Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde ?


  • This topic is locked This topic is locked
25 replies to this topic

#1 Bill Taggart

Bill Taggart

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 07:00 AM

Hi great gurus of cleanliness - friend's laptop giving me fits. Tried virus scans, spybot, adaware, ubcd virus scanner, smitfruadfix, macafee stinger, and combo fix. Here is the output from hijack this;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:40 AM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\TEMP\WV48A8.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\ehome\bak\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Samantha\My Documents\hiJACK_BILL\HiJackThis.exe

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mxsvxgjs.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [d0987edd] rundll32.exe "C:\WINDOWS\system32\oddxkmvb.dll",b
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\FNTS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Xdsxxp] C:\WINDOWS\system32\??pPatch\c?rss.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7947 bytes

BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 07:09 AM

Hi there,

Please download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

jedi

#3 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 09:00 AM

output - - findawf - Thanks



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 11/11/2007
The current time is: 8:53:06.46


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

03/15/2007 10:09 AM 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NETWAI~1\BAK

09/10/2003 02:24 AM 20,480 netWaiting.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\ONLINE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

09/29/2005 02:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

12/13/2005 11:41 PM 77,824 hkcmd.exe
12/13/2005 11:45 PM 118,784 igfxpers.exe
12/13/2005 11:44 PM 98,304 igfxtray.exe
3 File(s) 294,912 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

12/09/2005 08:29 PM 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

12/06/2005 10:45 AM 839,680 quickset.exe
1 File(s) 839,680 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

05/11/2005 10:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

08/12/2005 03:16 PM 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK

11/16/2006 12:42 PM 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

11/29/2005 06:56 PM 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\TRENDM~1\OFFICE~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 01:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

02/17/2006 11:59 AM 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\LAUNCH\BAK

04/20/2006 12:10 PM 50,792 AOLLaunch.exe
1 File(s) 50,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

06/10/2005 10:44 AM 81,920 issch.exe
06/10/2005 10:44 AM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

12/28/2005 11:56 AM 602,182 ifrmewrk.exe
12/28/2005 11:55 AM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114692~1\EE\BAK

04/20/2006 12:10 PM 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
28176 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
102400 Nov 12 2006 "C:\Documents and Settings\Samantha\Desktop\iTunesIco.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 5 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Dec 5 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
28176 Oct 2 2007 "C:\Program Files\NetWaiting\netWaiting.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\netWaiting.exe"
28176 Oct 2 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
28176 Oct 2 2007 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
28176 Oct 2 2007 "C:\WINDOWS\system32\hkcmd.exe"
77824 Dec 13 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
28176 Oct 2 2007 "C:\WINDOWS\system32\igfxpers.exe"
118784 Dec 13 2005 "C:\drivers\video\onboard\igfxpers.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
28176 Oct 2 2007 "C:\WINDOWS\system32\igfxtray.exe"
98304 Dec 13 2005 "C:\drivers\video\onboard\igfxtray.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
28176 Oct 2 2007 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
28176 Oct 2 2007 "C:\Program Files\Dell\QuickSet\quickset.exe"
839680 Dec 6 2005 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
28176 Oct 2 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28176 Oct 2 2007 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
28176 Oct 2 2007 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
28176 Oct 2 2007 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Nov 29 2005 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Nov 29 2005 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
28176 Oct 2 2007 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aollaunch.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1146927222\ee\aollaunch.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\Launch\bak\AOLLaunch.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
28176 Oct 2 2007 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
28176 Oct 2 2007 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\AOL\1146927222\ee\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1146927222\ee\bak\AOLSoftware.exe"


end of report

#4 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 09:52 AM

Hi again,

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\DellSupport\bak\DSAgnt.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\NetWaiting\bak\netWaiting.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell\QuickSet\bak\quickset.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
"C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\AOL\Launch\bak\AOLLaunch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
28176 Oct 2 2007 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
"C:\Program Files\Common Files\AOL\1146927222\ee\bak\AOLSoftware.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

jedi

#5 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 10:08 AM

I got a widows security alert about not having an original copy of the file and needed xp disc 2 - which I don't have so I hit ignore.


