This virus is vicious

D

deajrd88

New member
Hi. I'm rather desperate. This past Saturday, I was clicking thru MySpace when I suddenly got a pop-up saying that my Trend Micro PC security program had detected & quarantined a virus... and nothing with my computer has been right since. I've been trying to work with the tech support at Trend Micro PC Cillin, but the problem is getting worse instead of better; also, for me their responses lack consistency and clarity.

I don't know the name of this virus, but it is characterized by strange, random pop-ups while surfing the internet; slow performance; IE not working at all, Outlook Express occasionally not working, and as of today, my computer has stopped communicating with my printer. In an effort to alleviate the problem, I've downloaded Hijack This, CCleaner, Malwarebytes, and at the behest of Trend Micro tech support, I installed "System Cleaner," which did not lead to any resolution.

The current status is that Trend Micro says they've done all they can do for me at the moment, but my computer still isn't working.

I've never posted before on a forum like this; I read preliminary instructions, and think that I'm following protocol, but I ask for your patience and mercy if, in my frazzled state, I have misinterpreted any rules or regulations.

I'm at the end of my rope, and am tremendously grateful for any bit of assistance you can provide.

(My HijackThis log is attached.)

Thanks,
David

So sorry -- how ignorant of me. I forgot that I am supposed to copy & paste my HJT log into my post instead of attaching it as a file. Very sorry for the error.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:06 AM, on 12/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/1me10enus/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {b0ac3255-4eed-460f-8e94-c8f685ce3661} - C:\WINDOWS\system32\hatutiza.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nufomiwore] Rundll32.exe "C:\WINDOWS\system32\jadovene.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [nufomiwore] Rundll32.exe "C:\WINDOWS\system32\jadovene.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nufomiwore] Rundll32.exe "C:\WINDOWS\system32\jadovene.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Filter hijack: text/html - {0f911ce4-bdb9-4114-b8fb-958b9d564588} - C:\WINDOWS\system32\mst122.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\kuwotevi.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7648 bytes
 
Last edited by a moderator:
Hi David


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
vicious virus, part 2

Thank you kindly for your reply, Blade81. I installed and ran ComboFix. The ComboFix log and the new HijackThis log are below:

ComboFix 08-12-15.04 - David 2008-12-15 23:50:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.609 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common\helper.sig
c:\windows\system32\apevilor.ini
c:\windows\system32\degijebu.dll
c:\windows\system32\dubafabi.dll
c:\windows\system32\eworowuy.ini
c:\windows\system32\lipoyiya.dll
c:\windows\system32\logomafe.dll
c:\windows\system32\nanayese.dll
c:\windows\system32\pomijowu.dll
c:\windows\system32\pusekudu.dll
c:\windows\system32\puwisuro.dll
c:\windows\system32\zakubigu.dll
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
.

2008-12-14 13:58 . 2008-12-14 13:58 10,235 --a--c--- c:\windows\system32\LexFiles.ulf
2008-12-14 13:57 . 2008-12-14 13:58 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924
2008-12-11 02:27 . 2008-12-11 02:27 410,984 --a--c--- c:\windows\system32\deploytk.dll
2008-12-08 01:09 . 2008-12-08 01:13 214,845 --------- C:\autorunsc.csv
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\MSECACHE
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-03 19:54 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 00:49 . 2008-12-03 19:54 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2008-12-07 00:07 . 2008-12-07 00:07 <DIR> d-------- C:\VundoFix Backups
2008-12-05 13:26 . 2008-12-15 23:50 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 07:15 --------- d-----w c:\program files\Dl_cats
2008-12-14 03:53 --------- d-----w c:\program files\QuickTime
2008-12-14 03:48 --------- d-----w c:\program files\Apple Software Update
2008-12-11 10:26 --------- d-----w c:\program files\Java
2008-12-11 10:25 --------- d-----w c:\program files\Common Files\Real
2008-12-08 09:12 513,064 ------w C:\autorunsc.exe
2008-12-08 09:12 42 ------w C:\GenerateLog.bat
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-03-13 04:18 88 -csh--r c:\windows\system32\A155D4DFBF.sys
2008-07-17 08:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 63,712 2007-03-09 18:09:58 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

-c--a-w 40,048 2007-05-11 10:06:32 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

-c--a-w 344,064 2005-08-06 02:05:00 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

