snowflakes falling on my POST REPLY page. ???????
Click to expand...
That's tashi, our ever so nice administrator working hard to get us in the Christmas spirit:santa:

Not sure about these, not malware?
o4 items in the HJT log:
HP DeskJet 840C Series v2.3"
HP DeskJet 930C Series v2.3"
HP Internet Connection Center"
If you don't know why they are in the HJT log, I would be asking HP about them.

This is optional: O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
http://www.castlecops.com/startuplist-180.html
Remove it with HJT and delete the file in red...be sure to get the correct file, other RealTek files look like that.

The balance of the HJT log is clean and there is no sign of any malware, how is the computer running.

Thanks
 
Final Update???????

Hi Phil,

The pc seams to be running great. It seams to boot faster, and programs are starting-up quicker than before.

I will monitor over the next few days. Any problems I will let you know.

All the best to you and the Spybot Team.

Merry Christmas :santa:

and a Happy New Year:wav:

With Gratitude,

John
 
In case I missed this information:santa:

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
Status
Not open for further replies.
Back
Top