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2007-11-11
The current time is: 10:03:55.50


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DELLSU~1\BAK

2007-03-15 10:09 460,784 DSAgnt.exe
1 File(s) 460,784 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

2006-10-30 09:36 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\NETWAI~1\BAK

2003-09-10 02:24 20,480 netWaiting.exe
1 File(s) 20,480 bytes

Directory of C:\PROGRA~1\ONLINE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2006-10-25 18:58 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 14:01 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2005-12-13 23:41 77,824 hkcmd.exe
2005-12-13 23:45 118,784 igfxpers.exe
2005-12-13 23:44 98,304 igfxtray.exe
3 File(s) 294,912 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

2005-12-09 20:29 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

2005-12-06 10:45 839,680 quickset.exe
1 File(s) 839,680 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

2005-05-11 22:12 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

2005-08-12 15:16 1,121,792 MSKDetct.exe
1 File(s) 1,121,792 bytes

Directory of C:\PROGRA~1\PLAXO\2121~1.1\BAK

2006-11-16 12:42 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

2005-11-29 18:56 761,947 SynTPEnh.exe
1 File(s) 761,947 bytes

Directory of C:\PROGRA~1\TRENDM~1\OFFICE~1\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

2004-12-06 01:05 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

2006-02-17 11:59 124,520 IPHSend.exe
1 File(s) 124,520 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\LAUNCH\BAK

2006-04-20 12:10 50,792 AOLLaunch.exe
1 File(s) 50,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

2005-06-10 10:44 81,920 issch.exe
2005-06-10 10:44 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

2005-12-28 11:56 602,182 ifrmewrk.exe
2005-12-28 11:55 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\114692~1\EE\BAK

2006-04-20 12:10 50,792 AOLSoftware.exe
1 File(s) 50,792 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

460784 Mar 15 2007 "C:\Program Files\DellSupport\DSAgnt.exe"
460784 Mar 15 2007 "C:\Program Files\DellSupport\bak\DSAgnt.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
102400 Nov 12 2006 "C:\Documents and Settings\Samantha\Desktop\iTunesIco.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Dec 5 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Dec 5 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\netWaiting.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\netWaiting.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\qttask.exe"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Dec 13 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Dec 13 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\igfxpers.exe"
118784 Dec 13 2005 "C:\drivers\video\onboard\igfxpers.exe"
118784 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\igfxtray.exe"
98304 Dec 13 2005 "C:\drivers\video\onboard\igfxtray.exe"
98304 Dec 13 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
839680 Dec 6 2005 "C:\Program Files\Dell\QuickSet\quickset.exe"
839680 Dec 6 2005 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
1121792 Aug 12 2005 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.11.1.5\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe"
182860 Apr 12 2006 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
183367 Aug 30 2006 "C:\Program Files\Plaxo\2.6.2.15\PlaxoHelper.exe"
183367 Nov 16 2006 "C:\Program Files\Plaxo\2.12.1.1\bak\PlaxoHelper.exe"
761947 Nov 29 2005 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761947 Nov 29 2005 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761947 Nov 29 2005 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aollaunch.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1146927222\ee\aollaunch.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\Launch\bak\AOLLaunch.exe"
28176 Oct 2 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
50736 Sep 25 2006 "C:\Program Files\AIM6\aolsoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1146927222\ee\AOLSoftware.exe"
50792 Apr 20 2006 "C:\Program Files\Common Files\AOL\1146927222\ee\bak\AOLSoftware.exe"


end of report

#6 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 10:59 AM

Hi again,

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:



C:\Program Files\DellSupport\bak
C:\Program Files\iTunes\bak
C:\Program Files\NetWaiting\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\QuickSet\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\McAfee\SpamKiller\bak
C:\Program Files\Plaxo\2.12.1.1\bak
C:\Program Files\Synaptics\SynTP\bak
C:\WINDOWS\system32\dla\bak
C:\Program Files\Common Files\AOL\Launch\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Common Files\AOL\1146927222\ee\bak


Next, close and click Yes to save the changes.

Once folders.txt is saved, FindAWF does the following:
-It deletes the contents of the bak folders
-Removes the bak folders

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply.

jedi

Edited by jedi, 11 November 2007 - 10:59 AM.