-c--a-w 81,920 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

-c--a-w 249,856 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

-c--a-w 185,896 2007-07-08 07:04:52 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 45,056 2003-06-18 06:00:00 c:\program files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE

-c--a-w 57,344 2003-09-17 15:43:36 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe

-c--a-w 98,304 2006-05-03 10:12:00 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe

-c--a-w 460,784 2007-03-15 18:09:36 c:\program files\DellSupport\bak\DSAgnt.exe

-c--a-w 139,264 2005-06-17 12:56:14 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe

-c--a-w 267,064 2007-09-06 01:03:52 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 21:10:32 c:\program files\iTunes\iTunesHelper.exe

-c--a-w 132,496 2007-07-12 11:00:36 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

-c--a-w 110,592 2005-09-09 00:20:46 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

-c--a-w 286,720 2007-06-29 13:24:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 18:30:50 c:\program files\QuickTime\QTTask.exe

-c--a-w 48 2007-10-14 20:47:14 c:\program files\Trend Micro\Internet Security 12\bak\pc-cillin.ini
----a-w 2,489 2008-12-16 07:54:13 c:\program files\Trend Micro\Internet Security 12\pc-cillin.ini

-c--a-w 823,362 2005-08-30 21:47:38 c:\program files\Trend Micro\Internet Security 12\bak\pccguide.exe
----a-w 823,362 2005-08-23 03:21:24 c:\program files\Trend Micro\Internet Security 12\pccguide.exe

-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe
-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

-c--a-w 90,112 2000-05-11 06:00:00 c:\windows\bak\UpdReg.EXE

-c--a-w 67,584 2005-09-29 19:01:14 c:\windows\ehome\bak\ehtray.exe

-c--a-w 15,360 2004-08-10 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

-c--a-w 122,940 2005-09-08 10:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2005-06-10 249856]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 823362]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]
"nufomiwore"="c:\windows\system32\zubufoba.dll" [N/A]
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-04-29 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\PcCtlCom.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Intel\\IntelDH\\Intel(R) Quick Resume Technology\\ELService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2005-02-18 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-22 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-04-25 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2005-02-18 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-25 262215]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2006-05-19 15576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d422e1de-e777-11da-ba2f-00137214f791}]
\Shell\AutoRun\command - autoRcd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf60-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf6d-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-10 c:\windows\Tasks\pccmain.job
- c:\program files\Trend Micro\Internet Security 12\pccmain.exe [2005-08-22 19:30]
.
- - - - ORPHANS REMOVED - - - -

BHO-{b0ac3255-4eed-460f-8e94-c8f685ce3661} - c:\windows\system32\worukehe.dll


.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 23:53:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcccoms.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-15 23:56:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-16 07:56:53

Pre-Run: 138,662,096,896 bytes free
Post-Run: 138,744,451,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

205 --- E O F --- 2008-11-13 11:00:16


HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:58 AM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nufomiwore] Rundll32.exe "C:\WINDOWS\system32\zubufoba.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7892 bytes


I hope this makes sense to you... because none of it makes sense to me. I greatly appreciate your help. This makes me very nervous, as I haven't a clue as to what I'm doing... I'm just trying to get it fixed. Thank you again.
David
 
Hi David

Unfortunately looks like you installed recovery console meant for home edition. Media center edition needs to have professional edition recovery console installed. Let's remove the wrong one and after that run ComboFix with correct recovery console installation file.

Removing the Recovery Console

* Restart your computer, click Start, click My Computer, and then double-click the hard disk on which you installed the Recovery Console.
* On the Tools menu, click Folder Options, and then click the View tab.
* Click Show hidden files and folders, click to clear the Hide protected operating system files check box, and then click OK.
* At the root folder, delete the Cmdcons folder and the Cmldr file.
* At the root folder, right-click the Boot.ini file, and then click Properties.
* Click to clear the Read-only check box, and then click OK.
* WARNING: Modifying the Boot.ini file incorrectly may prevent your computer from restarting. Be sure to delete only the entry for the Recovery Console. Also, it is recommended that you change the attribute for the Boot.ini file back to a read-only state after you complete this procedure. Open the Boot.ini file in Microsoft Windows Notepad, and remove the entry for the Recovery Console. It looks similar to this:

C:\cmdcons\bootsect.dat="Microsoft Windows Recovery Console" /cmdcons
* Save the file and close it.


