Number of viruses 93, infected objects 719

Hi

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe


Repeat steps for all files on the list.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
 
Virtumonde

File: dbcfg.dll
Status: INFECTED/MALWARE
MD5: 3d28bdacf9b3ddd38195e3bc9abca6a4
Packers detected: -
Scan taken on 12 Jun 2008 22:34:26 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: UtilAdm.dll
Status: INFECTED/MALWARE
MD5: bc9932efe02310de7d0071017faa337f
Packers detected: -
Scan taken on 12 Jun 2008 22:36:55 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: bohodqhy.exe
Status: INFECTED/MALWARE
MD5: 26147e7b4794dadc528d47d9034ae82d
Packers detected: -
Scan taken on 12 Jun 2008 22:38:53 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Obfuskated
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Obfuscated.gx
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Obfuscated.gx
NOD32 Found a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: straplmsg.dll
Status: INFECTED/MALWARE
MD5: d6c69f2ba2aa2668f622efbf0631145d
Packers detected: -
Scan taken on 12 Jun 2008 22:40:51 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: actmnt.dll
Status: INFECTED/MALWARE
MD5: 2ac7afda29681fb3d98125debeae013a
Packers detected: -
Scan taken on 12 Jun 2008 22:42:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found I-Worm/Stration.GWR
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: apismart.dll
Status: INFECTED/MALWARE
MD5: 18437d13e60304b8e89d1dcaad9dc772
Packers detected: -
Scan taken on 12 Jun 2008 22:44:20 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found Vundo.gen170
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: aplen.dll
Status: INFECTED/MALWARE
MD5: 1d64830655e2255760ed5088a4f169d6
Packers detected: -
Scan taken on 12 Jun 2008 22:46:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.UXO
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: monsrv.dll
Status: INFECTED/MALWARE
MD5: 5078875f6073909bd27608ddd29ac3d3
Packers detected: -
Scan taken on 12 Jun 2008 22:47:54 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: srvapl.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false

positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this

scan will not be recorded in the database.)
MD5: 863635efd98ca80cdf148e3cc1a662f4
Packers detected: PE_PATCH
Scan taken on 12 Jun 2008 22:49:59 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

File: procen.dll
Status: INFECTED/MALWARE
MD5: 8a2dd51feedeef88ef106989532384bf
Packers detected: -
Scan taken on 12 Jun 2008 22:51:58 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: MsgCfg.dll
Status: INFECTED/MALWARE
MD5: 4bd86ec30b73bb4336d141759a733ab1
Packers detected: -
Scan taken on 12 Jun 2008 22:53:48 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic10.NYH
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.USD
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: ProcMnt.dll
Status: INFECTED/MALWARE
MD5: 94dd07b6ebfdd5fb9db71ee7f2314651
Packers detected: PE_PATCH
Scan taken on 12 Jun 2008 22:55:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: UtilComSet.dll
Status: INFECTED/MALWARE
MD5: f4266eb5a17aa0054669ba2599d0ac5d
Packers detected: -
Scan taken on 12 Jun 2008 22:57:11 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: admcomwin.dll
Status: INFECTED/MALWARE
MD5: 4d62528df3771ba56e45a2548f3b19a4
Packers detected: -
Scan taken on 12 Jun 2008 22:58:49 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: bqxgvwxo.exe
Status: INFECTED/MALWARE
MD5: 397cd7d4381e6b7aa77d6e1fa87c0923
Packers detected: -
Scan taken on 12 Jun 2008 23:00:30 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found Win32:PureMorph
AVG Antivirus Found Downloader.Obfuskated
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Obfuscated.gx
Fortinet Found nothing
Ikarus Found Trojan.Crypt.XPACK
Kaspersky Anti-Virus Found Trojan.Win32.Obfuscated.gx
NOD32 Found a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control Found W32/Smalltroj.DTVA
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing


Yikes!
 
Hi

Yes all are bad as I expected.

