Help Needed with Malware...Please.

[Smoke_O]

I got malware on my computer and I have ran various adware removal applications but the problem still exist. My C drive shows up as a big red X in the My Computer Folder. Internet Explorer doesnt work and I downloaded Mozilla to replace it and that has malware all in it now. My desktop items will disappear from time to time. It use to disappear until I restarted but now it just comes and goes. I also have the 'Live Safely Center' and 'Online Security Guide' trojan/shortcut that keeps popping up on my Desktop. Also my American Online is starting to act up and I suspect its the malware getting to it. Any help will be greatly appreciated. Here's my HiJack and Kasper log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:08 AM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Smoke.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: {21f8dc76-889f-16a8-54b4-53495b4dd19a} - {a91dd4b5-9435-4b45-8a61-f98867cd8f12} - C:\WINDOWS\system32\kfxpsmcd.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [68a5c019] rundll32.exe "C:\WINDOWS\system32\bpjfhhgb.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BM6b96f385] Rundll32.exe "C:\WINDOWS\system32\dfixyvpo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642969F0-39B0-449C-A053-D4069FCC6E9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: jwmijwkg - jwmijwkg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11743 bytes

 

[Smoke_O]

KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 5:12:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 808891
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 72177
Number of viruses found: 31
Number of infected objects: 61
Number of suspicious objects: 0
Duration of the scan process: 01:50:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\ooluig01 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\DataStore\users\OOluigbo.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{371904B8-8E33-4237-9C56-1E6FFE1846D1}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CD02BBE7-ED29-4613-8D3F-EA8E1C0D4752}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temp\History\History.IE5\MSHist012008052820080529\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temp\Perflib_Perfdata_8ac.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temp\~DF5B22.tmp Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temp\~DF6618.tmp Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{DE777D53-94B0-4ADA-9456-78C6E6664B5C}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ampjhimv.dll Infected: Trojan.Win32.Monder.aj skipped
C:\WINDOWS\system32\apyfbjir.dll Infected: Trojan.Win32.Monder.br skipped
C:\WINDOWS\system32\becehoqx.dll Infected: Trojan.Win32.Monder.an skipped
C:\WINDOWS\system32\bnmbmxvi.dll Infected: Trojan.Win32.Monder.be skipped
C:\WINDOWS\system32\bnywjhtb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\bpjfhhgb.dll Infected: Trojan.Win32.Monder.df skipped
C:\WINDOWS\system32\brsbjsse.dll Infected: Trojan.Win32.Monder.al skipped
C:\WINDOWS\system32\cijhtslj.dll Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ctkpwfsq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\cttaayyx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\cwqgdlbn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\dfixyvpo.dll Infected: Trojan.Win32.Monder.de skipped
C:\WINDOWS\system32\dwydvfvu.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\dywfitoe.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\eissofgp.dll Infected: Trojan.Win32.Monder.ct skipped
C:\WINDOWS\system32\eokjjxbq.dll Infected: Trojan.Win32.Monder.bt skipped
C:\WINDOWS\system32\esiiacuf.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ggubqkbw.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\glvheowq.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\gsspbaha.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hvjitytf.dll Infected: Trojan.Win32.Monder.cz skipped
C:\WINDOWS\system32\icyubocd.dll Infected: Trojan.Win32.Monder.ad skipped
C:\WINDOWS\system32\iwlnribd.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ixsnppud.dll Infected: Trojan.Win32.Monder.cf skipped
C:\WINDOWS\system32\jexckroy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\WINDOWS\system32\kgbvvvml.dll Infected: Trojan.Win32.Monder.cp skipped
C:\WINDOWS\system32\konuyluo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\kshllhxo.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\ldywlfut.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\WINDOWS\system32\nfeagvfn.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\nfqumexy.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\obkvitcv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\oqksqfbp.dll Infected: Trojan.Win32.Monder.as skipped
C:\WINDOWS\system32\oxkhoqsm.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\pbjfjwfk.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\pijqulry.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\pksndkxx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\pxmyjkth.dll Infected: Trojan.Win32.Monder.bw skipped
C:\WINDOWS\system32\qowralrg.dll Infected: Trojan.Win32.Monder.ap skipped
C:\WINDOWS\system32\rbkhtolg.dll Infected: Trojan.Win32.Monder.ag skipped
C:\WINDOWS\system32\sajpbscb.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\skwuchww.dll Infected: Trojan.Win32.Monder.ao skipped
C:\WINDOWS\system32\ugcprafr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\WINDOWS\system32\unghokou.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\uooowcql.dll Infected: Trojan.Win32.Monder.ah skipped
C:\WINDOWS\system32\uopsjsjh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\uqhhanmy.dll Infected: Trojan.Win32.Monder.av skipped
C:\WINDOWS\system32\vpeexkiy.dll Infected: Trojan.Win32.Monder.au skipped
C:\WINDOWS\system32\vwfiipev.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbewjtls.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\woxovbby.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wtuabava.dll Infected: Trojan.Win32.Monder.bd skipped
C:\WINDOWS\system32\wucxpvkg.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\xenxghik.dll Infected: Trojan.Win32.Monder.at skipped
C:\WINDOWS\system32\xgjrpjsb.dll Infected: Trojan.Win32.Monder.cq skipped
C:\WINDOWS\system32\ypqhwakw.dll Infected: Trojan.Win32.Monder.ag skipped
C:\WINDOWS\system32\ytelpvhv.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\yumflkvk.dll Infected: Trojan.Win32.Monder.da skipped
C:\WINDOWS\system32\ywlinpxp.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\yyagjjim.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.quf skipped
C:\WINDOWS\system32\yyvxechi.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\Temp\mcafee_oCkcXNNiKjzJibp Object is locked skipped
C:\WINDOWS\Temp\mcafee_zmlEGYG5ogeMHki Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aJMqNsZ4rqpgHMl Object is locked skipped
C:\WINDOWS\Temp\mcmsc_c8tLVUCgPQIBgTY Object is locked skipped
C:\WINDOWS\Temp\mcmsc_qjH9P2UkAQm6iVf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_xCOBEAmXfhgpMbA Object is locked skipped
C:\WINDOWS\Temp\mcmsc_YCy4WVgDW5nTFvh Object is locked skipped
C:\WINDOWS\Temp\sqlite_gUZU6nHXJ0jL78b Object is locked skipped
C:\WINDOWS\Temp\sqlite_l0E3P64fpiiRgEL Object is locked skipped
C:\WINDOWS\Temp\sqlite_os5NS6F24gjKdCH Object is locked skipped
C:\WINDOWS\Temp\sqlite_XSXnXBqLzSShreH Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