After remove is done please run ComboFix with correct recovery console installation file. Post back the report when ready.
 
Thanks, and I'm sorry about the erroneous installation of recovery console. I tried to remove the it per your instructions, by restarting, clicking on My Computer, double-clicking the C drive (hard drive); I went to the Tools menu and Folder Options, etc.

But when I tried to delete the *Cmdcons* folder, I got the following error message: "Error Deleting File or Folder. Cannot delete 1394.BUS.SY_: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

Since I couldn't complete that step, I did not delete the Cmldr file, and then I went back and unchecked "Show hidden files and folders," and re-checked "Hide protected operating system files" -- i.e., I put everything back the way it was before I started this particular procedure, until I receive clarification from you about what I'm doing wrong in trying to delete the *Cmdcons* folder.

While I'm at it... what exactly is the "root folder?" I assume it was just the basic white "page" with all of the different folders and files on it, including those that you mentioned.

Thanks again for your help. Sorry to be so remedial.

David
 
Hi

root folder of drive is for example c:\ or d:\ location. Please run ComboFix again with a correct recovery console installation file (the one for pro version).
 
OK, I can go ahead and install the pro version of Combo Fix -- I just want to make sure that it's safe to do that even though I was not able to remove the Recovery Console that I mistakenly installed.

David
 
New ComboFix & HJT logs

Thanks for your patience. I installed the recovery console for media center edition/professional edition (although, as I said before, I was not able to remove the console for home edition which I mistakenly installed). Then I ran ComboFix, as well as a new HJT log. Here is the ComboFix log:

ComboFix 08-12-15.04 - David 2008-12-19 1:02:39.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.572 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.

2008-12-16 03:00 . 2008-12-16 03:05 1,393 --a--c--- c:\windows\imsins.BAK
2008-12-14 13:58 . 2008-12-14 13:58 10,235 --a--c--- c:\windows\system32\LexFiles.ulf
2008-12-14 13:57 . 2008-12-14 13:58 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924
2008-12-11 02:27 . 2008-12-11 02:27 410,984 --a--c--- c:\windows\system32\deploytk.dll
2008-12-08 01:09 . 2008-12-08 01:13 214,845 --------- C:\autorunsc.csv
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\MSECACHE
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-03 19:54 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 00:49 . 2008-12-03 19:54 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2008-12-07 00:07 . 2008-12-07 00:07 <DIR> d-------- C:\VundoFix Backups
2008-12-05 13:26 . 2008-12-15 23:50 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-19 07:15 --------- d-----w c:\program files\Dl_cats
2008-12-18 10:06 --------- d-----w c:\program files\Coupons
2008-12-14 03:53 --------- d-----w c:\program files\QuickTime
2008-12-14 03:48 --------- d-----w c:\program files\Apple Software Update
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:26 --------- d-----w c:\program files\Java
2008-12-11 10:25 --------- d-----w c:\program files\Common Files\Real
2008-12-08 09:12 513,064 ------w C:\autorunsc.exe
2008-12-08 09:12 42 ------w C:\GenerateLog.bat
2008-11-08 10:55 5,852 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 -c--a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 -c--a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 -c--a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 -c--a-w c:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 -c--a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-13 04:18 88 -csh--r c:\windows\system32\A155D4DFBF.sys
2008-07-17 08:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-15_23.55.53.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 -c--a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 -c--a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 -c--a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 -c--a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 -c--a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 -c--a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 -c--a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 -c--a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 -c--a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-10-17 10:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-11-13 10:59:03 12,288 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-12-16 11:04:50 12,288 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-11-13 10:59:03 135,168 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-12-16 11:04:50 135,168 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-11-13 10:59:03 11,264 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-12-16 11:04:50 11,264 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-11-13 10:59:03 27,136 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-12-16 11:04:50 27,136 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-11-13 10:59:03 4,096 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-16 11:04:50 4,096 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-11-13 10:59:03 794,624 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-12-16 11:04:51 794,624 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-11-13 10:59:03 23,040 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-12-16 11:04:51 23,040 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-11-13 10:59:03 286,720 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-12-16 11:04:50 286,720 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-11-13 10:59:03 409,600 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-12-16 11:04:50 409,600 -c--a-r c:\windows\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c--a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c--a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c--a-w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c--a-w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c--a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 04:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 09:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c--a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 05:47:20 937,984 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 13:03:08 938,496 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
- 2006-10-19 05:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 -c--a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c--a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c--a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\jsproxy.dll
- 2006-10-19 04:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 09:09:22 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-12-09 23:24:38 17,593,280 -c--a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 -c--a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c--a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c--a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-12-07 09:14:27 65,160 -c--a-w c:\windows\system32\perfc009.dat
+ 2008-12-16 21:57:34 65,160 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-07 09:14:27 410,882 -c--a-w c:\windows\system32\perfh009.dat
+ 2008-12-16 21:57:34 410,882 ----a-w c:\windows\system32\perfh009.dat
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 -c----w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 -c----w c:\windows\system32\spmsg.dll
- 2008-07-11 12:42:28 62,976 -c--a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 -c--a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 05:47:20 937,984 -c--a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 13:03:08 938,496 -c--a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 05:47:22 2,450,944 -c--a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 13:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-12-19 01:28:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_570.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 63,712 2007-03-09 18:09:58 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

