Vitumonde

Llama · Jan 7, 2008

HJT log (combo fix above)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:19 a.m., on 8/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A} - (no file)
O2 - BHO: (no name) - {81FC19CA-4C54-4AB6-8952-341345BB8E7C} - (no file)
O2 - BHO: (no name) - {A204BC7D-6B84-4915-A629-76F790E96751} - (no file)
O2 - BHO: (no name) - {ACD52C84-DCCD-4A64-ACF3-478DA69B95CF} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5544 bytes

btw, your 1st combo fix link is broken (for me anyway)

ken545 · Jan 7, 2008

Good Morning,

For me it is anyway :laugh: Must be lunch time where your at??

Both Combofix links worked for me, must be on your end.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad

File::
C:\WINDOWS\system32\guard32.dll.vir
C:\WINDOWS\system32\bhuymcss.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81FC19CA-4C54-4AB6-8952-341345BB8E7C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A204BC7D-6B84-4915-A629-76F790E96751}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACD52C84-DCCD-4A64-ACF3-478DA69B95CF}]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

C:\Program Files\STI <--This program may still be infected, you need to uninstall it via the Add Remove Programs in the Control Panel and then reboot and if the STI folder is still present, delete it, then you can reinstall that program if you need it.

Llama · Jan 8, 2008

Logs

For me it is anyway Must be lunch time where your at??

heh, according to me, you posted at 00:45am New Zealand time, so not quite

:

CF log

ComboFix 08-01-07.5 - Joel Gibson 2008-01-09 1:02:03.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.726 [GMT 13:00]
Running from: C:\Documents and Settings\Joel Gibson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joel Gibson\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\bhuymcss.ini
C:\WINDOWS\system32\guard32.dll.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bhuymcss.ini
C:\WINDOWS\system32\guard32.dll.vir

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\SUPERAntiSpyware.com
2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 00:48 . 2008-01-07 00:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-07 00:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 15:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 21:57 . 2007-12-30 21:57 <DIR> d--hs---- C:\FOUND.003
2007-12-29 20:39 . 2007-12-29 20:39 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Command and Conquer 3 Tiberium Wars
2007-12-29 00:06 . 2007-12-29 00:06 <DIR> d-------- C:\Games
2007-12-28 11:29 . 2007-12-28 11:29 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Winamp
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\The Chosen demo
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Frater
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-26 23:00 . 2007-12-26 23:00 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-26 23:00 . 2007-12-26 23:00 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Program Files\COMODO
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Comodo
2007-12-26 18:26 . 2007-12-26 18:26 <DIR> dr-h----- C:\Documents and Settings\Joel Gibson\Application Data\SecuROM
2007-12-26 17:25 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-26 17:25 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-26 17:25 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-26 17:25 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-19 19:57 . 2007-12-26 21:15 1,365 --a------ C:\WINDOWS\wininit.ini
2007-12-11 21:53 . 2007-12-11 21:53 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-10 14:26 . 2007-12-10 14:27 <DIR> d-------- C:\Program Files\Aquaria

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 06:30 --------- d-----w C:\Program Files\Fredryk Phantasy
2007-11-24 02:23 1,128 ----a-w C:\Program Files\log.dat
2007-11-23 08:30 --------- d-----w C:\Documents and Settings\Joel Gibson\Application Data\mIRC
2007-11-22 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-10 03:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-11-08 21:14 --------- d-----w C:\Program Files\Synaesthete
2007-10-30 16:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 14:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-19 22:34 53,880,837 ----a-w C:\Program Files\LastStandInstall.exe
2007-10-19 10:14 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-24 08:18 57,992 ----a-w C:\Documents and Settings\Joel Gibson\Application Data\GDIPFONTCACHEV1.DAT
2006-12-20 01:05 35,511 ----a-w C:\Program Files\ReadMe.txt
2004-11-08 20:22 929,792 ----a-w C:\Program Files\SCZ.exe
2001-11-22 23:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-18 11:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_16.50.18.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-30 19:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
+ 2008-01-06 11:54:08 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-01-06 11:54:08 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-01-06 11:54:08 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
- 2007-07-11 12:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 09:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 12:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 09:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-11 13:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 10:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-07-27 02:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 02:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 07:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 00:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-02 05:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 05:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 03:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-12 22:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
+ 2004-12-06 22:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-12-19 16:40 28672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-21 04:16 37376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-26 23:00 1481472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig]
--a------ 2003-02-10 14:48 192542 C:\IME\IMJP\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 00:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 14:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 00:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-17 22:36 86016 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"rpcapd"=3 (0x3)
"Pctspk"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Fax"=2 (0x2)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-26 23:00]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-26 23:00]
R2 CbmDev1;CbmDev1;C:\WINDOWS\system32\drivers\CbmDev1.sys [1998-01-16 08:43]
R2 CbmDev2;CbmDev2;C:\WINDOWS\system32\drivers\CbmDev2.sys [1998-01-16 08:43]
R2 CbmDev3;CbmDev3;C:\WINDOWS\system32\drivers\CbmDev3.sys [1998-01-16 08:43]
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 01:29:04
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-09 1:29:48
ComboFix-quarantined-files.txt 2008-01-08 12:29:46
ComboFix4.txt 2008-01-05 03:50:52
ComboFix3.txt 2008-01-05 23:11:02
ComboFix2.txt 2008-01-07 11:00:48
.
2008-01-04 23:28:54 --- E O F ---