Download suspicious file packer from here

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe

Go to spykiller

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

After that, please reply here and we'll continue :)
 
Hi

Thanks for that :)

Open notepad and copy/paste the text in the codebox below into it:

Code:
File::
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\rcdll.dll

Folder::
C:\Program Files\MOTORC~1
C:\Program Files\ANYTHI~1
C:\Program Files\worthles
C:\Program Files\NEUROC~1
C:\Program Files\jeru
C:\Program Files\GENERA~1
C:\Program Files\empirest
C:\Program Files\cube
C:\Program Files\creature
C:\Program Files\crakoom
C:\Program Files\COLLEG~1
C:\Program Files\CLONEW~1
C:\Program Files\CAPTAI~1
C:\Program Files\BURLES~1
C:\Program Files\BLUELI~1
C:\Program Files\BLINDM~1
C:\Program Files\beatmygu
C:\Program Files\autobahn
C:\Program Files\arnon
C:\Program Files\ARMORP~1
C:\Program Files\ARMAGG~1
C:\Program Files\ANGRYB~1
C:\Program Files\ANCIEN~1
C:\Program Files\amerika
C:\Program Files\ALIENS~1
C:\Program Files\ABDUCT~1
C:\Program Files\WAYBEY~1
C:\Program Files\dodger
C:\Program Files\dirtydoz
C:\Program Files\crass
C:\Program Files\COPPAK~1
C:\Program Files\conca
C:\Program Files\COLLEG~2
C:\Program Files\alien
C:\Program Files\aldo
C:\Program Files\ACTION~1
C:\Program Files\EMPTY
C:\Program Files\Cmkkhknc

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
ComboFix 08-06-07.3 - John Lee 2008-06-14 16:06:45.7 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Lee\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\rcdll.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\UtilComSet.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ABDUCT~1
C:\Program Files\ABDUCT~1\AbductionII.txt
C:\Program Files\ACTION~1
C:\Program Files\ACTION~1\Action_Force.ttf
C:\Program Files\ACTION~1\Action_Force.txt
C:\Program Files\aldo
C:\Program Files\aldo\aldo.txt
C:\Program Files\aldo\ALDO6.TTF
C:\Program Files\alien
C:\Program Files\alien\alien.txt
C:\Program Files\alien\ALIEN5.TTF
C:\Program Files\ALIENS~1
C:\Program Files\ALIENS~1\statica.txt
C:\Program Files\amerika
C:\Program Files\amerika\Am Erika.txt
C:\Program Files\ANCIEN~1
C:\Program Files\ANCIEN~1\GEEK.TXT
C:\Program Files\ANGRYB~1
C:\Program Files\ANGRYB~1\FONTEX2000MG-HELP.HLP
C:\Program Files\ANGRYB~1\readme.txt
C:\Program Files\ANYTHI~1
C:\Program Files\ANYTHI~1\A font by Alex C.txt
C:\Program Files\ANYTHI~1\anythingyouwant\anythingyouwant.ttf
C:\Program Files\ARMAGG~1
C:\Program Files\ARMORP~1
C:\Program Files\ARMORP~1\font info.txt
C:\Program Files\arnon
C:\Program Files\autobahn
C:\Program Files\autobahn\!pizzadude.txt
C:\Program Files\beatmygu
C:\Program Files\beatmygu\READ_ME.TXT
C:\Program Files\BLINDM~1
C:\Program Files\BLINDM~1\!pizzadude.txt
C:\Program Files\BLUELI~1
C:\Program Files\BLUELI~1\!pizzadude.txt
C:\Program Files\BURLES~1
C:\Program Files\BURLES~1\!pizzadude.txt
C:\Program Files\CAPTAI~1
C:\Program Files\CAPTAI~1\free.txt
C:\Program Files\CLONEW~1
C:\Program Files\Cmkkhknc
C:\Program Files\Cmkkhknc\qitpxpww.exe
C:\Program Files\COLLEG~1
C:\Program Files\COLLEG~1\Readme.txt
C:\Program Files\COLLEG~1\SF Collegiate Sample.jpg
C:\Program Files\COLLEG~2
C:\Program Files\COLLEG~2\SF Collegiate v1.0\Readme.txt
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Sample.jpg
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Bold Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Bold.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate.ttf
C:\Program Files\conca
C:\Program Files\conca\conca.txt
C:\Program Files\COPPAK~1
C:\Program Files\COPPAK~1\VTCinfo.txt
C:\Program Files\crakoom
C:\Program Files\crakoom\The Greatest fonts in the world.txt
C:\Program Files\crass
C:\Program Files\creature
C:\Program Files\creature\creature.txt
C:\Program Files\cube
C:\Program Files\dirtydoz
C:\Program Files\dirtydoz\Read_Me.txt
C:\Program Files\dodger
C:\Program Files\dodger\dodge.txt
C:\Program Files\empirest
C:\Program Files\EMPTY
C:\Program Files\GENERA~1
C:\Program Files\jeru
C:\Program Files\jeru\jeru.txt
C:\Program Files\MOTORC~1
C:\Program Files\MOTORC~1\!pizzadude.txt
C:\Program Files\MOTORC~1\MOTOE___.TTF
C:\Program Files\NEUROC~1
C:\Program Files\NEUROC~1\Read_Me.txt
C:\Program Files\WAYBEY~1
C:\Program Files\WAYBEY~1\!pizzadude.txt
C:\Program Files\WAYBEY~1\Waybeyondblue.TTF
C:\Program Files\worthles
C:\Program Files\worthles\READ_ME.TXT
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\rcdll.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\UtilComSet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALGNetDDEdsdm
-------\Service_ALGNetDDEdsdm