#7 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 11:24 AM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-11-11
The current time is: 11:22:05.70


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ONLINE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\TRENDM~1\OFFICE~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

2006-02-17 11:59 124,520 IPHSend.exe
1 File(s) 124,520 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28176 Oct 2 2007 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
124520 Feb 17 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"


end of report

#8 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 12:54 PM

Hi again,

Double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 4 then Enter to reset domain zones

This removes all entries from the domain zones.
When the program returns to the main menu, use the following option:
Press E then Enter to EXIT

Next:

1. Download this file -
ComboFix
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

jedi

#9 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 01:45 PM

ComboFix 07-11-08.1 - Samantha 2007-11-11 13:28:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.514 [GMT -5:00]
Running from: C:\Documents and Settings\Samantha\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Samantha\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\mxsvxgjs.dllbox
C:\WINDOWS\system32\pmkji.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Samantha\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\mllmk.dll
C:\WINDOWS\system32\mxsvxgjs.dllbox

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-11 06:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-11 05:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-11 05:02 88,128 --a------ C:\WINDOWS\system32\oddxkmvb.dll
2007-11-11 04:59 79,936 --a------ C:\WINDOWS\system32\eyxkcocs.dll
2007-11-11 04:53 71,232 --a------ C:\WINDOWS\system32\mfjdurjw.exe
2007-11-11 04:51 145,984 --a------ C:\WINDOWS\system32\vppyueqj.dll
2007-11-11 04:51 145,984 --a------ C:\WINDOWS\system32\mxsvxgjs.dll
2007-11-10 07:56 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-10 07:23 <DIR> d-------- C:\Documents and Settings\Samantha\.housecall6.6
2007-11-10 01:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-10 01:26 3,966 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 01:17 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-11-09 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-09 19:33 77,888 --a------ C:\WINDOWS\system32\pogqyqag.dll
2007-11-09 19:30 88,128 --a------ C:\WINDOWS\system32\ulyiiecf.dll
2007-11-09 19:27 71,232 --a------ C:\WINDOWS\system32\orwabwtm.exe
2007-11-09 19:24 145,984 --a------ C:\WINDOWS\system32\kdyfklss.dll
2007-11-09 17:31 <DIR> d-------- C:\Program Files\CCleaner
2007-11-04 20:41 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-04 18:35 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-04 15:48 196,678 --a------ C:\WINDOWS\system32\nwinmldq.exe
2007-11-04 15:48 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-04 15:47 123,908 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-04 15:45 35,840 -ra------ C:\WINDOWS\mrofinu77.exe
2007-11-04 15:44 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-04 15:44 <DIR> d-------- C:\Temp\mZOr
2007-11-04 15:44 36,352 --a------ C:\WINDOWS\system32\mljjgda.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 16:22 --------- d-----w C:\Program Files\QuickTime
2007-11-11 16:22 --------- d-----w C:\Program Files\NetWaiting
2007-11-11 16:22 --------- d-----w C:\Program Files\iTunes
2007-11-11 16:22 --------- d-----w C:\Program Files\DellSupport
2007-11-10 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-10 13:21 --------- d-----w C:\Program Files\Viewpoint
2007-11-10 03:11 --------- d-----w C:\Program Files\Java
2007-11-04 20:29 --------- d-----w C:\Documents and Settings\Samantha\Application Data\Ruckus Network
2007-10-09 22:57 --------- d--h--w C:\Documents and Settings\Samantha\Application Data\Move Networks
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2006-11-10 00:10 251 ----a-w C:\Program Files\wt3d.ini
2007-04-17 22:43:55 56 --sh--r C:\WINDOWS\system32\63B4F11BE8.sys
2007-04-17 22:43:55 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_ 9.57.55.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-27 15:17:10 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2007-05-17 11:25:21 549,888 ----a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:41:38 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38 142,336 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49 726,528 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-19 13:59:58 713,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:17 122,880 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-19 21:50:10 8,458,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-07-18 10:33:06 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-06-19 13:37:21 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll

#10 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 02:21 PM

Hi,

Looks like you cut off the rest of the report, can I see it please? There's a word limit on these posts.

