Feedback/Help Much Appreciated (HJT Logfile)

Status
Not open for further replies.
E

enjoinow

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:36 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\kxyzsdwb.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0492353B-A714-4C05-BFF2-E2CC558DD9C1} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file)
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [actinfoadm] C:\WINDOWS\system32\kxyzsdwb.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1Vdml9v00] C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O22 - SharedTaskScheduler: enswathes - {4d51e91c-e917-4b7f-89ff-abe471e16927} - C:\WINDOWS\system32\uyhjw.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7559 bytes

Thanks
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Make sure you read and follow the directions, anything else will slow the process and waste both of our time. I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.

You are good and infected, do not expect fast or easy. The first step is a search step.

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post only the C:\rapport.txt

Thanks
 
Thanks for Swift Response. Here's The c:\rapport.txt

SmitFraudFix v2.344

Scan done at 13:57:46.82, Mon 09/01/2008
Run from C:\Documents and Settings\Patrick\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\kxyzsdwb.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Documents and Settings\Patrick\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Patrick\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Patrick\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll,avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/1000 PL Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6670A9BF-F060-4129-9F0F-DDF3A31C971F}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6670A9BF-F060-4129-9F0F-DDF3A31C971F}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Thanks for returning your information, Smitfraudfix found the infection and it also found this:
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
After we clean, in the next C:\rapport.txt, there may be a very large hosts file (items starting with 127.0.0.1) and I do not need to see it. Edit (remove) it from the C:\rapport.txt before you post it.

Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infected files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Post the C:\rapport.txt and a new HJT log.

Thanks
 
Here's the c:\rapport.txt (minus the 127.0.0.1 hosts file)

SmitFraudFix v2.344

Scan done at 15:40:23.53, Mon 09/01/2008
Run from C:\Documents and Settings\Patrick\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6670A9BF-F060-4129-9F0F-DDF3A31C971F}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6670A9BF-F060-4129-9F0F-DDF3A31C971F}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Here's the HJT Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:10, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\kxyzsdwb.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {0492353B-A714-4C05-BFF2-E2CC558DD9C1} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [actinfoadm] C:\WINDOWS\system32\kxyzsdwb.exe
O4 - HKCU\..\Run: [AppInfo] C:\WINDOWS\system32\shkpgjgv.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1Vdml9v00] C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5972 bytes
 
Thanks for returning your information, stick with me, we killed some of it, let's go after the rest now.

You may delete Smitfraudfix from your computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop.