((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-14 06:13 . 2008-06-14 06:16 <DIR> d-------- C:\sfp
2008-06-14 06:13 . 2008-06-14 06:13 264,875 --a------ C:\sfp.zip
2008-06-10 18:09 . 2008-06-13 02:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 18:09 . 2008-06-10 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 04:04 . 2008-06-10 04:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-10 04:03 . 2008-06-10 04:05 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 04:02 . 2008-06-10 04:02 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 19:22 . 2008-05-30 19:22 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 19:22 . 2008-05-30 19:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 19:22 . 2008-05-30 19:22 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 19:22 . 2008-05-30 19:22 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-05-30 19:22 . 2008-05-30 19:22 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll
2008-05-30 19:22 . 2008-05-30 19:22 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-22 18:22 . 2008-05-22 18:22 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:22 . 2008-05-22 18:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 18:22 . 2008-05-22 18:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 18:20 . 2008-05-22 18:20 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-05-22 18:20 . 2008-05-22 18:20 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-05-22 18:19 . 2008-05-22 18:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-22 18:19 . 2008-05-22 18:19 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2008-05-22 18:19 . 2008-05-22 18:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 18:19 . 2008-05-22 18:19 416 --a--c--- C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 18:19 . 2008-05-22 18:19 416 --a--c--- C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 18:18 . 2008-05-22 18:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 23:08 . 2008-06-14 16:15 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 20:11 --------- d-----w C:\Program Files\Screenshot Pilot
2008-06-13 04:18 --------- d-----w C:\Documents and Settings\John Lee\Application Data\SmartFTP
2008-06-10 18:20 --------- d-----w C:\Program Files\DivX
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-28 15:39 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-27 14:31 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-07 00:48 2,014 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-06 03:18 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
2008-05-06 03:17 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 12:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-22 19:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-19 20:47 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 20:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2007-06-08 16:01 27,917,104 -c--a-w C:\Program Files\downloadable_install_wizard.exe
2007-04-27 05:39 4,960,221 -c--a-w C:\Program Files\RivaEncoderSetup.exe
2007-04-02 08:12 1,512,927 -c--a-w C:\Program Files\LADSPA_plugins-win-0.4.15.exe
2007-04-02 08:11 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-02 07:57 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2007-03-16 11:07 502,941 ----a-w C:\Program Files\MPEG_Streamclip_1.1.zip
2007-02-27 19:59 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
2007-02-27 19:57 1,629,496 ----a-w C:\Program Files\VOB2MPGv2_3.zip
2007-02-27 09:48 392,984 ----a-w C:\Program Files\SmartRipper 2.41.zip