jedi

#11 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 03:34 PM

sorry - part duo

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
- 2005-06-23 00:30:54 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 09:53:04 2,137,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:34:40 2,056,832 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 09:15:56 2,059,392 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-06-23 00:05:49 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:15:59 2,017,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:59:53 2,179,328 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2007-02-28 09:55:14 2,182,144 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2007-10-02 23:39:33 28,176 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2005-09-29 19:01:14 67,584 ----a-w C:\WINDOWS\ehome\ehtray.exe
- 2004-08-10 10:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-10 10:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2006-06-23 11:25:29 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-06-23 11:25:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-10 10:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2006-06-23 11:25:29 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-10-02 23:39:33 28,176 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
+ 2004-12-06 06:05:00 127,035 ----a-w C:\WINDOWS\system32\dla\tfswctrl.exe
+ 2006-08-16 11:58:05 100,352 ------w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-25 15:45:58 617,472 ------w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2007-05-16 15:12:00 86,528 ------w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-06-13 10:23:07 1,033,216 ------w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2006-07-05 10:55:01 984,064 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ------w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-03-08 15:36:28 40,960 ------w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2006-11-01 19:17:45 927,504 ------w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-10-14 08:13:25 981,760 ------w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-12-26 13:07:23 536,576 ------w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 180,224 ------w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 200,704 ------w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-11-27 14:54:06 539,136 ------w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-12-26 13:07:23 102,400 ------w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2007-05-16 15:12:08 1,314,816 ------w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-06-26 06:08:16 1,104,896 ------w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2006-07-14 15:31:39 332,288 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ------w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2007-02-09 11:10:35 574,464 ------w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 09:53:04 2,137,600 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 09:15:56 2,059,392 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:55:14 2,182,144 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2006-10-13 12:35:12 64,000 ------w C:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:35:12 142,336 ------w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 10:23:15 163,584 ------w C:\WINDOWS\system32\dllcache\nwrdr.sys
+ 2006-10-13 12:35:12 65,536 ------w C:\WINDOWS\system32\dllcache\nwwks.dll
+ 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2006-10-16 16:15:00 122,880 ------w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-11-27 14:54:06 433,152 ------w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2007-04-25 14:21:15 144,896 ------w C:\WINDOWS\system32\dllcache\schannel.dll
- 2006-07-13 13:33:27 8,453,632 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2006-12-19 21:52:18 134,656 ------w C:\WINDOWS\system32\dllcache\shsvcs.dll
- 2006-04-21 06:12:27 332,800 ------w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 ------w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-10-19 13:56:32 713,216 ------w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2007-04-23 10:32:54 364,160 ------w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-02-05 20:17:02 185,344 ------w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-03-08 15:36:28 577,536 ------w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-05-16 15:12:12 510,976 ------w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:15 85,504 ------w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2006-12-19 18:16:47 333,824 ------w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2007-03-08 13:47:48 1,843,584 ------w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2007-03-17 13:43:01 292,864 ------w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2006-08-17 12:28:27 132,096 ------w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-10 10:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-10 10:00:00 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
- 2006-04-21 06:12:27 332,800 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-10 10:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-10 10:00:00 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2006-06-23 11:25:29 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-06-23 11:25:29 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-06-23 11:25:29 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-08-31 00:38:43 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-11 17:27:04 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2005-12-29 02:54:35 280,064 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-10-02 23:39:33 28,176 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2005-12-14 04:41:08 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
- 2006-06-23 11:25:30 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-10-02 23:39:33 28,176 ----a-w C:\WINDOWS\system32\igfxpers.exe
+ 2005-12-14 04:45:00 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
- 2007-10-02 23:39:33 28,176 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2005-12-14 04:44:18 98,304 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2006-06-23 11:25:30 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-06-23 11:25:30 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2006-07-05 10:55:01 984,064 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-10-28 01:21:01 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-10 10:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-10 10:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-10 10:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-10 10:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2006-07-28 11:30:52 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-06-23 11:25:30 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-06-23 11:25:30 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-06-23 11:25:30 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-10 10:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2006-07-14 15:31:39 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2005-06-23 00:05:49 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2005-06-23 00:30:54 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:53:04 2,137,600 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-10 10:00:00 58,880 ----a-w C:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
- 2004-08-10 10:00:00 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2005-08-11 15:09:59 65,024 ----a-w C:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
- 2004-08-10 10:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-10 10:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2006-06-23 11:25:30 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-10 10:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-10 10:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2006-06-23 11:25:30 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-07-13 13:33:27 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-06-23 11:25:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-10 10:00:00 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
- 2004-08-10 10:00:00 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2004-08-10 10:00:00 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2006-07-25 20:42:23 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2005-03-02 18:09:30 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-10 10:00:00 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2005-10-06 00:05:59 1,839,488 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
- 2006-06-23 11:25:31 664,576 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
- 2005-09-01 01:41:54 291,840 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-10 10:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-09-01 22:53:28 176,195 ----a-w C:\WINDOWS\TEMP\CW5A33.EXE
+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe
----a-w 28,176 2007-10-02 23:39:33 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
2007-11-04 15:44 36352 --a------ C:\WINDOWS\system32\mljjgda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-11 04:51 145984 --a------ C:\WINDOWS\system32\mxsvxgjs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA1BD342-B7D6-44EA-8CDD-D079A8CE1E93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb75412a-7b71-4134-abb1-3d10665388ae}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb472d90-3127-4210-bdba-90b121825c9a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5095bde-a8f1-40de-9603-4a9ec06d0959}]
2007-11-11 04:59 79936 --a------ C:\WINDOWS\system32\eyxkcocs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mxsvxgjs.dll [2007-11-11 04:51 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mxsvxgjs.dll [2007-11-11 04:51 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2007-10-02 18:39]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2007-10-02 18:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-09-01 17:58]
"d0987edd"="C:\WINDOWS\system32\oddxkmvb.dll" [2007-11-11 05:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"="C:\PROGRA~1\FNTS~1\logonui.exe" []
"Xdsxxp"="C:\WINDOWS\system32\??pPatch\c?rss.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-02 17:36:45]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\mljjgda.dll [2007-11-04 15:44 36352]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgda]
mljjgda.dll 2007-11-04 15:44 36352 C:\WINDOWS\system32\mljjgda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxsvxgjs]
mxsvxgjs.dll 2007-11-11 04:51 145984 C:\WINDOWS\system32\mxsvxgjs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkji.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92b0f2d4-903b-11dc-80a9-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL website\index.html