 

[Rorschach112]

Hello

Please download ATF Cleaner by Atribune.

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

 

[Smoke_O]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:12 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\Smoke.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642969F0-39B0-449C-A053-D4069FCC6E9D}: NameServer = 205.188.146.145
O20 - Winlogon Notify: jwmijwkg - jwmijwkg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11656 bytes

 

[Smoke_O]

ComboFix 08-05-29.1 - Chika Oluigbo 2008-05-29 14:50:57.4 - NTFSx86
Running from: C:\Documents and Settings\Chika Oluigbo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chika Oluigbo\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\ymbols~1
C:\Program Files\Common Files\ymbols~1\?ymbols\
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\BM6b96f385.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\aewhiqnj.dll
C:\WINDOWS\system32\ampjhimv.dll
C:\WINDOWS\system32\amqtfwji.ini
C:\WINDOWS\system32\apyfbjir.dll
C:\WINDOWS\system32\avabautw.ini
C:\WINDOWS\system32\becehoqx.dll
C:\WINDOWS\system32\bghhfjpb.ini
C:\WINDOWS\system32\bghhfjpb.ini2
C:\WINDOWS\system32\bghhfjpb.tmp
C:\WINDOWS\system32\bjuubsmr.dll
C:\WINDOWS\system32\bnmbmxvi.dll
C:\WINDOWS\system32\bnywjhtb.dll
C:\WINDOWS\system32\bpjfhhgb.dll
C:\WINDOWS\system32\brsbjsse.dll
C:\WINDOWS\system32\cijhtslj.dll
C:\WINDOWS\system32\ctkpwfsq.dll
C:\WINDOWS\system32\cttaayyx.dll
C:\WINDOWS\system32\cwqgdlbn.dll
C:\WINDOWS\system32\dbirnlwi.ini
C:\WINDOWS\system32\dfixyvpo.dll
C:\WINDOWS\system32\dwydvfvu.dll
C:\WINDOWS\system32\dywfitoe.dll
C:\WINDOWS\system32\edghwxwo.ini
C:\WINDOWS\system32\eissofgp.dll
C:\WINDOWS\system32\eokjjxbq.dll
C:\WINDOWS\system32\esiiacuf.dll
C:\WINDOWS\system32\fduhpvah.ini
C:\WINDOWS\system32\fetsropm.ini
C:\WINDOWS\system32\fmvxqmjj.ini
C:\WINDOWS\system32\fpoqmctk.ini
C:\WINDOWS\system32\fsncbvct.ini
C:\WINDOWS\system32\fypaxvgh.ini
C:\WINDOWS\system32\gbbvtopm.ini
C:\WINDOWS\system32\gcohjkps.ini
C:\WINDOWS\system32\gcpdrmgy.ini
C:\WINDOWS\system32\ggubqkbw.dll
C:\WINDOWS\system32\glvheowq.dll
C:\WINDOWS\system32\gntcatiy.ini
C:\WINDOWS\system32\gsspbaha.dll
C:\WINDOWS\system32\gwlftgsa.ini
C:\WINDOWS\system32\hcyiapro.ini
C:\WINDOWS\system32\hjspmiur.ini
C:\WINDOWS\system32\hlyhdgoi.ini
C:\WINDOWS\system32\hnndpokm.ini
C:\WINDOWS\system32\hvjitytf.dll
C:\WINDOWS\system32\icyubocd.dll
C:\WINDOWS\system32\ipjnufck.ini
C:\WINDOWS\system32\irfofvrq.ini
C:\WINDOWS\system32\irugjgsi.ini
C:\WINDOWS\system32\iwlnribd.dll
C:\WINDOWS\system32\ixdpbxsx.ini
C:\WINDOWS\system32\ixsnppud.dll
C:\WINDOWS\system32\iyyxexxg.ini
C:\WINDOWS\system32\jcxaghmv.ini
C:\WINDOWS\system32\jexckroy.dll
C:\WINDOWS\system32\jjfojmej.ini
C:\WINDOWS\system32\jkjtfxpk.exe
C:\WINDOWS\system32\johcyupi.ini