2007-01-29 11:53 3,602,120 -c--a-w C:\Program Files\SFTPMSI.exe
2007-01-16 11:58 363,800 -c--a-w C:\Program Files\download-flvplayer_setup.exe.exe
2007-01-09 10:22 20,368,912 -c--a-w C:\Program Files\GoogleEarthWinProSetup.exe
2007-01-02 07:54 55,217 ----a-w C:\Program Files\Copy of checkboxtemplate.zip
2007-01-02 07:54 55,217 ----a-w C:\Program Files\checkboxtemplate.zip
2007-01-02 06:39 1,761,856 -c--a-w C:\Program Files\OCONVPCK.EXE
2007-01-02 06:38 1,533,096 -c--a-w C:\Program Files\wp6rtf.exe
2007-01-02 06:37 12,307,656 -c--a-w C:\Program Files\wdviewer.exe
2006-12-28 03:02 6,181,783 -c--a-w C:\Program Files\win2k_xp14103.exe
2006-12-28 02:44 315,624 -c--a-w C:\Program Files\dxwebsetup.exe
2006-12-28 01:52 5,007,104 -c--a-w C:\Program Files\GoogleVideoPlayerSetup.exe
2006-12-23 03:16 5,461,975 -c--a-w C:\Program Files\gtm130.exe
2006-12-22 05:45 6,464,978 ----a-w C:\Program Files\gpsbabel-arc-counties.zip
2006-12-22 05:45 1,101,545 ----a-w C:\Program Files\gpsbabel-arc-states.zip
2006-12-22 05:43 929,896 ----a-w C:\Program Files\gpsbabel-1.3.2.zip
2006-12-19 08:16 2,855,080 -c--a-w C:\Program Files\aawsepersonal.exe
2006-12-19 07:28 5,900,416 -c--a-w C:\Program Files\Firefox Setup 2.0.exe
2006-12-18 10:58 11,856,112 -c--a-w C:\Program Files\CutePDF.exe
2006-12-18 09:50 16,451,776 -c--a-w C:\Program Files\GoogleEarthPro.exe
2006-12-08 03:52 14,879,120 -c--a-w C:\Program Files\GoogleEarthWin.exe
2006-11-20 08:35 23,654,120 -c--a-w C:\Program Files\dvdlabpro22.exe
2006-11-18 10:30 6,066,416 -c--a-w C:\Program Files\cinemaforge.exe
2006-11-18 10:21 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-07-11 01:20 5,781,480 -c--a-w C:\Program Files\iconed4.exe
2006-07-08 20:56 1,244,944 -c--a-w C:\Program Files\FlashCatcher.exe
2006-07-08 02:10 10,321,592 -c--a-w C:\Program Files\SkypeSetup.exe
2006-07-08 01:55 77,188 -c--a-w C:\Program Files\CrazyTalk.exe
2006-07-06 15:19 247,608 -c--a-w C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2006-06-10 19:30 599,318 -c--a-w C:\Program Files\squirrelmail-1.4.6.tar.gz
2006-06-01 13:31 618,541 -c--a-w C:\Program Files\wordpress-2.0.3.zip
2006-06-01 05:33 2,210,097 -c--a-w C:\Program Files\VeohSetup-2.1.3.1005.exe
2006-05-07 11:08 6,453,469 -c--a-w C:\Program Files\VC2_UserGuide_Download.pdf
2006-05-07 01:43 54,881,280 -c--a-w C:\Program Files\VC2TrialSeriousMagic.exe
2006-05-06 00:30 2,188,104 -c--a-w C:\Program Files\CutePDFEvl.exe
2006-05-05 23:56 5,254,656 -c--a-w C:\Program Files\converter.exe
2006-05-05 23:56 2,064,136 -c--a-w C:\Program Files\CuteWriter.exe
2006-05-05 23:56 1,701,848 -c--a-w C:\Program Files\CuteComp.exe
2006-02-01 23:11 398,574 -c--a-w C:\Program Files\jscalendar-1.0.zip
2006-01-31 21:49 82,056 -c--a-w C:\Program Files\cursors98.zip
2006-01-28 23:59 3,890,462 -c--a-w C:\Program Files\cinemaforge.xmfg
2006-01-24 14:13 786,432 -c--a-w C:\Program Files\DICVViewer.exe
2006-01-24 14:13 249,856 -c--a-w C:\Program Files\DICVNetCtrl.dll
2006-01-06 08:55 54,942,299 -c--a-w C:\Program Files\Magix Music Studio Generation 6 Deluxe .Zip
2005-11-16 02:45 342,528 -c--a-w C:\Program Files\Horowitz.exe
2008-03-13 16:05 22,802 --sh--r C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll
2008-03-13 23:38 22,774 --sh--r C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll
2008-03-13 23:37 22,614 --sh--r C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll
2008-03-13 16:11 22,714 --sh--r C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll
2008-03-13 23:37 22,678 --sh--r C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