Llama · Jan 8, 2008

more logs (darn that 20K character cap)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:32:53 a.m., on 9/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5247 bytes

ken545 · Jan 8, 2008

Your log looks fine, but do me a favor, use your computer and post a new HJT log in a few days and lets make sure nothing has returned. You can go ahead and re enable the Tea Timer if you wish.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
TonyKlein CastleCops
Grinler BleepingComputer
Geeks To Go
Dslreports

If you install Spyware Blaster and Spyware Guard, do not enable the Tea Timer in Spybot Search and Destroy or they will conflict.

Here are some free programs to install, don't leave home without them

Spybot Search and Destroy 1.5
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Spyware Blaster It will prevent most spyware from ever being installed.
Spyware Guard It offers realtime protection from spyware installation attempts.
Win Patrol This program will warn you when any changes are being made to your system and give
you the option to deny the change.
IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.

Glad we could help.

Safe Surfn
Ken

Llama · Jan 8, 2008

Thanks!!!

Thanks a bunch for your help. I also got rid of Spirit (the STI programme files folder) since there was a newer version out anyway.

ken545 · Jan 9, 2008

Thats fine, post a log in a few days if you can.

Ken:euro:

Llama · Jan 9, 2008

arg, HJT log

well, the no-names no-files are back

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:50 p.m., on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089BB353-5ED8-4C9B-866C-31605CFD2EFF} - (no file)
O2 - BHO: (no name) - {0F13071E-0B38-4324-839C-CA20E1C8C27C} - (no file)
O2 - BHO: (no name) - {153E1C77-992C-47A7-884D-04C89AF8E73F} - (no file)
O2 - BHO: (no name) - {203f3bcc-2e8e-4b41-ba05-16210261dcfd} - (no file)
O2 - BHO: (no name) - {2B380D9A-61A6-4D9F-97C0-4916CC7003EA} - (no file)
O2 - BHO: (no name) - {2F626105-5DC9-4623-A85B-67E64503249B} - (no file)
O2 - BHO: (no name) - {2F7A9AF9-2277-4C31-B19E-7B09931AC99F} - (no file)
O2 - BHO: (no name) - {31B2E6EC-2CAF-42F2-8A69-D5208B13D3A4} - (no file)
O2 - BHO: (no name) - {3496AEAA-BD5E-4FC9-8E9E-66725F6A545B} - (no file)
O2 - BHO: (no name) - {36330830-6053-4E17-9B59-B55CF7101A19} - (no file)
O2 - BHO: (no name) - {37024FFE-F851-45A4-81DE-372AE57056C3} - (no file)
O2 - BHO: (no name) - {46782F63-2C18-4B43-90EC-C63E8AF6166B} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59DFAEF9-71AB-44D0-ACE5-065317A0B614} - (no file)
O2 - BHO: (no name) - {6AE40AC7-A7FB-4077-B271-5A156B9D980D} - (no file)
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A} - (no file)
O2 - BHO: (no name) - {81FC19CA-4C54-4AB6-8952-341345BB8E7C} - (no file)
O2 - BHO: (no name) - {A204BC7D-6B84-4915-A629-76F790E96751} - (no file)
O2 - BHO: (no name) - {ACD52C84-DCCD-4A64-ACF3-478DA69B95CF} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O2 - BHO: (no name) - {C4D3D881-5B72-4966-8418-4B1C3C6D8D5B} - (no file)
O2 - BHO: (no name) - {C744ED46-F576-4C63-B383-8A80CFCBC5F5} - (no file)
O2 - BHO: (no name) - {CA3EA2D9-48F5-4012-8C1A-10274F99A3FD} - (no file)
O2 - BHO: (no name) - {E5C5FC47-A373-4535-94A4-D37D93300479} - (no file)
O2 - BHO: (no name) - {E735962A-4C19-4447-BE6F-0BA3CE6EAE44} - (no file)
O2 - BHO: (no name) - {E96D4F03-E048-46DD-98D7-B15530AF90EC} - (no file)
O2 - BHO: (no name) - {EE403AD3-4C0A-48D4-9618-BC8D5838CD9E} - (no file)
O2 - BHO: (no name) - {EFD2D48C-972D-48F3-BD00-089DFB39DAEC} - (no file)
O2 - BHO: (no name) - {F5CB5F68-091E-4F25-8998-40B75CF3D268} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: byxyvut - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7389 bytes

sigh

ken545 · Jan 9, 2008

You may still have remnants of the file infecter

Download http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe
to your Desktop.

Double click RenV.exe to run it
It will produce a log for you, please post it.

Llama · Jan 11, 2008

its short....