C:\WINDOWS\system32\jsyodpsj.ini
C:\WINDOWS\system32\jwdupnoi.ini
C:\WINDOWS\system32\kfxpsmcd.dll
C:\WINDOWS\system32\kgbvvvml.dll
C:\WINDOWS\system32\khfgfmiy.ini
C:\WINDOWS\system32\klahfkie.ini
C:\WINDOWS\system32\konuyluo.dll
C:\WINDOWS\system32\kshllhxo.dll
C:\WINDOWS\system32\lbhmownj.ini
C:\WINDOWS\system32\ldywlfut.dll
C:\WINDOWS\system32\ltuqgjfu.ini
C:\WINDOWS\system32\lytibrgr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mubudppi.ini
C:\WINDOWS\system32\nfeagvfn.dll
C:\WINDOWS\system32\nfqumexy.dll
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nmdrrdyj.ini
C:\WINDOWS\system32\npwovtkc.ini
C:\WINDOWS\system32\nrbqftmg.exe
C:\WINDOWS\system32\oansjqxu.ini
C:\WINDOWS\system32\obkvitcv.dll
C:\WINDOWS\system32\olwkkfsq.ini
C:\WINDOWS\system32\oqksqfbp.dll
C:\WINDOWS\system32\oulyunok.ini
C:\WINDOWS\system32\ovnifrew.ini
C:\WINDOWS\system32\oxkhoqsm.dll
C:\WINDOWS\system32\p9
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pbfqskqo.ini
C:\WINDOWS\system32\pbjfjwfk.dll
C:\WINDOWS\system32\pgfossie.ini
C:\WINDOWS\system32\pijqulry.dll
C:\WINDOWS\system32\pksndkxx.dll
C:\WINDOWS\system32\pxmyjkth.dll
C:\WINDOWS\system32\qbtenemg.ini
C:\WINDOWS\system32\qbxjjkoe.ini
C:\WINDOWS\system32\qowralrg.dll
C:\WINDOWS\system32\rbkhtolg.dll
C:\WINDOWS\system32\rgxobrbo.ini
C:\WINDOWS\system32\rhhkyyqo.ini
C:\WINDOWS\system32\rsxmcjok.ini
C:\WINDOWS\system32\sajpbscb.dll
C:\WINDOWS\system32\sddkgsay.ini
C:\WINDOWS\system32\skwuchww.dll
C:\WINDOWS\system32\ssyocohf.ini
C:\WINDOWS\system32\suvcebro.ini
C:\WINDOWS\system32\tsicvhqb.ini
C:\WINDOWS\system32\tuflwydl.ini
C:\WINDOWS\system32\txukqhro.ini
C:\WINDOWS\system32\ugcprafr.dll
C:\WINDOWS\system32\unghokou.dll
C:\WINDOWS\system32\uokohgnu.ini
C:\WINDOWS\system32\uokqleqj.ini
C:\WINDOWS\system32\uooowcql.dll
C:\WINDOWS\system32\uopsjsjh.dll
C:\WINDOWS\system32\uqhhanmy.dll
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vpeexkiy.dll
C:\WINDOWS\system32\vqkbnhhu.ini
C:\WINDOWS\system32\vtarpuqq.ini
C:\WINDOWS\system32\vwfiipev.dll
C:\WINDOWS\system32\vxanlyqs.ini
C:\WINDOWS\system32\w11
C:\WINDOWS\system32\wbewjtls.dll
C:\WINDOWS\system32\wgkavuow.ini
C:\WINDOWS\system32\woxovbby.dll
C:\WINDOWS\system32\wtuabava.dll
C:\WINDOWS\system32\wucxpvkg.dll
C:\WINDOWS\system32\wwlnhlqg.ini
C:\WINDOWS\system32\xenxghik.dll
C:\WINDOWS\system32\xevpsgft.ini
C:\WINDOWS\system32\xgjrpjsb.dll
C:\WINDOWS\system32\xjypcitu.ini
C:\WINDOWS\system32\xmhirxvh.ini
C:\WINDOWS\system32\xuqjosju.ini
C:\WINDOWS\system32\xwvwdatj.ini
C:\WINDOWS\system32\ymnahhqu.ini
C:\WINDOWS\system32\ypqhwakw.dll
C:\WINDOWS\system32\ytelpvhv.dll
C:\WINDOWS\system32\ytljpfhj.ini
C:\WINDOWS\system32\yumflkvk.dll
C:\WINDOWS\system32\ywlinpxp.dll
C:\WINDOWS\system32\yyagjjim.dll
C:\WINDOWS\system32\yyvxechi.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.