.
Contents of the 'Scheduled Tasks' folder
"2007-10-30 15:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 13:38:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 13:42:46 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-11 06:06
.
--- E O F ---

#12 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 04:23 PM

Hi,

Open notepad and copy/paste the text in the quotebox below into it (do not include the word ‘Quote’)

File::
C:\WINDOWS\system32\oddxkmvb.dll
C:\WINDOWS\system32\eyxkcocs.dll
C:\WINDOWS\system32\mfjdurjw.exe
C:\WINDOWS\system32\vppyueqj.dll
C:\WINDOWS\system32\mxsvxgjs.dll
C:\WINDOWS\system32\pogqyqag.dll
C:\WINDOWS\system32\ulyiiecf.dll
C:\WINDOWS\system32\orwabwtm.exe
C:\WINDOWS\system32\kdyfklss.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\nwinmldq.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\system32\mljjgda.dll
Folder::
C:\WINDOWS\system32\Mz08r
C:\Temp\mZOr
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA1BD342-B7D6-44EA-8CDD-D079A8CE1E93}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb75412a-7b71-4134-abb1-3d10665388ae}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cb472d90-3127-4210-bdba-90b121825c9a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5095bde-a8f1-40de-9603-4a9ec06d0959}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d0987edd"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uaol"=-
"Xdsxxp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{634BBAB7-3F60-4426-944F-A62B9007F67F}"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjgda]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mxsvxgjs]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0


Save this as CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

jedi

Edited by jedi, 11 November 2007 - 04:27 PM.