Code:

Ran on Fri 11/01/2008 - 13:59:56.82

 Entries:                0  (0)
 Directories:            0  Files:             0
 Bytes:                  0  Blocks:            0

uhhh yeah....

ken545 · Jan 11, 2008

We are going go have to start over , drag Combofix to the trash and download the latest version.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Llama · Jan 14, 2008

CF log

ComboFix 08-01-10.2 - Joel Gibson 2008-01-14 14:37:21.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.666 [GMT 13:00]
Running from: C:\Documents and Settings\Joel Gibson\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 14:37 . 2008-01-14 14:37 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-11 13:37 . 2008-01-11 13:37 <DIR> d--hs---- C:\FOUND.004
2008-01-10 16:51 . 2008-01-10 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 11:14 . 2008-01-12 11:25 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 00:48 . 2008-01-07 00:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-07 00:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 15:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 21:57 . 2007-12-30 21:57 <DIR> d--hs---- C:\FOUND.003
2007-12-29 20:39 . 2007-12-29 20:39 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Command and Conquer 3 Tiberium Wars
2007-12-29 00:06 . 2007-12-29 00:06 <DIR> d-------- C:\Games
2007-12-28 11:29 . 2007-12-28 11:29 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Winamp
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\The Chosen demo
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Frater
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-26 23:00 . 2007-12-26 23:00 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-26 23:00 . 2007-12-26 23:00 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Program Files\COMODO
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Comodo
2007-12-26 18:26 . 2007-12-26 18:26 <DIR> dr-h----- C:\Documents and Settings\Joel Gibson\Application Data\SecuROM
2007-12-26 17:25 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-26 17:25 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-26 17:25 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-26 17:25 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-19 19:57 . 2007-12-26 21:15 1,365 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 08:53 --------- d-----w C:\Documents and Settings\Guest\Application Data\ATI
2007-12-10 01:27 --------- d-----w C:\Program Files\Aquaria
2007-11-26 06:30 --------- d-----w C:\Program Files\Fredryk Phantasy
2007-11-24 02:23 1,128 ----a-w C:\Program Files\log.dat
2007-11-23 08:30 --------- d-----w C:\Documents and Settings\Joel Gibson\Application Data\mIRC
2007-11-22 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 16:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 14:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-19 22:34 53,880,837 ----a-w C:\Program Files\LastStandInstall.exe
2007-10-19 10:14 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-06-24 08:18 57,992 ----a-w C:\Documents and Settings\Joel Gibson\Application Data\GDIPFONTCACHEV1.DAT
2006-12-20 01:05 35,511 ----a-w C:\Program Files\ReadMe.txt
2004-11-08 20:22 929,792 ----a-w C:\Program Files\SCZ.exe
2001-11-22 23:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-18 11:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_16.50.18.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-11 03:09:22 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-10 08:02:00 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-07-11 03:09:28 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-10 08:02:06 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-07-11 03:09:28 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-10 08:02:06 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 03:09:30 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-10 08:02:06 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-07-11 03:09:26 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-10 08:02:04 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-07-11 03:09:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-10 08:01:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-07-11 03:09:18 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-10 08:01:58 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-07-11 03:09:34 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-10 08:02:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-07-11 03:09:24 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-10 08:02:02 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 03:09:22 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-10 08:02:00 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-07-11 03:09:18 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-10 08:01:58 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-07-11 03:09:20 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-10 08:01:58 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-07-11 03:09:28 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-10 08:02:06 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-07-11 03:09:28 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-10 08:02:06 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-07-11 03:09:28 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-10 08:02:06 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-07-11 03:09:20 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-10 08:01:58 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-07-11 03:09:20 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-10 08:01:58 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-07-11 03:09:20 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-10 08:02:00 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-07-11 03:09:20 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-10 08:02:00 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-07-11 03:09:20 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-10 08:01:58 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-07-11 03:09:34 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-10 08:02:12 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-07-11 03:09:34 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-10 08:02:12 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-07-11 03:09:16 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-10 08:01:56 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-07-11 03:09:34 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-10 08:02:10 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-07-11 03:09:36 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-10 08:02:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-07-11 03:09:18 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-10 08:01:56 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-07-11 03:09:16 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-10 08:01:56 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-07-11 03:09:18 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-10 08:01:56 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-07-11 03:09:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-10 08:02:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-07-11 03:09:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-10 08:02:00 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-07-11 03:09:32 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-10 08:02:08 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-07-11 03:09:30 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-10 08:02:08 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-07-11 03:09:18 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-10 08:01:58 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-07-11 03:09:28 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-10 08:02:04 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-07-11 03:09:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-10 08:02:02 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-07-11 03:09:22 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-10 08:02:00 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-07-11 03:09:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-10 08:02:02 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2007-07-11 03:09:32 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-10 08:02:10 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-07-11 03:09:30 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-10 08:02:08 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-07-11 03:09:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-10 08:02:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-07-11 03:09:30 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-10 08:02:08 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-07-11 03:09:30 131,072 ----a-w