2008-05-14 00:04 . 2008-05-28 12:47 <DIR> d-------- C:\Program Files\Movie Joiner
2008-05-12 05:22 . 2008-05-12 05:22 550 --a------ C:\WINDOWS\mozver.dat
2008-05-12 04:18 . 2008-05-12 04:18 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Talkback
2008-05-11 20:49 . 2008-05-11 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-11 02:30 . 2008-05-11 14:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-11 02:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Program Files\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-11 01:09 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-11 01:09 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-05-11 01:09 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-11 01:09 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-05-11 01:09 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-05-11 01:08 . 2008-05-11 01:08 <DIR> d-------- C:\Program Files\AskSBar
2008-05-10 18:27 . 2008-05-10 18:27 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Lavasoft
2008-05-10 18:11 . 2008-05-10 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-05-02 16:31 . 2008-05-29 15:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-02 16:31 . 2008-05-02 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-02 16:18 . 2008-05-02 16:19 <DIR> d-------- C:\Program Files\iPod
2008-05-02 16:16 . 2008-05-02 16:21 <DIR> d-------- C:\Program Files\iTunes
2008-05-02 15:34 . 2008-05-02 15:48 <DIR> d-------- C:\Program Files\QuickTime
2008-04-30 03:44 . 2008-04-30 03:44 <DIR> d-------- C:\WINDOWS\system32\logs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 04:10 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-13 08:40 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 06:16 --------- d-----w C:\Program Files\BearShare
2008-05-06 03:29 --------- d-----w C:\Documents and Settings\Chika Oluigbo\Application Data\SiteAdvisor
2008-05-05 01:34 --------- d-----w C:\Program Files\Apple Software Update
2008-04-13 23:14 846,583 --sha-w C:\WINDOWS\system32\sgtnpooc.tmp
2008-04-11 00:05 --------- d-----w C:\Program Files\America Online 9.0
2007-11-11 08:59 56 --sh--r C:\WINDOWS\system32\BFF64D9959.sys
2007-11-11 08:59 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-30_ 7.17.46.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-29 19:02:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-05-02 18:06:22 27,136 ----a-r C:\WINDOWS\Installer\{02DFF6B1-1654-411C-8D7B-FD6052EF016F}\AppleSoftwareUpdateIco.exe
+ 2008-05-02 20:29:17 102,400 ----a-r C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2005-11-05 00:19:05 2,238 -c--a-r C:\WINDOWS\Installer\{A683A2C0-821C-486F-858C-FA634DB5E864}\ARPPRODUCTICON.exe
- 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2008-04-11 18:05:53 2,306 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{6180BAAE-A530-4D1E-B024-8C46DB421E7D}.bin
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-10 11:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-10 11:00:00 73,376 -c--a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-10 11:00:00 25,264 -c--a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-10 11:00:00 28,160 -c--a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-10 11:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-10 11:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-10 11:00:00 3,360 -c--a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-10 11:00:00 4,048 -c--a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-10 11:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-10 11:00:00 13,600 -c--a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-10 11:00:00 146,432 -c--a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2005-05-26 10:16:24 75,544 -c--a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2004-08-10 11:00:00 10,544 -c--a-w C:\WINDOWS\system32\comm.drv
+ 2004-08-10 11:00:00 1,788 -c--a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-12-06 07:05:00 2,239 ----a-w C:\WINDOWS\system32\dla\tfsndres.sys
- 2005-05-26 10:16:24 75,544 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-30 23:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2004-08-04 05:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2004-08-04 06:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2005-05-26 10:16:30 465,176 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2005-05-26 10:16:30 124,184 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2005-05-26 10:16:30 1,343,768 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2005-05-26 10:16:30 127,256 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2005-05-26 10:16:30 41,240 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2005-05-26 10:16:30 173,536 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2004-08-04 05:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2006-09-19 18:44:04 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2008-01-29 16:01:28 16,168 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2006-12-22 21:02:40 71,496 ----a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
+ 2007-06-25 18:54:44 71,496 ----a-w C:\WINDOWS\system32\drivers\mfeavfk.sys
- 2006-12-22 21:02:34 34,184 ----a-w C:\WINDOWS\system32\drivers\mfebopk.sys
+ 2007-06-25 15:57:10 34,184 ----a-w C:\WINDOWS\system32\drivers\mfebopk.sys
- 2006-12-22 21:02:34 170,408 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
+ 2008-02-06 13:51:44 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
- 2006-12-22 21:02:34 32,008 ----a-w C:\WINDOWS\system32\drivers\mferkdk.sys
+ 2007-06-25 15:57:24 32,008 ----a-w C:\WINDOWS\system32\drivers\mferkdk.sys
- 2006-12-22 21:02:34 37,480 ----a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
+ 2007-06-25 15:57:28 37,480 ----a-w C:\WINDOWS\system32\drivers\mfesmfk.sys
- 2007-01-09 21:44:44 107,608 ----a-w C:\WINDOWS\system32\drivers\Mpfp.sys
+ 2007-03-02 19:16:52 109,608 ----a-w C:\WINDOWS\system32\drivers\Mpfp.sys
+ 2004-08-10 11:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
+ 2008-02-18 15:16:24 30,464 -c--a-w C:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys
- 2006-10-03 23:47:52 109,360 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2008-01-29 16:02:30 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
+ 2004-08-10 11:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-08-10 11:00:00 221,600 -c--a-w C:\WINDOWS\system32\lanman.drv
+ 2008-05-26 20:56:43 4,096 ----a-w C:\WINDOWS\system32\logs\Events.dat
+ 2004-08-10 11:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-08-10 11:00:00 73,376 -c--a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-10 11:00:00 25,264 -c--a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-10 11:00:00 28,160 -c--a-w C:\WINDOWS\system32\mciwave.drv
+ 2004-08-10 11:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
+ 2004-08-10 11:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2004-08-10 11:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-10 11:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
+ 2004-08-10 11:00:00 2,656 -c--a-w C:\WINDOWS\system32\netware.drv
- 2007-11-04 16:12:49 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-11 07:58:30 53,838 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-04 16:12:49 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-11 07:58:30 382,260 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-30 23:19:12 43,352 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
+ 2004-08-10 11:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
+ 2004-08-10 11:00:00 3,360 -c--a-w C:\WINDOWS\system32\system.drv
+ 2004-08-10 11:00:00 4,048 -c--a-w C:\WINDOWS\system32\timer.drv
+ 2004-08-10 11:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
+ 2004-08-04 06:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-10 11:00:00 13,600 -c--a-w C:\WINDOWS\system32\wfwnet.drv
+ 2004-08-10 11:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-10 11:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
+ 2004-08-10 11:00:00 2,112 -c--a-w C:\WINDOWS\system32\winspool.exe
+ 2004-08-10 11:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
- 2005-05-26 10:16:30 465,176 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-30 23:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2005-05-26 10:16:30 124,184 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-30 23:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2005-05-26 10:16:30 1,343,768 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-30 23:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2005-05-26 10:16:30 127,256 -c--a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-30 23:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2005-05-26 10:16:30 41,240 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-30 23:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2005-05-26 10:16:30 18,200 -c--a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-30 23:19:12 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
- 2005-05-26 10:16:30 173,536 -c--a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-30 23:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-11 01:08 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-11 01:08 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-11 01:08 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"Uaol"="C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 13:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 10:50 131072]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-08 22:39 36904]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-11-04 20:08:39 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-04 19:59:01 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jwmijwkg]
jwmijwkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S2 rundll.exe;rundll.exe;"C:\WINDOWS\rundll.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 15:47:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 05:16:07 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 15:03:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\spupdsvc]
"ImagePath"="C:\WINDOWS\system32\spupdsvc.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6261\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\WINDOWS\SoftwareDistribution\Download\26a7ba71936ef28fcb3bb73b860e289e\update\update.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-29 15:18:12 - machine was rebooted [Chika Oluigbo]
ComboFix-quarantined-files.txt 2008-05-29 19:16:59
ComboFix2.txt 2007-12-01 10:40:17