------- Sigcheck -------

2003-03-31 08:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-03-13 01:10 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2008-03-13 01:10 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-08_14.51.24.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 20:11:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-09-22 22:46:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 22:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-09-22 22:45:36 8,192 -c--a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-09-22 22:45:36 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-09-22 22:45:38 233,472 -c--a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-22 22:45:38 161,792 -c--a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-22 22:45:36 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-22 22:45:38 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-22 22:45:38 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-22 22:45:42 527,360 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-09-22 22:45:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-22 22:45:44 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 07:56:42 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-09-22 22:45:52 344,064 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-22 22:45:52 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-22 22:45:54 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-22 22:45:54 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-22 22:45:56 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-19 01:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-22 22:45:56 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-09-22 22:46:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-22 22:46:04 819,200 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-09-22 22:46:10 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-11-01 22:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-09-22 22:46:10 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-22 22:46:10 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-27 21:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-22 22:46:12 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-22 22:46:12 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-22 22:46:14 189,440 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-22 22:46:14 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-22 22:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-19 01:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-22 22:46:20 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-22 22:46:20 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-22 22:46:20 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-22 22:46:22 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-22 22:46:22 3,371,008 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-22 22:46:24 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-22 22:46:26 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-22 22:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-22 22:46:30 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-22 22:46:30 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-22 22:46:34 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-22 22:46:34 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll
- 2004-09-22 22:46:38 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-22 22:45:42 527,360 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2008-05-09 18:53:05 423,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-12 16:23:24 427,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-09-22 22:45:44 6,656 -c--a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-09-22 22:45:44 96,768 -c--a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:56:42 240,640 -c--a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-22 22:45:52 141,312 -c--a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-22 22:45:54 25,088 -c--a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-22 22:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-22 22:45:56 360,176 -c--a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-19 01:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-09-22 22:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-09-22 22:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2006-11-17 20:14:30 14,640 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 21:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 21:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-09-22 22:46:10 47,104 -c--a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2004-09-22 22:46:10 15,872 -c--a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-22 22:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-09-22 22:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-22 22:46:10 712,704 -c--a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-22 22:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-22 22:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-22 22:46:12 344,064 -c--a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-22 22:46:14 290,816 -c--a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-22 22:46:14 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-22 22:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-22 22:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-19 01:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-22 22:46:20 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-22 22:46:20 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-22 22:46:20 1,589,760 -c--a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-22 22:46:22 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-22 22:46:24 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-22 22:46:24 175,104 -c--a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-22 22:46:26 773,368 -c--a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-22 22:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-22 22:46:30 531,192 -c--a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-22 22:46:30 936,960 -c--a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-22 22:46:32 1,181,944 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-22 22:46:32 1,509,376 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-22 22:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-22 22:46:34 999,424 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-22 22:46:38 38,912 -c--a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-22 22:46:36 61,952 -c--a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-22 22:46:36 114,176 -c--a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-22 22:46:36 66,560 -c--a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-22 22:46:36 327,680 -c--a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 16:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-14 16:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 20:25:56
ComboFix2.txt 2008-06-10 05:45:25
ComboFix3.txt 2008-06-08 18:54:59
ComboFix4.txt 2008-03-18 19:02:20