Llama · Jan 14, 2008

rest of CF log

C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-10 08:02:08 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-07-11 03:09:22 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-10 08:02:00 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-07-11 03:09:24 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-10 08:02:02 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-07-11 03:09:34 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-10 08:02:10 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-07-11 03:09:24 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-10 08:02:02 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-07-11 03:09:24 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-10 08:02:02 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 03:09:26 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-10 08:02:04 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-07-11 03:09:26 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-10 08:02:04 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-07-11 03:09:32 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-10 08:02:10 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-11 00:39:20 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d6652cfc7f6018eed9f5af0ab54a5fbd\Accessibility.ni.dll
+ 2008-01-11 00:39:22 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\092bf3cc8044d2d907d217ddadaee5bf\AspNetMMCExt.ni.dll
+ 2008-01-11 00:39:28 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e916794475f60f6fdeda5abc582ab0e0\CustomMarshalers.ni.dll
+ 2008-01-11 00:39:26 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b287592c089a5c567ff52af8c9bbfd3f\dfsvc.ni.exe
+ 2008-01-11 00:39:30 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a332a2f7f965beb9f3b2661c5b7b7920\Microsoft.Build.Engine.ni.dll
+ 2008-01-11 00:39:30 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4f35fff09ced0739ec67374b29ca257c\Microsoft.Build.Framework.ni.dll
+ 2008-01-11 00:39:36 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\40c449b85be08f74666e578de70723b7\Microsoft.Build.Tasks.ni.dll
+ 2008-01-11 00:39:36 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2892e08fb3b2dd93f88db30da4437a9f\Microsoft.Build.Utilities.ni.dll
+ 2008-01-11 00:39:40 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\25e198cac97b29d08c492bc5388a9fec\Microsoft.VisualBasic.ni.dll
+ 2008-01-10 08:03:12 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\097857e58668b817a121ec3ce567630d\mscorlib.ni.dll
+ 2008-01-11 00:39:42 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\54f291b3d674c2ea212a9244f3ba9fbd\System.Configuration.ni.dll
+ 2008-01-10 08:03:40 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\de60f8011b746695097401a2e8864f85\System.Data.ni.dll
+ 2008-01-11 00:39:44 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\8b1086c976b2577a95e0e7f113caf7bf\System.Deployment.ni.dll
+ 2008-01-10 08:03:56 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\1c7afdf0a3daa75245e3223c7e749eac\System.Design.ni.dll
+ 2008-01-11 00:39:48 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\046eec3d74cec4cd460ff7c1842d257e\System.DirectoryServices.ni.dll
+ 2008-01-11 00:39:48 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5449046c90901704a120252427a00033\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-10 08:04:02 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\d32c8d31662ebdc35e3fe1f900e52c33\System.Drawing.Design.ni.dll
+ 2008-01-10 08:04:00 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a1c1e312f3aff1208af9c5fd10bd184\System.Drawing.ni.dll
+ 2008-01-11 00:39:50 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.ni.dll
+ 2008-01-11 00:39:50 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.Wrapper.dll
+ 2008-01-11 00:39:52 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\8962db3b03601d2c02f3836f1e523170\System.Security.ni.dll
+ 2008-01-11 00:39:54 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\610351fe2a8d287c009a958ac852e2d0\System.Transactions.ni.dll
+ 2008-01-11 00:40:20 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ab2958c06dce21c6cc3515068671c3a9\System.Web.Mobile.ni.dll
+ 2008-01-11 00:40:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\bede7399f09b947c9c27f702bfff7c7a\System.Web.RegularExpressions.ni.dll
+ 2008-01-11 00:40:24 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0c492219b15640ed399b978141942e54\System.Web.Services.ni.dll
+ 2008-01-11 00:40:16 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7a66b932276b50c95261a636d7a51f34\System.Web.ni.dll
+ 2008-01-10 08:04:22 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e623dcb4d8d8e98b71a161981632c5d\System.Windows.Forms.ni.dll
+ 2008-01-10 08:04:32 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c6eff7a5475731ee02f0faf4d10a515b\System.Xml.ni.dll
+ 2008-01-10 08:03:28 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4ab4b57f400696ed7e2da1c9b4e8a210\System.ni.dll
+ 2000-08-30 19:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-14 01:33:48 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 01:33:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 01:33:50 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 01:33:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

sorry i took so long but i went away for a bit

ken545 · Jan 14, 2008

Not a problem on the replies. I do need to see the complete Combofix log and a New HJT log please

Llama · Jan 14, 2008

ehh? im sure i posted a second reply with the rest... basted computer. ahwell here it is again (the whole thing)