Pre-Run: 439,869,440 bytes free
Post-Run: 340,590,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

466

 

[Rorschach112]

Hello


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\sgtnpooc.tmp
E:\setup.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

Driver::
rundll.exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also post a new HijackThis log

 

[Smoke_O]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:49 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\HijackThis\Smoke.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: jwmijwkg - jwmijwkg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11316 bytes

 

[Smoke_O]

ComboFix 08-05-29.1 - Chika Oluigbo 2008-05-30 4:44:05.5 - NTFSx86
Running from: C:\Documents and Settings\Chika Oluigbo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chika Oluigbo\Desktop\CFScript.txt
* Resident AV is active


FILE ::
C:\WINDOWS\system32\sgtnpooc.tmp
E:\setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jwmijwkg.dllbox
C:\WINDOWS\system32\sgtnpooc.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RUNDLL.EXE
-------\Service_rundll.exe


((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))
.

2008-05-14 00:04 . 2008-05-28 12:47 <DIR> d-------- C:\Program Files\Movie Joiner
2008-05-12 05:22 . 2008-05-12 05:22 550 --a------ C:\WINDOWS\mozver.dat
2008-05-12 04:18 . 2008-05-12 04:18 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Talkback
2008-05-11 20:49 . 2008-05-11 20:49 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-11 02:30 . 2008-05-11 14:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-11 02:30 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Program Files\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Webroot
2008-05-11 01:09 . 2008-05-11 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-11 01:09 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-05-11 01:09 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-05-11 01:09 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-05-11 01:09 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-05-11 01:09 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-05-11 01:08 . 2008-05-11 01:08 <DIR> d-------- C:\Program Files\AskSBar
2008-05-10 18:27 . 2008-05-10 18:27 <DIR> d-------- C:\Documents and Settings\Chika Oluigbo\Application Data\Lavasoft
2008-05-10 18:11 . 2008-05-10 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Geek Squad
2008-05-02 16:31 . 2008-05-29 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-02 16:31 . 2008-05-02 16:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-02 16:18 . 2008-05-02 16:19 <DIR> d-------- C:\Program Files\iPod
2008-05-02 16:16 . 2008-05-02 16:21 <DIR> d-------- C:\Program Files\iTunes
2008-05-02 15:34 . 2008-05-02 15:48 <DIR> d-------- C:\Program Files\QuickTime
2008-04-30 03:44 . 2008-04-30 03:44 <DIR> d-------- C:\WINDOWS\system32\logs
2008-04-19 15:19 . 2008-04-19 15:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-13 23:36 . 2008-04-13 21:25 294 --ahs---- C:\WINDOWS\system32\sgtnpooc.ini
2008-04-11 13:58 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-11 13:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-11 13:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-11 13:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-11 13:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 04:10 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-13 08:40 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-11 06:16 --------- d-----w C:\Program Files\BearShare
2008-05-06 03:29 --------- d-----w C:\Documents and Settings\Chika Oluigbo\Application Data\SiteAdvisor
2008-05-05 01:34 --------- d-----w C:\Program Files\Apple Software Update
2008-04-11 00:05 --------- d-----w C:\Program Files\America Online 9.0
2007-11-11 08:59 56 --sh--r C:\WINDOWS\system32\BFF64D9959.sys
2007-11-11 08:59 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-05-29_15.15.32.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
- 2006-03-04 09:07:31 1,200,128 -c--a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-29 19:22:39 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2006-03-04 09:03:27 1,257,472 -c--a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-29 19:33:10 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2005-08-17 03:02:56 1,224,704 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-29 19:33:13 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-29 19:23:03 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_b5c40eee\CustomMarshalers.dll
+ 2008-05-29 19:23:14 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_7fd76d95\mscorlib.dll
+ 2008-05-29 19:23:39 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_cf874b5c\System.Design.dll
+ 2008-05-29 19:23:43 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_bdae8b84\System.Drawing.Design.dll
+ 2008-05-29 19:23:42 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_d16eca24\System.Drawing.dll
+ 2008-05-29 19:23:52 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_76429bc3\System.Windows.Forms.dll
+ 2008-05-29 19:23:59 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_a382f16d\System.Xml.dll
+ 2008-05-29 19:23:30 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_d79a4910\System.dll
+ 2008-05-29 19:34:52 118,784 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_59106888\CustomMarshalers.dll
+ 2008-05-29 19:33:54 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_669750fc\CustomMarshalers.dll
+ 2008-05-29 19:35:36 8,908,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0d6bb5e5\mscorlib.dll
+ 2008-05-29 19:34:36 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fda792c9\mscorlib.dll
+ 2008-05-29 19:35:12 3,395,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_36b32990\System.Design.dll
+ 2008-05-29 19:34:29 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_92ccff04\System.Design.dll
+ 2008-05-29 19:34:53 192,512 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9ca69e2a\System.Drawing.Design.dll
+ 2008-05-29 19:34:00 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_e4913326\System.Drawing.Design.dll
+ 2008-05-29 19:34:31 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_2361008c\System.Drawing.dll
+ 2008-05-29 19:35:20 2,244,608 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_aef37ddc\System.Drawing.dll
+ 2008-05-29 19:34:58 7,884,800 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_63d0a13f\System.Windows.Forms.dll
+ 2008-05-29 19:34:11 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b33194f7\System.Windows.Forms.dll
+ 2008-05-29 19:34:19 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_3ffe8991\System.Xml.dll
+ 2008-05-29 19:35:04 5,513,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_e5d521eb\System.Xml.dll
+ 2008-05-29 19:33:51 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_649ac3f0\System.dll
+ 2008-05-29 19:34:50 4,788,224 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_65a27fdc\System.dll
+ 2006-03-04 09:04:12 3,014,656 -c----w C:\WINDOWS\assembly\temp\08GNT19GOW\System.Windows.Forms.dll
+ 2006-03-04 09:04:22 2,088,960 ------w C:\WINDOWS\assembly\temp\2BJQY5DKSZ\System.Xml.dll
+ 2006-03-04 09:04:45 835,584 -c----w C:\WINDOWS\assembly\temp\5DLS08FNU2\System.Drawing.dll
+ 2005-08-17 03:02:56 1,224,704 ------w C:\WINDOWS\assembly\temp\KT08FNV2AH\System.dll
+ 2006-03-04 09:04:53 3,379,200 ------w C:\WINDOWS\assembly\temp\LT19GOV3BI\mscorlib.dll
+ 2006-03-04 09:03:50 1,953,792 ------w C:\WINDOWS\assembly\temp\V4CJRY6ELT\System.dll
- 2008-05-29 19:02:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-30 08:55:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-08-10 11:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2008-05-29 19:21:47 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2004-08-04 04:11:02 200,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2007-01-02 20:34:04 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2004-08-04 04:11:06 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2007-01-02 20:34:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2004-07-20 00:54:06 7,680 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2007-01-02 20:29:28 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2004-08-04 04:12:04 73,728 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2007-01-02 20:29:12 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2004-08-04 04:12:06 86,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2007-01-02 20:29:12 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2004-07-20 00:54:08 1,998,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2007-01-02 20:21:20 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2004-07-20 00:54:12 2,265,088 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2007-01-02 20:28:28 2,273,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2004-07-20 00:54:14 2,269,184 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2007-01-02 20:28:46 2,281,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2004-09-30 00:11:14 106,496 -c----w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2007-01-15 20:11:26 73,728 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2004-10-07 23:36:20 102,400 -c----w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
+ 2007-01-15 20:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe
- 2004-10-07 19:28:36 1,200,128 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2007-01-02 20:40:24 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2004-09-30 00:11:42 118,784 -c----w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
+ 2007-01-15 20:11:30 57,344 ------w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe
- 2004-07-15 07:49:16 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 01:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 07:49:22 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 01:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2004-07-15 06:32:22 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 00:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 01:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 00:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 06:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 00:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 06:33:04 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 00:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 20:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 00:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 00:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2004-07-15 06:26:52 2,510,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 00:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 06:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 00:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2004-08-10 22:20:00 106,496 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2007-01-15 20:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-07-15 07:49:16 258,048 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_aspnet_isapi.dll
+ 2004-07-15 06:32:22 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_CORPerfMonExt.dll
+ 2004-07-15 06:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_fusion.dll
+ 2004-07-15 06:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_mscorjit.dll
+ 2004-07-15 20:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_mscorlib.dll
+ 2003-02-21 01:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_mscorsn.dll
+ 2004-07-15 06:26:52 2,510,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_mscorsvr.dll
+ 2004-07-15 06:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_mscorwks.dll
+ 2003-02-21 10:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_msvcr71.dll
+ 2004-07-15 06:34:50 94,208 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW4060\_PerfCounter.dll
- 2004-07-15 20:31:16 1,224,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 01:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-10-08 12:20:12 1,257,472 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 01:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2006-10-12 14:02:52 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2007-01-04 14:05:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-01-04 14:05:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-01-04 14:05:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-10-12 14:02:52 57,344 ------w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2007-01-04 14:05:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-01-04 14:05:28 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-01-04 14:05:28 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-11-08 05:06:13 86,528 ------w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 ------w C:\WINDOWS\system32\dllcache\directdb.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-01-04 14:05:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-01-04 14:05:28 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-06-13 10:23:07 1,033,216 ------w C:\WINDOWS\system32\dllcache\explorer.exe
- 2007-01-04 14:05:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-01-04 11:03:40 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:07:53 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-01-04 14:05:28 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-11-08 05:06:13 679,424 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-01-04 14:05:29 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-01-04 14:05:29 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-07-05 10:55:01 984,064 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-01-04 14:05:30 3,062,272 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-01-04 14:05:29 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-11-08 05:06:13 1,314,816 ----a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:12:08 1,314,816 ----a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2007-01-04 14:05:29 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:32:06 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-01-04 14:05:30 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-02-09 11:10:35 574,464 ------w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-01-04 14:05:30 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:35:13 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\dllcache\schannel.dll
- 2007-01-04 14:05:30 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-01-04 14:05:30 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-04-23 10:32:54 364,160 ------w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2007-01-25 12:24:58 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-03-08 15:36:28 577,536 ------w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-12-19 18:08:07 852,480 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-11-08 05:06:13 510,976 ------w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:12 510,976 ------w C:\WINDOWS\system32\dllcache\wab32.dll
- 2006-11-08 05:06:13 85,504 ----a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:12:15 85,504 ----a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2008-03-19 09:47:00 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-01-04 14:05:30 665,088 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:32:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-03-17 13:43:01 292,864 ------w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-10-27 21:39:46 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-10 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-10 11:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-10 11:00:00 574,592 -c--a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-10 11:00:00 27,440 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-10 11:00:00 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2007-01-04 14:05:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-01-04 14:05:28 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-01-04 14:05:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-03-04 10:57:54 163,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-29 22:56:50 163,528 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-12-29 02:54:35 280,064 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-01-04 14:05:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-11-08 05:06:13 679,424 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-01-04 14:05:29 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-01-04 14:05:29 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-05 10:55:01 984,064 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-10 11:00:00 39,936 -c--a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2008-04-06 02:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-07-15 06:24:50 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 16:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2007-01-04 14:05:30 3,062,272 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-01-04 14:05:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-05-04 20:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2007-01-04 14:05:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-01-04 14:05:30 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2006-11-04 19:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2007-05-08 19:03:04 1,275,392 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2006-12-22 17:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2004-08-10 11:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-01-04 14:05:30 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 04:13:42 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-10 11:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-10 11:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2007-01-04 14:05:30 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-01-04 14:05:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 15:21:34 22,752 -c--a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-01-29 08:58:06 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2004-08-10 11:00:00 185,344 -c--a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2007-01-25 12:24:58 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-03-02 18:09:30 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-10 11:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2005-10-06 00:05:59 1,839,488 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
- 2007-01-04 14:05:30 665,088 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
- 2005-09-01 01:41:54 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2005-08-04 00:29:52 227,840 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 21:39:46 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-04-29 11:07:48 5,533,696 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2007-01-04 10:50:42 248,320 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-05-30 10:10:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_150.dat
+ 2007-05-08 19:06:44 1,275,392 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-11 01:08 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-11 01:08 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-11 01:08 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 17:46 135168]
"Uaol"="C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48 32881]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 13:26 606208]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 10:50 131072]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06 106496]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-02-08 22:39 36904]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe" [2006-09-25 20:52 50736]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"combofix"="C:\WINDOWS\system32\CF20290.exe" [2004-08-10 07:00 388608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-11-04 20:08:39 156784]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-04 19:59:01 24576]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 13:59:36 806912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jwmijwkg]
jwmijwkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 15:47:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 05:16:07 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 05:00:25 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-30 11:51:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-05-30 12:00:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-30 16:00:09
ComboFix2.txt 2008-05-29 19:18:16
ComboFix3.txt 2007-12-01 10:40:17

Pre-Run: 94,011,392 bytes free
Post-Run: 228,044,800 bytes free

624 --- E O F --- 2008-05-29 19:40:14

 

[Rorschach112]

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\YMBOLS~1\msiexec.exe" -vt yazb
O20 - Winlogon Notify: jwmijwkg - jwmijwkg.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Delete this folder in bold

C:\Program Files\MyWaySA



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new HijackThis log

 

[Smoke_O]

Malwarebytes' Anti-Malware 1.14
Database version: 807

1:56:25 AM 5/31/2008
mbam-log-5-31-2008 (01-56-25).txt

Scan type: Quick Scan
Objects scanned: 36719
Time elapsed: 16 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{b7f66d09-d1e6-4a79-9743-f3579ad82ed5} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spruce.sprucebho (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spruce.sprucebho.1 (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4811603f-8f2d-43f9-8f2f-3fdcaa8a1b7b} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ee92f989-cb72-469b-82e6-99ca303a6059} (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\silent.coolbho (Adware.Rabio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\silent.coolbho.1 (Adware.Rabio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{57a8860b-6d4a-4b77-a485-303f0abb920c} (Adware.Rabio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3be18056-e742-4777-a09f-426bf38dc235} (Adware.Rabio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c1b0024f-d9db-4653-bca0-0cb670428f6a} (Adware.Rabio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Spruce (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MsSC2 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spruce (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spruce (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Spruce.DLL (Adware.Spruce) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Cool (Adware.Webbuying) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Cool (Adware.Webbuying) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Cool (Adware.Webbuying) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Cool (Adware.Webbuying) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\Silent.DLL (Adware.Webbuying) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Chika Oluigbo\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

 

[Rorschach112]

Post a new HijackThis log

 

[Smoke_O]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:23 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Smoke.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11206 bytes

 

[Rorschach112]

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com/products/acrobat/readstep2.html



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

 

[Smoke_O]

Thanks Scratch but I think I still have some malware on my computer, because my C drive symbol in My Computer still has a Big Red X as the symbol and when I run other scans they show viruses. Here's my log from Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Monday, June 02, 2008 3:28:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/06/2008
Kaspersky Anti-Virus database records: 821972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 71725
Number of viruses found: 31
Number of infected objects: 61
Number of suspicious objects: 0
Duration of the scan process: 01:42:53

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Apps.Lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\main.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sap.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\spool.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\STYLE.LST Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\sysnews.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\idb\Toolbar.lst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\CACHE\ooluig02 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo.abi Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\organize\ooluigbo.aby Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\ShopAssist\DataStore\users\OOluigbo.adb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{CD02BBE7-ED29-4613-8D3F-EA8E1C0D4752}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR6.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\History\History.IE5\MSHist012008060220080603\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temp\~DF316B.tmp Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chika Oluigbo\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ampjhimv.dll.vir Infected: Trojan.Win32.Monder.aj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\apyfbjir.dll.vir Infected: Trojan.Win32.Monder.br skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\becehoqx.dll.vir Infected: Trojan.Win32.Monder.an skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bnmbmxvi.dll.vir Infected: Trojan.Win32.Monder.be skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bnywjhtb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bpjfhhgb.dll.vir Infected: Trojan.Win32.Monder.df skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\brsbjsse.dll.vir Infected: Trojan.Win32.Monder.al skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cijhtslj.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.bgj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ctkpwfsq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cttaayyx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\cwqgdlbn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dfixyvpo.dll.vir Infected: Trojan.Win32.Monder.de skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dwydvfvu.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dywfitoe.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\eissofgp.dll.vir Infected: Trojan.Win32.Monder.ct skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\eokjjxbq.dll.vir Infected: Trojan.Win32.Monder.bt skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\esiiacuf.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ggubqkbw.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\glvheowq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\gsspbaha.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hvjitytf.dll.vir Infected: Trojan.Win32.Monder.cz skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\icyubocd.dll.vir Infected: Trojan.Win32.Monder.ad skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iwlnribd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ixsnppud.dll.vir Infected: Trojan.Win32.Monder.cf skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jexckroy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixf skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kgbvvvml.dll.vir Infected: Trojan.Win32.Monder.cp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\konuyluo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kshllhxo.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ldywlfut.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ixe skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nfeagvfn.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nfqumexy.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\obkvitcv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oqksqfbp.dll.vir Infected: Trojan.Win32.Monder.as skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oxkhoqsm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pbjfjwfk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pijqulry.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pksndkxx.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pxmyjkth.dll.vir Infected: Trojan.Win32.Monder.bw skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qowralrg.dll.vir Infected: Trojan.Win32.Monder.ap skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rbkhtolg.dll.vir Infected: Trojan.Win32.Monder.ag skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sajpbscb.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\skwuchww.dll.vir Infected: Trojan.Win32.Monder.ao skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ugcprafr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nve skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\unghokou.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uooowcql.dll.vir Infected: Trojan.Win32.Monder.ah skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uopsjsjh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\uqhhanmy.dll.vir Infected: Trojan.Win32.Monder.av skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vpeexkiy.dll.vir Infected: Trojan.Win32.Monder.au skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vwfiipev.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wbewjtls.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\woxovbby.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wtuabava.dll.vir Infected: Trojan.Win32.Monder.bd skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wucxpvkg.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xenxghik.dll.vir Infected: Trojan.Win32.Monder.at skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xgjrpjsb.dll.vir Infected: Trojan.Win32.Monder.cq skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ypqhwakw.dll.vir Infected: Trojan.Win32.Monder.ag skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ytelpvhv.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yumflkvk.dll.vir Infected: Trojan.Win32.Monder.da skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ywlinpxp.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yyagjjim.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.quf skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yyvxechi.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{58ABA098-AD48-45DD-889B-CC41A40D36B5}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_tAoGR1fIaHGoEo4 Object is locked skipped
C:\WINDOWS\Temp\mcafee_xVKe8uwzeoGQYQa Object is locked skipped
C:\WINDOWS\Temp\mcmsc_125QPz7nJLKug3M Object is locked skipped
C:\WINDOWS\Temp\mcmsc_6XQCfJ8jptrDqun Object is locked skipped
C:\WINDOWS\Temp\mcmsc_h8faQQP14aH3vbc Object is locked skipped
C:\WINDOWS\Temp\sqlite_fKgOPDJceQdVAkN Object is locked skipped
C:\WINDOWS\Temp\sqlite_PXGYohl3PUTqpyr Object is locked skipped
C:\WINDOWS\Temp\sqlite_qhS6mNOZ4SKzwsC Object is locked skipped
C:\WINDOWS\Temp\sqlite_w2xVwBxx6cZWrZX Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[Smoke_O]

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:49:07 PM 6/2/2008

+ Scan result:



:mozilla.717:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.134:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.143:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.144:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.145:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.146:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.531:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.762:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.821:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@riptownmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.13:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.443:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.445:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.446:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.375:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.376:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.377:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@adengage[1].txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.541:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.542:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.454:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.455:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.456:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.457:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.458:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.459:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.460:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.461:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.539:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.299:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.300:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.301:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.302:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.303:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.304:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.546:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.434:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.548:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.477:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.478:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.479:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.480:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.560:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.109:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.110:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.111:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.112:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.113:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.114:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.621:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.623:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.47:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.844:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.845:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.846:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.847:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.848:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.294:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.295:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.296:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.297:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.298:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.519:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.520:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.622:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.776:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ehg-sportingbet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.854:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.855:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.511:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.512:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.513:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.741:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.742:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.339:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@overture[2].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.72:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.74:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.75:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.76:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.77:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.78:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.79:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.80:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.81:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.147:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.148:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.149:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.197:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.201:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.706:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.262:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.263:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.264:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.265:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.266:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.429:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.759:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.760:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.761:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.521:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.522:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.523:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.524:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.525:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.526:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.527:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.242:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.243:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.244:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.245:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.246:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.247:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.248:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.249:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.250:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.251:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.252:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.208:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.209:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.210:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.211:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.212:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.820:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.462:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.463:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.464:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.465:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.466:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.467:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.468:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.430:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.431:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.432:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.433:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.730:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.204:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.205:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.206:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.207:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.214:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.215:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.216:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.217:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.218:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.350:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.351:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.352:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.353:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.354:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.355:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.356:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.357:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.358:C:\Documents and Settings\Chika Oluigbo\Application Data\Mozilla\Firefox\Profiles\tir6ci9m.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Chika Oluigbo\Cookies\chika oluigbo@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

 

[Smoke_O]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:55 PM, on 6/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\Smoke.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1181370861\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{642969F0-39B0-449C-A053-D4069FCC6E9D}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11346 bytes

 

[Rorschach112]

Your logs are clean

If you followed the steps in my previous instruction then everything would be gone

Do this to remove the red x

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Driveicons]

Then double click on the fix.reg file, when it prompts to merge click "Yes".



Reboot and tell me how your PC is running

 

[Smoke_O]

Thanks my computer is running fine. The red X is gone and everything seems to running smoothly. My Internet Explorer is still not working. WHat should I do about that? I was thinking of just deleting it and downloading the new one.

 

[Rorschach112]

Try this

Download Dial-a-Fix to your desktop and run it

http://www.majorgeeks.com/download4899.html


Click the hammer at the bottom

Select Repair/reinstall IE, Click GO

Let it do it's thing, reboot and see if that fixed it

 

[Smoke_O]

It didnt work, everytime I try to open IE a box appears saying something cant upload and that the error box appears.