Download ComboFix from Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks
 
ComboFix 08-09-01.01 - Patrick 2008-09-01 16:25:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.592 [GMT -7:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\bin.clearspring.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\interclick.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\interclick.com\ud.sol
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Patrick\Application Data\rhccpnj0ec7p
C:\WINDOWS\system32\527631
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dKlonUtv.ini
C:\WINDOWS\system32\dKlonUtv.ini2
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\laxnifvb.ini
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 15:31 . 2008-09-01 15:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-01 13:58 . 2008-09-01 15:40 2,666 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 13:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-01 13:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-01 13:57 . 2008-08-31 00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-01 13:57 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-01 13:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-01 13:57 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-01 13:57 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-01 13:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-01 13:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-01 13:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-01 01:34 . 2008-09-01 01:34 102,400 --a------ C:\WINDOWS\system32\shkpgjgv.exe
2008-08-31 12:46 . 2008-08-31 12:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-31 00:07 . 2008-08-31 00:07 94,208 --a------ C:\WINDOWS\system32\kxyzsdwb.exe
2008-08-30 14:14 . 2008-08-31 00:47 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-30 14:10 . 2008-09-01 13:44 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-30 14:10 . 2008-08-30 14:10 <DIR> d-------- C:\Program Files\AVG
2008-08-30 14:10 . 2008-08-30 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-30 14:10 . 2008-08-31 11:56 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 14:10 . 2008-08-30 14:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-30 14:10 . 2008-08-30 14:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-30 14:03 . 2008-08-30 14:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-30 14:03 . 2008-08-30 14:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-30 13:57 . 2007-08-10 21:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-30 13:54 . 2008-09-01 01:57 13,321,728 --a------ C:\WINDOWS\system32\logonuiX.exe
2008-08-30 13:12 . 2008-08-30 13:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\opstqlcb
2008-08-30 13:12 . 2008-08-30 13:12 90,112 --a------ C:\WINDOWS\system32\spsvqxyx.exe
2008-08-30 13:11 . 2008-08-30 14:31 <DIR> d-------- C:\Program Files\SAV
2008-08-30 13:11 . 2008-08-30 13:11 115,204 --a------ C:\WINDOWS\system32\msxml71.dll
2008-08-30 03:41 . 2008-09-01 02:05 22 --a------ C:\WINDOWS\wb.ini
2008-08-30 03:32 . 2008-08-31 03:07 <DIR> d-------- C:\Program Files\Stardock
2008-08-30 03:03 . 2008-08-30 03:03 5,760,054 --a------ C:\WINDOWS\Think Green 1600x1200.bmp
2008-08-30 00:33 . 2008-08-30 00:33 <DIR> d-------- C:\Program Files\WinCustomize
2008-08-30 00:33 . 2008-08-30 23:58 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-30 00:33 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-08-30 00:33 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-30 00:33 . 2008-09-01 16:29 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Logitech
2008-08-28 14:58 . 2008-08-30 14:10 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-27 15:54 . 2008-08-27 15:54 <DIR> d-------- C:\Program Files\StylerTB
2008-08-25 14:24 . 2008-08-25 14:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-23 01:26 . 2008-08-23 01:26 <DIR> d-------- C:\Program Files\BuddyList Ops
2008-08-22 12:03 . 2008-08-22 12:03 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-15 22:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-15 22:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-08 20:42 . 2008-08-08 20:42 <DIR> d-------- C:\Program Files\Sibelius Software
2008-08-07 20:39 . 2008-08-07 20:39 <DIR> d-------- C:\Program Files\WMA-MP3.com
2008-08-07 20:39 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-08-04 20:21 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002972_.tmp
2008-08-04 20:05 . 2008-08-04 20:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iPod
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\QuickTime
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\Bonjour
2008-08-04 14:45 . 2008-08-04 14:45 <DIR> d-------- C:\Program Files\Safari
2008-08-02 18:41 . 2008-08-02 18:41 <DIR> d-------- C:\Program Files\LimeWire
2008-08-02 18:41 . 2008-08-23 23:22 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\LimeWire
2008-08-02 17:03 . 2008-08-02 17:03 <DIR> d-------- C:\Program Files\AIM Music Link

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 19:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-31 01:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 20:34 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent
2008-08-30 09:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 18:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 21:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Apple Computer
2008-07-23 04:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-22 22:48 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-22 22:47 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-07-22 10:06 --------- d-----w C:\Program Files\Sun
2008-07-22 10:05 --------- d-----w C:\Program Files\Java
2008-07-21 10:55 --------- d-----w C:\Program Files\uTorrent
2008-07-19 12:09 --------- d-----w C:\Documents and Settings\Patrick\Application Data\BitTorrent
2008-07-19 11:25 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Winamp
2008-07-19 11:20 --------- d-----w C:\Program Files\Winamp
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"actinfoadm"="C:\WINDOWS\system32\kxyzsdwb.exe" [2008-08-31 00:07 94208]
"AppInfo"="C:\WINDOWS\system32\shkpgjgv.exe" [2008-09-01 01:34 102400]
"aplmnt"="C:\WINDOWS\system32\rgxadede.exe" [2008-09-01 16:31 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 19:57 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 05:27 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 06:20 122940]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 21:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 11:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 11:47 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 11:57 1235736]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"PMX Daemon"="ICO.EXE" [2006-06-09 13:47 47104 C:\WINDOWS\system32\ico.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"g1Vdml9v00"="C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe" [2008-08-30 13:12 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 13:01:18 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-31 03:13 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 11:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-08 09:49 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 11:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smartwinstr]
--a------ 2008-08-30 13:12 90112 C:\WINDOWS\system32\spsvqxyx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 14:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 11:56]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 11:56]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 11:56]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-30 14:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 14:38]
S3 yeddef;YEDDEF driver;C:\WINDOWS\system32\Drivers\yeddef.sys []
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Antivirus - C:\Program Files\SAV\sav.exe
MSConfigStartUp-b0666d2a - C:\WINDOWS\system32\bvfinxal.dll
MSConfigStartUp-BitTorrent DNA - C:\Program Files\DNA\btdna.exe
MSConfigStartUp-Octoshape Streaming Services - C:\Program Files\Octoshape Streaming Services\Patrick\OctoshapeClient.exe
MSConfigStartUp-SMrhccpnj0ec7p - C:\Program Files\rhccpnj0ec7p\rhccpnj0ec7p.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\Patrick\LOCALS~1\Temp\3E.tmp.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\odmus1pr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Octoshape Streaming Services\Patrick\octoprogram-L03-NMS0806110_SUA_900\npoctoshape.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 16:29:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\874c24d2-12a5-4279-ba17-8fa9c95170a1.tmp 0 bytes
C:\WINDOWS\TEMP\d810ce96-a4fc-4d32-ba3f-c79956335010.tmp