ComboFix 08-01-10.2 - Joel Gibson 2008-01-14 14:37:21.5 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.666 [GMT 13:00]
Running from: C:\Documents and Settings\Joel Gibson\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 14:37 . 2008-01-14 14:37 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-01-11 13:37 . 2008-01-11 13:37 <DIR> d--hs---- C:\FOUND.004
2008-01-10 16:51 . 2008-01-10 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-09 11:14 . 2008-01-12 11:25 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 00:48 . 2008-01-07 00:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-07 00:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-05 15:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 21:57 . 2007-12-30 21:57 <DIR> d--hs---- C:\FOUND.003
2007-12-29 20:39 . 2007-12-29 20:39 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Command and Conquer 3 Tiberium Wars
2007-12-29 00:06 . 2007-12-29 00:06 <DIR> d-------- C:\Games
2007-12-28 11:29 . 2007-12-28 11:29 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Winamp
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\The Chosen demo
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Frater
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-26 23:00 . 2007-12-26 23:00 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-26 23:00 . 2007-12-26 23:00 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Program Files\COMODO
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Comodo
2007-12-26 18:26 . 2007-12-26 18:26 <DIR> dr-h----- C:\Documents and Settings\Joel Gibson\Application Data\SecuROM
2007-12-26 17:25 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-26 17:25 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-26 17:25 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-26 17:25 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-19 19:57 . 2007-12-26 21:15 1,365 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 08:53 --------- d-----w C:\Documents and Settings\Guest\Application Data\ATI
2007-12-10 01:27 --------- d-----w C:\Program Files\Aquaria
2007-11-26 06:30 --------- d-----w C:\Program Files\Fredryk Phantasy
2007-11-24 02:23 1,128 ----a-w C:\Program Files\log.dat
2007-11-23 08:30 --------- d-----w C:\Documents and Settings\Joel Gibson\Application Data\mIRC
2007-11-22 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 16:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 14:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-19 22:34 53,880,837 ----a-w C:\Program Files\LastStandInstall.exe
2007-10-19 10:14 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-06-24 08:18 57,992 ----a-w C:\Documents and Settings\Joel Gibson\Application Data\GDIPFONTCACHEV1.DAT
2006-12-20 01:05 35,511 ----a-w C:\Program Files\ReadMe.txt
2004-11-08 20:22 929,792 ----a-w C:\Program Files\SCZ.exe
2001-11-22 23:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-18 11:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-05_16.50.18.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-11 03:09:22 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-01-10 08:02:00 68,608 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2007-07-11 03:09:28 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-01-10 08:02:06 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2007-07-11 03:09:28 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-01-10 08:02:06 4,308,992 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2007-07-11 03:09:30 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-01-10 08:02:06 482,304 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2007-07-11 03:09:26 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2008-01-10 08:02:04 2,902,016 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2007-07-11 03:09:18 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-01-10 08:01:58 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2007-07-11 03:09:18 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2008-01-10 08:01:58 114,176 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2007-07-11 03:09:34 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2008-01-10 08:02:10 260,096 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2007-07-11 03:09:24 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-01-10 08:02:02 5,156,864 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2007-07-11 03:09:22 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-01-10 08:02:00 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2007-07-11 03:09:18 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2008-01-10 08:01:58 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2007-07-11 03:09:20 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-01-10 08:01:58 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2007-07-11 03:09:28 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-01-10 08:02:06 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2007-07-11 03:09:28 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-01-10 08:02:06 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2007-07-11 03:09:28 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-01-10 08:02:06 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2007-07-11 03:09:20 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2008-01-10 08:01:58 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2007-07-11 03:09:20 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2008-01-10 08:01:58 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2007-07-11 03:09:20 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2008-01-10 08:02:00 647,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2007-07-11 03:09:20 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2008-01-10 08:02:00 73,728 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2007-07-11 03:09:20 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-01-10 08:01:58 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2007-07-11 03:09:34 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2008-01-10 08:02:12 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2007-07-11 03:09:34 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2008-01-10 08:02:12 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2007-07-11 03:09:16 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-01-10 08:01:56 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2007-07-11 03:09:34 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-01-10 08:02:10 667,648 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2007-07-11 03:09:36 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2008-01-10 08:02:12 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2007-07-11 03:09:18 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-01-10 08:01:56 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2007-07-11 03:09:16 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-01-10 08:01:56 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2007-07-11 03:09:18 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-01-10 08:01:56 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2007-07-11 03:09:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2008-01-10 08:02:08 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2007-07-11 03:09:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-01-10 08:02:00 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2007-07-11 03:09:32 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2008-01-10 08:02:08 413,696 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2007-07-11 03:09:30 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2008-01-10 08:02:08 716,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2007-07-11 03:09:18 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2008-01-10 08:01:58 888,832 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2007-07-11 03:09:28 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-01-10 08:02:04 5,001,216 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2007-07-11 03:09:22 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2008-01-10 08:02:02 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2007-07-11 03:09:22 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-01-10 08:02:00 397,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2007-07-11 03:09:22 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-01-10 08:02:02 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll

Llama · Jan 14, 2008

the rest

- 2007-07-11 03:09:32 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-01-10 08:02:10 577,536 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2007-07-11 03:09:30 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-01-10 08:02:08 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2007-07-11 03:09:34 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-01-10 08:02:10 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2007-07-11 03:09:30 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-01-10 08:02:08 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2007-07-11 03:09:30 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-01-10 08:02:08 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2007-07-11 03:09:22 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-01-10 08:02:00 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2007-07-11 03:09:24 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-01-10 08:02:02 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2007-07-11 03:09:34 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-01-10 08:02:10 835,584 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2007-07-11 03:09:24 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-01-10 08:02:02 86,016 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2007-07-11 03:09:24 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-01-10 08:02:02 823,296 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2007-07-11 03:09:26 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-01-10 08:02:04 5,152,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2007-07-11 03:09:26 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2008-01-10 08:02:04 2,027,520 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2007-07-11 03:09:32 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-10 08:02:10 2,940,928 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2008-01-11 00:39:20 26,624 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d6652cfc7f6018eed9f5af0ab54a5fbd\Accessibility.ni.dll
+ 2008-01-11 00:39:22 888,832 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\092bf3cc8044d2d907d217ddadaee5bf\AspNetMMCExt.ni.dll
+ 2008-01-11 00:39:28 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\e916794475f60f6fdeda5abc582ab0e0\CustomMarshalers.ni.dll
+ 2008-01-11 00:39:26 15,360 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\b287592c089a5c567ff52af8c9bbfd3f\dfsvc.ni.exe
+ 2008-01-11 00:39:30 880,640 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\a332a2f7f965beb9f3b2661c5b7b7920\Microsoft.Build.Engine.ni.dll
+ 2008-01-11 00:39:30 81,920 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\4f35fff09ced0739ec67374b29ca257c\Microsoft.Build.Framework.ni.dll
+ 2008-01-11 00:39:36 1,687,552 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\40c449b85be08f74666e578de70723b7\Microsoft.Build.Tasks.ni.dll
+ 2008-01-11 00:39:36 163,840 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\2892e08fb3b2dd93f88db30da4437a9f\Microsoft.Build.Utilities.ni.dll
+ 2008-01-11 00:39:40 1,720,320 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\25e198cac97b29d08c492bc5388a9fec\Microsoft.VisualBasic.ni.dll
+ 2008-01-10 08:03:12 11,304,960 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\097857e58668b817a121ec3ce567630d\mscorlib.ni.dll
+ 2008-01-11 00:39:42 1,003,520 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\54f291b3d674c2ea212a9244f3ba9fbd\System.Configuration.ni.dll
+ 2008-01-10 08:03:40 6,676,480 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\de60f8011b746695097401a2e8864f85\System.Data.ni.dll
+ 2008-01-11 00:39:44 1,724,416 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\8b1086c976b2577a95e0e7f113caf7bf\System.Deployment.ni.dll
+ 2008-01-10 08:03:56 10,702,848 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\1c7afdf0a3daa75245e3223c7e749eac\System.Design.ni.dll
+ 2008-01-11 00:39:48 1,216,512 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\046eec3d74cec4cd460ff7c1842d257e\System.DirectoryServices.ni.dll
+ 2008-01-11 00:39:48 512,000 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\5449046c90901704a120252427a00033\System.DirectoryServices.Protocols.ni.dll
+ 2008-01-10 08:04:02 229,376 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\d32c8d31662ebdc35e3fe1f900e52c33\System.Drawing.Design.ni.dll
+ 2008-01-10 08:04:00 1,601,536 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a1c1e312f3aff1208af9c5fd10bd184\System.Drawing.ni.dll
+ 2008-01-11 00:39:50 659,456 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.ni.dll
+ 2008-01-11 00:39:50 294,912 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a50404715d38a9b2035dcac4d5fbf9c8\System.EnterpriseServices.Wrapper.dll
+ 2008-01-11 00:39:52 729,088 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\8962db3b03601d2c02f3836f1e523170\System.Security.ni.dll
+ 2008-01-11 00:39:54 684,032 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\610351fe2a8d287c009a958ac852e2d0\System.Transactions.ni.dll
+ 2008-01-11 00:40:20 2,306,048 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\ab2958c06dce21c6cc3515068671c3a9\System.Web.Mobile.ni.dll
+ 2008-01-11 00:40:20 237,568 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\bede7399f09b947c9c27f702bfff7c7a\System.Web.RegularExpressions.ni.dll
+ 2008-01-11 00:40:24 1,941,504 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\0c492219b15640ed399b978141942e54\System.Web.Services.ni.dll
+ 2008-01-11 00:40:16 12,185,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7a66b932276b50c95261a636d7a51f34\System.Web.ni.dll
+ 2008-01-10 08:04:22 13,107,200 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e623dcb4d8d8e98b71a161981632c5d\System.Windows.Forms.ni.dll
+ 2008-01-10 08:04:32 5,623,808 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c6eff7a5475731ee02f0faf4d10a515b\System.Xml.ni.dll
+ 2008-01-10 08:03:28 8,130,560 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4ab4b57f400696ed7e2da1c9b4e8a210\System.ni.dll
+ 2000-08-30 19:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-14 01:33:48 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-14 01:33:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-14 01:33:50 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-14 01:33:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-14 01:33:50 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-14 01:33:50 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2000-08-30 19:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE
- 2006-04-20 10:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:56 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-07-11 12:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-24 09:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-11 12:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-24 09:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-11 13:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-09-24 10:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2007-07-27 02:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 02:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 07:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 00:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
- 2007-12-02 23:00:06 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-08-02 05:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-02 05:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 03:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-12 22:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2007-07-11 03:09:44 71,346 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-10 08:02:18 71,346 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-11 03:09:44 421,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-10 08:02:18 421,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-12-06 22:11:34 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089BB353-5ED8-4C9B-866C-31605CFD2EFF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F13071E-0B38-4324-839C-CA20E1C8C27C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153E1C77-992C-47A7-884D-04C89AF8E73F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{203f3bcc-2e8e-4b41-ba05-16210261dcfd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B380D9A-61A6-4D9F-97C0-4916CC7003EA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F626105-5DC9-4623-A85B-67E64503249B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F7A9AF9-2277-4C31-B19E-7B09931AC99F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B2E6EC-2CAF-42F2-8A69-D5208B13D3A4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3496AEAA-BD5E-4FC9-8E9E-66725F6A545B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36330830-6053-4E17-9B59-B55CF7101A19}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37024FFE-F851-45A4-81DE-372AE57056C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46782F63-2C18-4B43-90EC-C63E8AF6166B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59DFAEF9-71AB-44D0-ACE5-065317A0B614}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AE40AC7-A7FB-4077-B271-5A156B9D980D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81FC19CA-4C54-4AB6-8952-341345BB8E7C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A204BC7D-6B84-4915-A629-76F790E96751}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACD52C84-DCCD-4A64-ACF3-478DA69B95CF}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4D3D881-5B72-4966-8418-4B1C3C6D8D5B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C744ED46-F576-4C63-B383-8A80CFCBC5F5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA3EA2D9-48F5-4012-8C1A-10274F99A3FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C5FC47-A373-4535-94A4-D37D93300479}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E735962A-4C19-4447-BE6F-0BA3CE6EAE44}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96D4F03-E048-46DD-98D7-B15530AF90EC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE403AD3-4C0A-48D4-9618-BC8D5838CD9E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFD2D48C-972D-48F3-BD00-089DFB39DAEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CB5F68-091E-4F25-8998-40B75CF3D268}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-12-19 16:40 28672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-21 04:16 37376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-26 23:00 1481472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig]
--a------ 2003-02-10 14:48 192542 C:\IME\IMJP\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 00:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 14:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 00:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-17 22:36 86016 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"rpcapd"=3 (0x3)
"Pctspk"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Fax"=2 (0x2)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-26 23:00]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-26 23:00]
R2 CbmDev1;CbmDev1;C:\WINDOWS\system32\drivers\CbmDev1.sys [1998-01-16 08:43]
R2 CbmDev2;CbmDev2;C:\WINDOWS\system32\drivers\CbmDev2.sys [1998-01-16 08:43]
R2 CbmDev3;CbmDev3;C:\WINDOWS\system32\drivers\CbmDev3.sys [1998-01-16 08:43]
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 14:58:49
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-14 14:59:42
ComboFix-quarantined-files.txt 2008-01-14 01:59:40
ComboFix5.txt 2008-01-05 03:50:52
ComboFix4.txt 2008-01-05 23:11:02
ComboFix3.txt 2008-01-07 11:00:48
ComboFix2.txt 2008-01-08 12:29:50
.
2008-01-09 03:47:56 --- E O F ---