-c--a-w 40,048 2007-05-11 10:06:32 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

-c--a-w 344,064 2005-08-06 02:05:00 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

-c--a-w 81,920 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

-c--a-w 249,856 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

-c--a-w 185,896 2007-07-08 07:04:52 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 45,056 2003-06-18 06:00:00 c:\program files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE

-c--a-w 57,344 2003-09-17 15:43:36 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe

-c--a-w 98,304 2006-05-03 10:12:00 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe

-c--a-w 460,784 2007-03-15 18:09:36 c:\program files\DellSupport\bak\DSAgnt.exe

-c--a-w 139,264 2005-06-17 12:56:14 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe

-c--a-w 267,064 2007-09-06 01:03:52 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 21:10:32 c:\program files\iTunes\iTunesHelper.exe

-c--a-w 132,496 2007-07-12 11:00:36 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

-c--a-w 110,592 2005-09-09 00:20:46 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

-c--a-w 286,720 2007-06-29 13:24:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 18:30:50 c:\program files\QuickTime\QTTask.exe

-c--a-w 48 2007-10-14 20:47:14 c:\program files\Trend Micro\Internet Security 12\bak\pc-cillin.ini
----a-w 2,557 2008-12-19 09:00:12 c:\program files\Trend Micro\Internet Security 12\pc-cillin.ini

-c--a-w 823,362 2005-08-30 21:47:38 c:\program files\Trend Micro\Internet Security 12\bak\pccguide.exe
----a-w 823,362 2005-08-23 03:21:24 c:\program files\Trend Micro\Internet Security 12\pccguide.exe

-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe
-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

-c--a-w 90,112 2000-05-11 06:00:00 c:\windows\bak\UpdReg.EXE

-c--a-w 67,584 2005-09-29 19:01:14 c:\windows\ehome\bak\ehtray.exe

-c--a-w 15,360 2004-08-10 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

-c--a-w 122,940 2005-09-08 10:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2005-06-10 249856]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 823362]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]
"nufomiwore"="c:\windows\system32\zubufoba.dll" [N/A]
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-04-29 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\PcCtlCom.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Intel\\IntelDH\\Intel(R) Quick Resume Technology\\ELService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2005-02-18 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-22 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-04-25 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2005-02-18 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-25 262215]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2006-05-19 15576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d422e1de-e777-11da-ba2f-00137214f791}]
\Shell\AutoRun\command - autoRcd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf60-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf6d-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-19 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-10 c:\windows\Tasks\pccmain.job
- c:\program files\Trend Micro\Internet Security 12\pccmain.exe [2005-08-22 19:30]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 01:03:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-19 1:04:33
ComboFix-quarantined-files.txt 2008-12-19 09:04:26
ComboFix2.txt 2008-12-16 07:56:57

Pre-Run: 138,337,538,048 bytes free
Post-Run: 138,386,276,352 bytes free

382 --- E O F --- 2008-12-18 04:45:17

And this is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:35 AM, on 12/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nufomiwore] Rundll32.exe "C:\WINDOWS\system32\zubufoba.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7825 bytes



Thank you again for any assistance you can provide. Hopefully this time I've managed to do everything properly so that I can finally be rid of this virus. I really do appreciate your help.

David
 
Hi David,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
c:\windows\system32\zubufoba.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nufomiwore"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh hjt log and above mentioned ComboFix resultant log.
 
Thanks for your help. I followed your most recent instructions, and below I will post the Kaspersky, HJT, and ComboFix logs that I ran.
One quick note -- when I ran ComboFix, when it got to the blue screen that said, "Preparing Log Report," there was a line below that read, "Findstr: Cannot open temp01." I don't know if that is significant or not, but thought I'd mention it.

First, here is the most recent ComboFix log:

ComboFix 08-12-15.04 - David 2008-12-20 1:47:48.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.552 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\zubufoba.dll
.

((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-16 03:00 . 2008-12-16 03:05 1,393 --a--c--- c:\windows\imsins.BAK
2008-12-14 13:58 . 2008-12-14 13:58 10,235 --a--c--- c:\windows\system32\LexFiles.ulf
2008-12-14 13:57 . 2008-12-14 13:58 <DIR> d-------- c:\program files\Dell Photo AIO Printer 924
2008-12-11 02:27 . 2008-12-11 02:27 410,984 --a--c--- c:\windows\system32\deploytk.dll
2008-12-08 01:09 . 2008-12-08 01:13 214,845 --------- C:\autorunsc.csv
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-12-07 11:43 . 2008-12-07 11:43 <DIR> d-------- c:\program files\MSECACHE
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\David\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-07 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-07 00:49 . 2008-12-03 19:54 38,496 --a--c--- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-07 00:49 . 2008-12-03 19:54 15,504 --a--c--- c:\windows\system32\drivers\mbam.sys
2008-12-07 00:07 . 2008-12-07 00:07 <DIR> d-------- C:\VundoFix Backups
2008-12-05 13:26 . 2008-12-15 23:50 <DIR> d-------- c:\program files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 09:44 --------- d-----w c:\program files\Dl_cats
2008-12-18 10:06 --------- d-----w c:\program files\Coupons
2008-12-14 03:53 --------- d-----w c:\program files\QuickTime
2008-12-14 03:48 --------- d-----w c:\program files\Apple Software Update
2008-12-11 10:26 --------- d-----w c:\program files\Java
2008-12-11 10:25 --------- d-----w c:\program files\Common Files\Real
2008-12-08 09:12 513,064 ------w C:\autorunsc.exe
2008-12-08 09:12 42 ------w C:\GenerateLog.bat
2008-11-08 10:55 5,852 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 22:13 202,776 -c--a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 -c--a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 -c--a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:06 268,648 -c--a-w c:\windows\system32\mucltui.dll
2008-10-16 22:06 208,744 -c--a-w c:\windows\system32\muweb.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 20:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
2008-10-03 10:02 247,326 -c--a-w c:\windows\system32\strmdll.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-13 04:18 88 -csh--r c:\windows\system32\A155D4DFBF.sys
2008-07-17 08:41 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071720080718\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-12-19_ 1.04.02.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12:37 135,680 ----a-w c:\windows\system32\dllcache\taskmgr.exe
+ 2008-12-19 17:08:38 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 63,712 2007-03-09 18:09:58 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe

-c--a-w 40,048 2007-05-11 10:06:32 c:\program files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe

-c--a-w 344,064 2005-08-06 02:05:00 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

-c--a-w 81,920 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

-c--a-w 249,856 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe

-c--a-w 185,896 2007-07-08 07:04:52 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 45,056 2003-06-18 06:00:00 c:\program files\Creative\SBAudigy2ZS\DVDAudio\bak\CTDVDDET.EXE

-c--a-w 57,344 2003-09-17 15:43:36 c:\program files\Creative\SBAudigy2ZS\Surround Mixer\bak\CTSysVol.exe

-c--a-w 98,304 2006-05-03 10:12:00 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe

-c--a-w 460,784 2007-03-15 18:09:36 c:\program files\DellSupport\bak\DSAgnt.exe

-c--a-w 139,264 2005-06-17 12:56:14 c:\program files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe

-c--a-w 267,064 2007-09-06 01:03:52 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 21:10:32 c:\program files\iTunes\iTunesHelper.exe

-c--a-w 132,496 2007-07-12 11:00:36 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe

-c--a-w 110,592 2005-09-09 00:20:46 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe

-c--a-w 286,720 2007-06-29 13:24:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-11-04 18:30:50 c:\program files\QuickTime\QTTask.exe

-c--a-w 48 2007-10-14 20:47:14 c:\program files\Trend Micro\Internet Security 12\bak\pc-cillin.ini
----a-w 2,489 2008-12-20 08:10:39 c:\program files\Trend Micro\Internet Security 12\pc-cillin.ini

-c--a-w 823,362 2005-08-30 21:47:38 c:\program files\Trend Micro\Internet Security 12\bak\pccguide.exe
----a-w 823,362 2005-08-23 03:21:24 c:\program files\Trend Micro\Internet Security 12\pccguide.exe

-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe
-c--a-w 176,201 2006-04-12 02:39:22 c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

-c--a-w 90,112 2000-05-11 06:00:00 c:\windows\bak\UpdReg.EXE

-c--a-w 67,584 2005-09-29 19:01:14 c:\windows\ehome\bak\ehtray.exe

-c--a-w 15,360 2004-08-10 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

-c--a-w 122,940 2005-09-08 10:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" [2005-06-10 249856]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-22 823362]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-11 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-20 430080]
"CTHelper"="CTHELPER.EXE" [2004-03-11 c:\windows\system32\CTHELPER.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-04-29 24576]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\David\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security 12\\PcCtlCom.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Intel\\IntelDH\\Intel(R) Quick Resume Technology\\ELService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\TmXPFlt.sys [2005-02-18 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2005-08-22 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2005-04-25 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\Tmpreflt.sys [2005-02-18 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2005-04-25 262215]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\Drivers\usbbc.sys [2006-05-19 15576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d422e1de-e777-11da-ba2f-00137214f791}]
\Shell\AutoRun\command - autoRcd.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf60-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd6adf6d-b6ab-11dc-be1f-00038a000015}]
\Shell\AutoRun\command - j:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - j:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2008-12-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2008-12-19 c:\windows\Tasks\pccmain.job
- c:\program files\Trend Micro\Internet Security 12\pccmain.exe [2005-08-22 19:30]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 01:49:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-20 1:49:59
ComboFix-quarantined-files.txt 2008-12-20 09:49:52
ComboFix2.txt 2008-12-19 09:04:34
ComboFix3.txt 2008-12-16 07:56:57

Pre-Run: 138,465,165,312 bytes free
Post-Run: 138,484,404,224 bytes free

187 --- E O F --- 2008-12-18 04:45:17

Next, the Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 07:51:15
Records in database: 1490764
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 72365
Threat name: 5
Infected objects: 7
Suspicious objects: 0
Duration of the scan: 01:25:14


File name / Threat name / Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\degijebu.dll.vir Infected: Trojan.Win32.Monder.acxt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lipoyiya.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.iih 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\logomafe.dll.vir Infected: Trojan.Win32.Monder.adse 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nanayese.dll.vir Infected: Trojan.Win32.Monder.acks 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pusekudu.dll.vir Infected: Trojan.Win32.Monder.acxt 1

The selected area was scanned.


And finally, the most recent HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:59:13 AM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8026 bytes

As always, I'm very grateful for any assistance you may be able to offer.

David
 
Hi David

One quick note -- when I ran ComboFix, when it got to the blue screen that said, "Preparing Log Report," there was a line below that read, "Findstr: Cannot open temp01." I don't know if that is significant or not, but thought I'd mention it.
Click to expand...
I don't think that was anything need to worry :santa:

We need to execute an OTMoveIt3 script
  1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
  2. Double click theOTMoveIt3 icon on your desktop.
  3. Paste the following code under the Paste Fix Here area. Do not include the word
    Code
    .
    Code: 
    :Files
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz
C:\Qoobox\Quarantine\C\WINDOWS\system32\degijebu.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\lipoyiya.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\logomafe.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\nanayese.dll.vir
C:\Qoobox\Quarantine\C\WINDOWS\system32\pusekudu.dll.vir
  4. Push the large MoveIt button.
  5. OTMI3 may ask to reboot the machine. Please do so if asked.
  6. Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
  7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
 
Here is the log from the Results of OTMoveIt3:
========== FILES ==========
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz moved successfully.
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\degijebu.dll.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lipoyiya.dll.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\logomafe.dll.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nanayese.dll.vir moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pusekudu.dll.vir moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_185226


And then this is the most recent HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:58 PM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8060 bytes

All right, hopefully I did that properly. Thank you again for your help -- I can't even begin to tell you how much I appreciate the time and assistance you've given me.

David
 
Hi

That looks quite good. Before final instructions I'd like to know how's your system running :santa:
 
My system seems to be running much better! Thank you so much. IE works, printer works, email works, no more random pop-ups... I approach it with trepidation each go-round, fearful that once again the virus will strike. But thus far, all is well! The problem had started while browsing through a MySpace friend's profile -- coincidence, perhaps, but now I'm a bit leery of the site (is it prone to spreading viruses?). Anyway, I am astonished at how quickly and efficiently you were able to guide me through this process -- and, of course, extremely grateful.

Ready for final instructions then!

Thanks again.

David
 
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.


  • Double-click OTMoveIt3.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.



UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • Download SpywareBlaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    SpywareBlaster tutorial

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Happy Holidays,
Blade :santa:
 
Wow -- thank you so much! I thought this was a lost cause but you saved my computer and my sanity!

System seems to be running well now. I reset System Restore; Uninstalled ComboFix; removed OTMOveIt3.exe; updated Windows and Office; and downloaded Spyware Blaster. At first, the link took me to a download for Spyware Doctor, which I did download. But then on the tutorial page, I found Spyware Blaster, so I installed Blaster as well, and uninstalled Doctor.

I do have a couple of questions, though. First, is there a big difference between Spyware Doctor and Spyware Blaster, and did I do the right thing by opting for the latter?

Second, can Spyware Blaster run compatibly with my other anti-virus program, which is Trend Micro PC-cillin?

Third, my subscription to Trend Micro PC-cillin is up for renewal in January, and during this process, I found them to be of very little help. They were my first resource, before I found my way to you, and I found them to be vague and unresponsive. Do you have a suggestion for another anti-virus protection site (even if it's for pay -- Trend Micro runs about $39 a year, I think)? Is Spyware Blaster the same thing? Or Doctor?

And lastly, I still have two tools on my desktop, one of which I installed on 12/20, and that is the ATF Cleaner. Should I uninstall that, or leave it alone? The other is something Trend Micro PC-cillin had me install, which is System Cleaner. It didn't really help, because after I installed it, they never addressed it again. But if I delete that folder icon on my desktop, am I wiping out anything that's imperative for me to keep? It might not be fair for me to even pose the question, since the instruction did not come from you. As I said, it was an early effort made prior to turning to you.

Again, I just have to say thank you so much. I was at my wit's end before you began helping me, and now I'm just so relieved. I greatly appreciate everything you did to assist me.

Happy New Year!

David
 
I do have a couple of questions, though. First, is there a big difference between Spyware Doctor and Spyware Blaster, and did I do the right thing by opting for the latter?
Click to expand...
Hi

Not sure what link brought you to Spyware Doctor but it's SpywareBlaster I meant to recommend to you :)

Second, can Spyware Blaster run compatibly with my other anti-virus program, which is Trend Micro PC-cillin?
Click to expand...
Yes, it can.

Third, my subscription to Trend Micro PC-cillin is up for renewal in January, and during this process, I found them to be of very little help. They were my first resource, before I found my way to you, and I found them to be vague and unresponsive. Do you have a suggestion for another anti-virus protection site (even if it's for pay -- Trend Micro runs about $39 a year, I think)? Is Spyware Blaster the same thing? Or Doctor?
Click to expand...
I'd recommend either Antivir or Avast!. Both are free for home use.

And lastly, I still have two tools on my desktop, one of which I installed on 12/20, and that is the ATF Cleaner. Should I uninstall that, or leave it alone? The other is something Trend Micro PC-cillin had me install, which is System Cleaner. It didn't really help, because after I installed it, they never addressed it again. But if I delete that folder icon on my desktop, am I wiping out anything that's imperative for me to keep? It might not be fair for me to even pose the question, since the instruction did not come from you. As I said, it was an early effort made prior to turning to you.
Click to expand...
ATF Cleaner is great tool for cleaning temporary items. Would be good to run it occasionally (once or twice a month) to clean some not needed things. If you are able to uninstall System Cleaner thru add/remove programs and don't need the software then please do so.


Happy Upcoming New Year to you too :)
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top