#13 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 04:57 PM

ComboFix 07-11-08.1 - Samantha 2007-11-11 16:34:33.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT -5:00]
Running from: C:\Documents and Settings\Samantha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samantha\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\eyxkcocs.dll
C:\WINDOWS\system32\kdyfklss.dll
C:\WINDOWS\system32\mfjdurjw.exe
C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\system32\mxsvxgjs.dll
C:\WINDOWS\system32\nwinmldq.exe
C:\WINDOWS\system32\oddxkmvb.dll
C:\WINDOWS\system32\orwabwtm.exe
C:\WINDOWS\system32\pogqyqag.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\ulyiiecf.dll
C:\WINDOWS\system32\vppyueqj.dll
C:\WINDOWS\system32\vvgeowbv.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Samantha\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Samantha\Favorites\Online Security Guide.lnk
C:\Temp\mZOr
C:\Temp\mZOr\tOasF.log
C:\WINDOWS\mrofinu77.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\eyxkcocs.dll
C:\WINDOWS\system32\kdyfklss.dll
C:\WINDOWS\system32\mfjdurjw.exe
C:\WINDOWS\system32\mljjgda.dll
C:\WINDOWS\system32\mxsvxgjs.dll
C:\WINDOWS\system32\mxsvxgjs.dllbox
C:\WINDOWS\system32\Mz08r
C:\WINDOWS\system32\Mz08r\Mz08r1099.exe
C:\WINDOWS\system32\nwinmldq.exe
C:\WINDOWS\system32\oddxkmvb.dll
C:\WINDOWS\system32\orwabwtm.exe
C:\WINDOWS\system32\pogqyqag.dll
C:\WINDOWS\system32\sstts.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\sttss.bak1
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\ulyiiecf.dll
C:\WINDOWS\system32\vppyueqj.dll
C:\WINDOWS\system32\vvgeowbv.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-11 06:13 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-11-11 05:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-10 07:56 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-10 07:23 <DIR> d-------- C:\Documents and Settings\Samantha\.housecall6.6
2007-11-10 01:27 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-10 01:26 3,966 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-10 01:17 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-11-09 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-09 17:31 <DIR> d-------- C:\Program Files\CCleaner
2007-11-04 20:41 <DIR> d-------- C:\WINDOWS\system32\acespy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 16:22 --------- d-----w C:\Program Files\QuickTime
2007-11-11 16:22 --------- d-----w C:\Program Files\NetWaiting
2007-11-11 16:22 --------- d-----w C:\Program Files\iTunes
2007-11-11 16:22 --------- d-----w C:\Program Files\DellSupport
2007-11-10 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-10 13:21 --------- d-----w C:\Program Files\Viewpoint
2007-11-10 03:11 --------- d-----w C:\Program Files\Java
2007-11-04 20:29 --------- d-----w C:\Documents and Settings\Samantha\Application Data\Ruckus Network
2007-10-09 22:57 --------- d--h--w C:\Documents and Settings\Samantha\Application Data\Move Networks
2006-11-10 00:10 251 ----a-w C:\Program Files\wt3d.ini
2007-04-17 22:43:55 56 --sh--r C:\WINDOWS\system32\63B4F11BE8.sys
2007-04-17 22:43:55 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-11-11_13.40.35.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-01 22:53:28 176,195 ----a-w C:\WINDOWS\TEMP\IFF96D.EXE
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe
----a-w 28,176 2007-10-02 23:39:33 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 23:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 23:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 23:45]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-06 10:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 18:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2007-10-02 18:39]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2007-10-02 18:39]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-09-01 17:58]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-02 17:36:45]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 14:04:48]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstts.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92b0f2d4-903b-11dc-80a9-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL website\index.html

.
Contents of the 'Scheduled Tasks' folder
"2007-10-30 15:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 16:42:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 16:45:38 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-11 13:42
C:\ComboFix3.txt ... 2007-11-11 06:06
.
--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:18 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\TEMP\IFF96D.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Samantha\My Documents\hiJACK_BILL\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8823 bytes

#14 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:26 AM

Posted 11 November 2007 - 06:04 PM

Hi again,

OK, that's looking a lot better, there is a little work still to do, I missed one AWF entry for instance, and there's still a file hooking into Authentification Packages, but it's late here in the UK so I'll finish off tomorrow.
In the meantime though, please run this on-line scan:

Please navigate (using Internet Explorer, other browsers won't work) to the following site: http://support.f-secure.com/enu/home/ols.shtml

Scroll to the bottom of the page, and click Start Scan.

When prompted, choose to install the software. After the software has installed, click Accept. Click Custom Scan and check the option for Scan inside archives, then click Start. The necessary databases will then be downloaded, and the scan will then start automatically.

Please be patient as this scan will take a while to complete. If any infections are found then once the scan has finished, the "cleaning" screen will be displayed.

Choose Automatic cleaning (recommended).After cleaning has finished, then the Finish screen will be displayed.

Choose Show Report. In order to post the report, press CTRL+A on your keyboard to highlight all the text.

Then copy and paste that information into this thread.

jedi

Edited by jedi, 11 November 2007 - 06:05 PM.


#15 Bill Taggart

Bill Taggart
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:26 AM

Posted 11 November 2007 - 06:21 PM

Awesome - thanks for all you help - beer cetrainly owed! Cheers! I'll chat with you tommorow!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users