ken545 · Jan 14, 2008

Hello,

Listen, you need to read the instructions I post and follow them or your just going to slow down the removal process, I asked twice for a new HJT log and do not see it, I also asked that you keep the TeaTimer disabled and its still running. The TeaTimer will most times prevent these removals. There are no files associated with these bad entries so they should go with no problem, but there not.

Disable the TeaTime and shutdown your Anti Virus software.

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad. Make sure there is no space above and to the left of File::

File::
C:\WINDOWS\system32\guard32.dll.vir

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{089BB353-5ED8-4C9B-866C-31605CFD2EFF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F13071E-0B38-4324-839C-CA20E1C8C27C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153E1C77-992C-47A7-884D-04C89AF8E73F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{203f3bcc-2e8e-4b41-ba05-16210261dcfd}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B380D9A-61A6-4D9F-97C0-4916CC7003EA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F626105-5DC9-4623-A85B-67E64503249B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F7A9AF9-2277-4C31-B19E-7B09931AC99F}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B2E6EC-2CAF-42F2-8A69-D5208B13D3A4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3496AEAA-BD5E-4FC9-8E9E-66725F6A545B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36330830-6053-4E17-9B59-B55CF7101A19}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37024FFE-F851-45A4-81DE-372AE57056C3}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46782F63-2C18-4B43-90EC-C63E8AF6166B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59DFAEF9-71AB-44D0-ACE5-065317A0B614}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AE40AC7-A7FB-4077-B271-5A156B9D980D}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77C5A4AE-A217-4EF2-A70A-2A41D7D75B0A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81FC19CA-4C54-4AB6-8952-341345BB8E7C}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A204BC7D-6B84-4915-A629-76F790E96751}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACD52C84-DCCD-4A64-ACF3-478DA69B95CF}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4D3D881-5B72-4966-8418-4B1C3C6D8D5B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C744ED46-F576-4C63-B383-8A80CFCBC5F5}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA3EA2D9-48F5-4012-8C1A-10274F99A3FD}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C5FC47-A373-4535-94A4-D37D93300479}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E735962A-4C19-4447-BE6F-0BA3CE6EAE44}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E96D4F03-E048-46DD-98D7-B15530AF90EC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE403AD3-4C0A-48D4-9618-BC8D5838CD9E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EFD2D48C-972D-48F3-BD00-089DFB39DAEC}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CB5F68-091E-4F25-8998-40B75CF3D268}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvut]

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
together with a new HijackThis log.