Pre-Run: 33,849,069,568 bytes free
Post-Run: 33,894,375,424 bytes free

666 --- E O F --- 2008-03-21 11:30:12
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:16 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4401 bytes



===============================================


Trivia Question:

Is

C:\WINDOWS\system32\svchost.exe

the same directory as

C:\WINDOWS\System32\svchost.exe

?
 
Hi

Yes they are the same.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
 
SmitFraudFix v2.309

Scan done at 18:08:11.25, Mon 06/16/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Hi

Latest version of smitfraudfix is 2.325.

So please delete your copy, download a fresh one and try again, please :)
 
Hi

Latest version of smitfraudfix is 2.325.

So please delete your copy, download a fresh one and try again, please :)

When I run the new download from today, it says v2.309, even on the mirror link.

Maybe somebody hacked Siri?

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

SmitFraudFix v2.325 (WinXP, Win2K)

Use this URL to download the latest version (the file contains both English and French versions):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Mirrors: Alternate official download locations for Smitfraudfix.zip
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
 
Browser cache mad no difference.

I had to let smitfraudfix update itself.

Maybe Online Armor was blocking the newer version, even when turned off?



SmitFraudFix v2.327

Scan done at 21:06:04.20, Wed 06/18/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 
Hi and sorry for delay.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

After that:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}
    C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}
    C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}
    C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}
    C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a fresh HijackThis log.
 
Hi and sorry for delay.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

I always run Spybot S&D Teatimer, plus Online Armor Firewall which also blocks certains programs. I disable both when running Combofix or other specialized antivirus programs, and manually disconnect from internet. Explorer is locked down to the max, with downloads disabled.

AVG Anti-Virus was causing crashes and other problems, so I quit that.

Still can't install Java upgrade, due to defective Windows Installer (anti-virus ate it), which now refuses to reapir itself.
 
C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7} moved successfully.
C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a} moved successfully.
C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546} moved successfully.
C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7} moved successfully.
C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b} moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_062618






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28:18, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4454 bytes
 
Hi

"AVG Anti-Virus was causing crashes and other problems, so I quit that."

So then you can try one of two other antiviruses I listed?
 
Hi

"AVG Anti-Virus was causing crashes and other problems, so I quit that."

So then you can try one of two other antiviruses I listed?

So now I'm running Spybot S&D, Online Armor firewall and Avira AntiVir.





Avira AntiVir Personal
Report file date: Friday, June 20, 2008 13:07

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: John Lee
Computer name: CTV

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 3/21/2008 01:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 3/25/2008 14:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 4/7/2008 21:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 4/7/2008 21:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 4/7/2008 21:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 3/18/2008 17:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 4/7/2008 21:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 4/7/2008 21:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 4/7/2008 21:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 4/7/2008 21:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 21:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 4/8/2008 15:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, June 20, 2008 13:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\drivers\OADriver.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\oanet.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wbem\csrss.exe
[DETECTION] Is the Trojan horse TR/Spy.Pipet
[NOTE] The file was moved to '48cde510.qua'!


End of the scan: Friday, June 20, 2008 13:10
Used time: 03:37 min

The scan has been done completely.

273 Scanning directories
7778 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
7777 Files not concerned
11 Archives were scanned
3 Warnings
1 Notes
 
Hi

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
 
Back
Top