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-01 16:33:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 23:33:02

Pre-Run: 213,800,853,504 bytes free
Post-Run: 213,908,865,024 bytes free

288 --- E O F --- 2008-08-30 10:20:10


HJT Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:36:43, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\shkpgjgv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [actinfoadm] C:\WINDOWS\system32\kxyzsdwb.exe
O4 - HKCU\..\Run: [AppInfo] C:\WINDOWS\system32\shkpgjgv.exe
O4 - HKCU\..\Run: [aplmnt] C:\WINDOWS\system32\rgxadede.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1Vdml9v00] C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6278 bytes
 
Thanks for returning your information, please see this:
C:\Program Files\LimeWire
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...
Uninstall Limewire and any other p2p programs you have installed.

C:\Program Files\Viewpoint\Common\ViewpointService.exe
For your information, Viewpoint is installed by aol probably without your knowledge. I suggest you uninstall this resource waster in Add Remove programs.
http://www.greatis.com/appdata/u/v/viewmgr.exe.htm
http://www.spywareinfo.com/newsletter/archives/2005/nov4.php#viewpoint
http://www.clickz.com/news/article.php/3561546


1) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

2) Open notepad and copy/paste the text in the codebox below into it:

Code: 
File::
C:\WINDOWS\system32\shkpgjgv.exe
C:\WINDOWS\system32\kxyzsdwb.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\spsvqxyx.exe

Folder::
C:\Documents and Settings\All Users\Application Data\opstqlcb

Save this as CFScript

CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. (wait until you finish to post the logs)

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKCU\..\Run: [actinfoadm] C:\WINDOWS\system32\kxyzsdwb.exe
O4 - HKCU\..\Run: [AppInfo] C:\WINDOWS\system32\shkpgjgv.exe
O4 - HKCU\..\Run: [aplmnt] C:\WINDOWS\system32\rgxadede.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1Vdml9v00] C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

4) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may results in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

5) Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post the log from CFScript, the log from MBAM and a new HJT log.

Let me know how the computer is running.

Thanks...Phil
 
When I get to this step, None of those items on shown.

3) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O4 - HKCU\..\Run: [actinfoadm] C:\WINDOWS\system32\kxyzsdwb.exe
O4 - HKCU\..\Run: [AppInfo] C:\WINDOWS\system32\shkpgjgv.exe
O4 - HKCU\..\Run: [aplmnt] C:\WINDOWS\system32\rgxadede.exe
O4 - HKLM\..\Policies\Explorer\Run: [g1Vdml9v00] C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
 
That means the CFScript killed them first, I like to check twice with junk like that. Thanks for the feedback:)
 
ComboFix 08-09-01.01 - Patrick 2008-09-01 17:02:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.614 [GMT -7:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Patrick\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\kxyzsdwb.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\shkpgjgv.exe
C:\WINDOWS\system32\spsvqxyx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\opstqlcb
C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
C:\WINDOWS\system32\kxyzsdwb.exe
C:\WINDOWS\system32\rgxadede.exe
C:\WINDOWS\system32\shkpgjgv.exe
C:\WINDOWS\system32\spsvqxyx.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-09-01 16:31 . 2008-09-01 16:31 203,776 --a------ C:\WINDOWS\system32\vefkrcxe.exe
2008-09-01 15:31 . 2008-09-01 15:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-01 13:58 . 2008-09-01 15:40 2,666 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 13:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-01 13:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-01 13:57 . 2008-08-31 00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-01 13:57 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-01 13:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-01 13:57 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-01 13:57 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-01 13:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-01 13:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-01 13:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-31 12:46 . 2008-08-31 12:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-30 14:14 . 2008-08-31 00:47 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-30 14:10 . 2008-09-01 13:44 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-30 14:10 . 2008-08-30 14:10 <DIR> d-------- C:\Program Files\AVG
2008-08-30 14:10 . 2008-08-30 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-30 14:10 . 2008-08-31 11:56 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 14:10 . 2008-08-30 14:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-30 14:10 . 2008-08-30 14:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-30 14:03 . 2008-08-30 14:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-30 14:03 . 2008-08-30 14:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-30 13:57 . 2007-08-10 21:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-30 13:54 . 2008-09-01 01:57 13,321,728 --a------ C:\WINDOWS\system32\logonuiX.exe
2008-08-30 13:11 . 2008-08-30 14:31 <DIR> d-------- C:\Program Files\SAV
2008-08-30 13:11 . 2008-08-30 13:11 115,204 --a------ C:\WINDOWS\system32\msxml71.dll
2008-08-30 03:41 . 2008-09-01 02:05 22 --a------ C:\WINDOWS\wb.ini
2008-08-30 03:32 . 2008-08-31 03:07 <DIR> d-------- C:\Program Files\Stardock
2008-08-30 03:03 . 2008-08-30 03:03 5,760,054 --a------ C:\WINDOWS\Think Green 1600x1200.bmp
2008-08-30 00:33 . 2008-08-30 00:33 <DIR> d-------- C:\Program Files\WinCustomize
2008-08-30 00:33 . 2008-08-30 23:58 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-30 00:33 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-08-30 00:33 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-30 00:33 . 2008-09-01 16:29 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Logitech
2008-08-28 14:58 . 2008-08-30 14:10 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-27 15:54 . 2008-08-27 15:54 <DIR> d-------- C:\Program Files\StylerTB
2008-08-25 14:24 . 2008-08-25 14:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-23 01:26 . 2008-08-23 01:26 <DIR> d-------- C:\Program Files\BuddyList Ops
2008-08-22 12:03 . 2008-08-22 12:03 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-15 22:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-15 22:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-08 20:42 . 2008-08-08 20:42 <DIR> d-------- C:\Program Files\Sibelius Software
2008-08-07 20:39 . 2008-08-07 20:39 <DIR> d-------- C:\Program Files\WMA-MP3.com
2008-08-07 20:39 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-08-04 20:21 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002972_.tmp
2008-08-04 20:05 . 2008-08-04 20:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iPod
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\QuickTime
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\Bonjour
2008-08-04 14:45 . 2008-08-04 14:45 <DIR> d-------- C:\Program Files\Safari
2008-08-02 18:41 . 2008-08-23 23:22 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\LimeWire
2008-08-02 17:03 . 2008-08-02 17:03 <DIR> d-------- C:\Program Files\AIM Music Link

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-31 19:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-31 01:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 20:34 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent
2008-08-30 09:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 18:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 21:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Apple Computer
2008-07-23 04:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-22 22:48 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-22 22:47 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-07-22 10:06 --------- d-----w C:\Program Files\Sun
2008-07-22 10:05 --------- d-----w C:\Program Files\Java
2008-07-21 10:55 --------- d-----w C:\Program Files\uTorrent
2008-07-19 12:09 --------- d-----w C:\Documents and Settings\Patrick\Application Data\BitTorrent
2008-07-19 11:25 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Winamp
2008-07-19 11:20 --------- d-----w C:\Program Files\Winamp
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 19:57 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 05:27 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 06:20 122940]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 21:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 11:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 11:47 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 11:57 1235736]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"PMX Daemon"="ICO.EXE" [2006-06-09 13:47 47104 C:\WINDOWS\system32\ico.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 13:01:18 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-31 03:13 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 11:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-08 09:49 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 11:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 14:33 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 04:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 11:56]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 11:56]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 11:56]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-30 14:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53]
S3 yeddef;YEDDEF driver;C:\WINDOWS\system32\Drivers\yeddef.sys []
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-actinfoadm - C:\WINDOWS\system32\kxyzsdwb.exe
HKCU-Run-AppInfo - C:\WINDOWS\system32\shkpgjgv.exe
HKCU-Run-aplmnt - C:\WINDOWS\system32\rgxadede.exe
HKLM-Explorer_Run-g1Vdml9v00 - C:\Documents and Settings\All Users\Application Data\opstqlcb\oxslcpcv.exe
MSConfigStartUp-smartwinstr - C:\WINDOWS\system32\spsvqxyx.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 17:03:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 17:04:28
ComboFix-quarantined-files.txt 2008-09-02 00:04:22
ComboFix2.txt 2008-09-01 23:33:09

Pre-Run: 213,972,443,136 bytes free
Post-Run: 213,964,083,200 bytes free

204 --- E O F --- 2008-08-30 10:20:10


Malwarebytes' Anti-Malware 1.25
Database version: 1103
Windows 5.1.2600 Service Pack 2

5:59:35 PM 9/1/2008
mbam-log-09-01-2008 (17-59-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 113121
Time elapsed: 38 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WNetPws (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\vefkrcxe.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav0.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav1.dat (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:27, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dllavgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5428 bytes
 
Computer is running well, and Spybot S & D gave me the "Congratulation!" message. Thanks for the help very much, if there isn't more to be done.

Patrick
 
Morning Patrick, thanks for returning your information and the feedback, you asked:
Computer is running well, and Spybot S & D gave me the "Congratulation!" message. Thanks for the help very much, if there isn't more to be done.
Click to expand...
We have a few more important steps so stick with me.

1) C:\WINDOWS\system32\vefkrcxe.exe <<< I need to know what this file is, make sure you can view all files and folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Scan that file here: http://virusscan.jotti.org/ post the results, manually delete that file if it scans bad.
Here are two more scanners if jotti is busy:
http://www.kaspersky.com/scanforvirus & http://www.virustotal.com/

2) This is the next bridge we must cross:
I am sure you saw this:
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Review that information to understand Recovery Console. Installation is optional but if you do not have the CD's needed, as is explained, it can be installed before we remove combofix.
If you do not have access to Recovery Console via a Windows CD, I strongly advise you to install this tool.
If you do not wish to install RC, let me know so I can continue with the cleanup.
If you install RC, post the C:\*CF-RC.txt*.

RC1-4.gif


Since we do not need to scan with combofix, click NO

RC_whatnext.gif


RC_AllDone.gif


Thanks...Phil
 
Yes, continue with RC, then do this.

Start > Search > All files and folder > Copy/paste vefkrcxe.exe into the search box and click ok or search. It may take a while, lots of files to search through. If that file is there and bad, we nesd to delete it.

Thanks
 
Ok I installed Recovery Console via Windows CD.
I searched for vefkrcxe.exe, but still no results.

After I installed RC, i ran combofix, but I didn't get the "What's next?"

here's the combofix log

ComboFix 08-09-01.01 - Patrick 2008-09-02 15:32:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.658 [GMT -7:00]
Running from: C:\Documents and Settings\Patrick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\interclick.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\#SharedObjects\CSF6ZZ2F\interclick.com\ud.sol
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-09-01 23:56 . 2008-09-01 23:56 <DIR> d-------- C:\Program Files\VideoLAN
2008-09-01 20:07 . 2008-09-01 20:07 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\vlc
2008-09-01 17:19 . 2008-09-01 17:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-01 17:19 . 2008-09-01 17:19 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\Malwarebytes
2008-09-01 17:19 . 2008-09-01 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-01 17:19 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 17:19 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 15:31 . 2008-09-01 15:31 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-01 13:58 . 2008-09-01 15:40 2,666 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-01 13:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-01 13:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-01 13:57 . 2008-08-31 00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-01 13:57 . 2008-08-27 15:17 87,040 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-01 13:57 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-01 13:57 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-01 13:57 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-01 13:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-01 13:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-01 13:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-31 12:46 . 2008-08-31 12:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-30 14:14 . 2008-09-01 17:56 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-30 14:10 . 2008-09-02 15:13 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-30 14:10 . 2008-08-30 14:10 <DIR> d-------- C:\Program Files\AVG
2008-08-30 14:10 . 2008-08-30 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-30 14:10 . 2008-08-31 11:56 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-30 14:10 . 2008-08-30 14:10 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-30 14:10 . 2008-08-30 14:10 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-30 14:03 . 2008-08-30 14:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-30 14:03 . 2008-08-30 14:48 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-30 14:03 . 2008-08-30 14:47 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-30 13:57 . 2007-08-10 21:46 33,656 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-08-30 13:54 . 2008-09-01 01:57 13,321,728 --a------ C:\WINDOWS\system32\logonuiX.exe
2008-08-30 13:11 . 2008-09-01 17:59 <DIR> d-------- C:\Program Files\SAV
2008-08-30 03:41 . 2008-09-01 02:05 22 --a------ C:\WINDOWS\wb.ini
2008-08-30 03:32 . 2008-08-31 03:07 <DIR> d-------- C:\Program Files\Stardock
2008-08-30 03:03 . 2008-08-30 03:03 5,760,054 --a------ C:\WINDOWS\Think Green 1600x1200.bmp
2008-08-30 00:33 . 2008-08-30 00:33 <DIR> d-------- C:\Program Files\WinCustomize
2008-08-30 00:33 . 2008-08-30 23:58 <DIR> d-------- C:\Program Files\Common Files\Stardock
2008-08-30 00:33 . 2000-10-10 13:01 198,656 --a------ C:\WINDOWS\system32\comdlg32.ocx
2008-08-30 00:33 . 2000-05-17 09:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2008-08-30 00:33 . 2008-09-02 15:12 24 --a------ C:\WINDOWS\LogonStudio.ini
2008-08-28 14:59 . 2008-08-28 14:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Logitech
2008-08-28 14:58 . 2008-08-30 14:10 <DIR> d-------- C:\Documents and Settings\Guest
2008-08-27 15:54 . 2008-08-27 15:54 <DIR> d-------- C:\Program Files\StylerTB
2008-08-25 14:24 . 2008-08-25 14:24 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-23 01:26 . 2008-08-23 01:26 <DIR> d-------- C:\Program Files\BuddyList Ops
2008-08-22 12:03 . 2008-08-22 12:03 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-15 22:00 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-15 22:00 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-08 20:42 . 2008-08-08 20:42 <DIR> d-------- C:\Program Files\Sibelius Software
2008-08-07 20:39 . 2008-08-07 20:39 <DIR> d-------- C:\Program Files\WMA-MP3.com
2008-08-07 20:39 . 2003-03-18 21:12 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-08-04 20:21 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\002972_.tmp
2008-08-04 20:05 . 2008-08-04 20:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-04 14:55 . 2008-08-04 14:55 <DIR> d-------- C:\Program Files\iPod
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\QuickTime
2008-08-04 14:54 . 2008-08-04 14:54 <DIR> d-------- C:\Program Files\Bonjour
2008-08-02 18:41 . 2008-08-23 23:22 <DIR> d-------- C:\Documents and Settings\Patrick\Application Data\LimeWire
2008-08-02 17:03 . 2008-08-02 17:03 <DIR> d-------- C:\Program Files\AIM Music Link

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-31 19:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-31 01:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-30 20:34 --------- d-----w C:\Documents and Settings\Patrick\Application Data\uTorrent
2008-08-30 09:49 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-22 18:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 21:56 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Apple Computer
2008-07-23 04:32 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-22 22:48 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-22 22:47 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-07-22 10:06 --------- d-----w C:\Program Files\Sun
2008-07-22 10:05 --------- d-----w C:\Program Files\Java
2008-07-21 10:55 --------- d-----w C:\Program Files\uTorrent
2008-07-19 12:09 --------- d-----w C:\Documents and Settings\Patrick\Application Data\BitTorrent
2008-07-19 11:25 --------- d-----w C:\Documents and Settings\Patrick\Application Data\Winamp
2008-07-19 11:20 --------- d-----w C:\Program Files\Winamp
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2006-05-03 09:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-01_16.32.38.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2001-07-15 00:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
- 2004-08-10 11:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2006-03-04 03:33:40 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-03-04 03:33:40 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-03-04 03:33:41 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-10 11:00:00 100,352 ----a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-10 11:00:00 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2006-03-04 03:33:40 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-13 13:10:50 272,128 -c----w C:\WINDOWS\system32\dllcache\bthport.sys
- 2006-03-04 03:33:40 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 15:38:29 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-03-04 03:33:41 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-06-23 15:38:30 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 08:56:44 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2004-08-10 11:00:00 148,480 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-10 11:00:00 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-03-04 03:33:41 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-10 11:00:00 243,200 ----a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2006-03-04 03:33:41 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-03-04 00:39:06 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-03-04 03:33:41 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 08:56:44 678,400 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2006-03-04 03:33:41 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-10 11:00:00 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-10 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 08:56:44 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2004-08-10 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-10 11:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-10 11:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-03-23 17:32:42 3,053,568 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-03-04 03:33:43 448,512 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-10 11:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-10 11:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-10 11:00:00 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-10 11:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-10 11:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-10 11:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-03-04 03:33:43 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-10 11:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-10 11:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-10 11:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-10 11:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-03-04 03:33:43 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-10 11:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-10 11:00:00 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2004-08-10 11:00:00 614,429 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-03-04 03:33:43 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-10 11:00:00 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-10 11:00:00 200,064 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-03-30 09:16:03 1,492,480 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-03-04 03:33:44 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-10 11:00:00 359,040 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-10 11:00:00 223,616 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2006-03-18 11:09:37 613,376 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-10 11:00:00 417,792 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-03-04 03:33:45 658,432 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-10 11:00:00 223,744 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 01:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2004-08-10 11:00:00 5,496,832 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 16:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 11:00:00 2,355,200 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-10 11:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-10 11:00:00 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2004-08-10 11:00:00 274,304 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
+ 2008-06-13 13:10:50 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
- 2004-08-10 11:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-10 11:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-10 11:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-10 11:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-03-04 03:33:41 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-03-04 03:33:41 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-03-04 03:33:41 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 08:56:44 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2006-03-04 03:33:41 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-10 11:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-10 11:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-10 11:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-10 11:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-03-23 17:32:42 3,053,568 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-03-04 03:33:43 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-10 11:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-10 11:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-10 11:00:00 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
- 2004-08-10 11:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-10 11:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-10 11:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-03-04 03:33:43 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-10 11:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-10 11:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-10 11:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-10 11:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-03-04 03:33:43 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-10 11:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-10 11:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-10 11:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2006-03-04 03:33:43 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-10 11:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2006-03-30 09:16:03 1,492,480 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-03-04 03:33:44 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-08-11 04:46:18 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2006-03-18 11:09:37 613,376 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-10 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-10 11:00:00 223,744 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-10 11:00:00 5,496,832 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 16:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 11:00:00 2,355,200 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2006-03-30 01:00:14 16,384 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 14:58 495616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-08 19:57 7110656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 05:27 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 06:20 122940]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 21:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 11:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 11:47 289064]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"LogonStudio"="C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 11:57 1235736]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 18:20 339968 C:\WINDOWS\stsystra.exe]
"PMX Daemon"="ICO.EXE" [2006-06-09 13:47 47104 C:\WINDOWS\system32\ico.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 04:12 76304 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 13:01:18 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 03:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-08-31 03:13 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dllavgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2004-10-08 09:49 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-08-04 01:56 1667584 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 11:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-07-09 14:33 36352 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 11:56]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 11:56]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 11:56]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-30 14:10]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 01:53]
S3 yeddef;YEDDEF driver;C:\WINDOWS\system32\Drivers\yeddef.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Patrick\Application Data\Mozilla\Firefox\Profiles\odmus1pr.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Octoshape Streaming Services\Patrick\octoprogram-L03-NMS0806110_SUA_900\npoctoshape.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 15:34:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-02 15:35:21
ComboFix-quarantined-files.txt 2008-09-02 22:35:18
ComboFix2.txt 2008-09-02 00:04:29
ComboFix3.txt 2008-09-01 23:33:09

Pre-Run: 213,779,656,704 bytes free
Post-Run: 213,769,306,112 bytes free

535 --- E O F --- 2008-09-02 07:22:31
 
Thanks for the feedback, if you say the file is not there, that is good enough for me.
Here is some information about Recovery Console:
http://support.microsoft.com/kb/314058
http://support.microsoft.com/kb/307654
Recovery Console is a tool that will allow you to recover from a catastrophic system failure, so let's hope you never need it. Many experts believe Microsoft should have installed it by default.

Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean any infected System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Update AVG and scan the system to make sure it is scanning clean.

Safe surfing:bigthumb:

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
 
Status
Not open for further replies.
Back
Top