Llama · Jan 17, 2008

logs

i figured that there is a certian time that you have to wait before posting another reply which was why the HJT logs werent comming through. anyway

ComboFix 08-01-18.1 - Joel Gibson 2008-01-18 10:52:57.6 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.686 [GMT 13:00]
Running from: C:\Documents and Settings\Joel Gibson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joel Gibson\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\guard32.dll.vir
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\guard32.dll.vir

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-18 10:49 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 14:20 . 2008-01-17 14:20 <DIR> d-------- C:\DRW-1608P3S
2008-01-14 17:39 . 2008-01-14 17:39 <DIR> d--hs---- C:\FOUND.005
2008-01-11 13:37 . 2008-01-11 13:37 <DIR> d--hs---- C:\FOUND.004
2008-01-11 13:29 . 2008-01-11 13:29 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-01-10 16:51 . 2008-01-10 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 00:54 . 2008-01-07 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 00:48 . 2008-01-07 00:48 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-07 00:48 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-06 12:57 . 2008-01-06 12:57 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-12-30 21:57 . 2007-12-30 21:57 <DIR> d--hs---- C:\FOUND.003
2007-12-29 20:39 . 2007-12-29 20:39 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Command and Conquer 3 Tiberium Wars
2007-12-29 00:06 . 2007-12-29 00:06 <DIR> d-------- C:\Games
2007-12-28 11:29 . 2007-12-28 11:29 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Winamp
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\The Chosen demo
2007-12-27 18:08 . 2007-12-27 18:08 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Frater
2007-12-26 23:00 . 2007-12-26 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-12-26 23:00 . 2007-12-26 23:00 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-26 23:00 . 2007-12-26 23:00 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Program Files\COMODO
2007-12-26 21:21 . 2007-12-26 21:21 <DIR> d-------- C:\Documents and Settings\Joel Gibson\Application Data\Comodo
2007-12-26 18:26 . 2007-12-26 18:26 <DIR> dr-h----- C:\Documents and Settings\Joel Gibson\Application Data\SecuROM
2007-12-26 17:25 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-12-26 17:25 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2007-12-26 17:25 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2007-12-26 17:25 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2007-12-19 19:57 . 2007-12-26 21:15 1,365 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 08:53 --------- d-----w C:\Documents and Settings\Guest\Application Data\ATI
2007-12-10 01:27 --------- d-----w C:\Program Files\Aquaria
2007-11-26 06:30 --------- d-----w C:\Program Files\Fredryk Phantasy
2007-11-24 02:23 1,128 ----a-w C:\Program Files\log.dat
2007-11-23 08:30 --------- d-----w C:\Documents and Settings\Joel Gibson\Application Data\mIRC
2007-11-22 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 16:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-21 14:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-19 22:34 53,880,837 ----a-w C:\Program Files\LastStandInstall.exe
2007-10-19 10:14 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2007-06-24 08:18 57,992 ----a-w C:\Documents and Settings\Joel Gibson\Application Data\GDIPFONTCACHEV1.DAT
2006-12-20 01:05 35,511 ----a-w C:\Program Files\ReadMe.txt
2004-11-08 20:22 929,792 ----a-w C:\Program Files\SCZ.exe
2001-11-22 23:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-18 11:41 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2008-01-14_14.59.10.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-14 01:33:48 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 21:50:02 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-14 01:33:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 21:50:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-14 01:33:50 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 21:50:02 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-14 01:33:50 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 21:50:02 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-14 01:33:50 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 21:50:04 7,139,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-14 01:33:50 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 21:50:04 364,544 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-12-19 16:40 28672]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-21 04:16 37376]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-12-26 23:00 1481472]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imjpmig]
--a------ 2003-02-10 14:48 192542 C:\IME\IMJP\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2004-08-05 00:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 14:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 14:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2004-08-05 00:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE]
--a------ 2001-08-17 22:36 86016 C:\WINDOWS\system32\pctspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-05 00:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"rpcapd"=3 (0x3)
"Pctspk"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Fax"=2 (0x2)

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-26 23:00]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-26 23:00]
R2 CbmDev1;CbmDev1;C:\WINDOWS\system32\drivers\CbmDev1.sys [1998-01-16 08:43]
R2 CbmDev2;CbmDev2;C:\WINDOWS\system32\drivers\CbmDev2.sys [1998-01-16 08:43]
R2 CbmDev3;CbmDev3;C:\WINDOWS\system32\drivers\CbmDev3.sys [1998-01-16 08:43]
S3 ipw_mdfl;Wireless Broadband Modem Filter;C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM);C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 13:28]
S4 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 22:36]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 11:16:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-01-18 11:17:07
ComboFix-quarantined-files.txt 2008-01-17 22:17:04
ComboFix5.txt 2008-01-05 23:11:02
ComboFix4.txt 2008-01-07 11:00:48
ComboFix3.txt 2008-01-08 12:29:50
ComboFix2.txt 2008-01-14 01:59:44
.
2008-01-09 03:47:56 --- E O F ---

Llama · Jan 17, 2008

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:29 a.m., on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera 9\Opera.exe
C:\Program Files\Trend Micro\HijackThis\Safer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-nz\msntb.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5037 bytes

ken545 · Jan 17, 2008

Log looks good :bigthumb:

You can delete these files if you find them.

C:\FOUND.005
C:\FOUND.004
C:\FOUND.003

Run HJT in a few days and let me know how your doing, if those entries return we will have to dig deeper.

Ken:cowboy:

Vitumonde

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert