Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W1inmovieplugin / Shut Down End Program Request / Computer 1


  • Please log in to reply
16 replies to this topic

#1 Diablita

Diablita

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 08 May 2008 - 04:46 PM

I have a computer that has been infected with the W1inMoviePlugIn. Also exp1orer and e1xplorer. Everytime explorer is opened i get a message in italian leading me to a porn pop up. It is quite disturbing. When i shut down the computer, there is a task window telling me to end a program now "Brdr", I believe this is a virus as well. The computer overall is slow, but that may be due to the extensive memory usage. Please help me resolve these issues.


Ivette


Deckard's System Scanner v20071014.68
Run by CYNTHIA on 2008-05-08 15:32:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 3 Restore Point(s) --
3: 2008-05-08 20:25:43 UTC - RP665 - Deckard's System Scanner Restore Point
2: 2008-04-17 23:59:07 UTC - RP664 - Installed AVG 7.5
1: 2008-04-17 22:18:25 UTC - RP663 - Installed Ad-Aware 2007


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 248 MiB (512 MiB recommended).


-- HijackThis (run as CYNTHIA.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:59 PM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\system32\lkdsrngs.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\EACCEL~1\Station\station.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\CYNTHIA\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CYNTHIA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243C8AAE-6737-48CB-3423-4D71B70295CF} - C:\WINDOWS\system32\znj.dll
O2 - BHO: (no name) - {41993592-58BC-3E87-A3D0-7A94BD59535D} - (no file)
O2 - BHO: 0 - {4766D6C7-2CA3-4D5E-66BA-BE72FF2593E7} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O2 - BHO: (no name) - {C4EFE677-C3E9-4AD4-AC2D-D6ADB8F5840B} - C:\WINDOWS\system32\vturq.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {E393FA29-1FB8-3910-EC5B-3A76171805C3} - (no file)
O2 - BHO: (no name) - {E9BD0828-1FD9-410C-A50F-43EBE65D310F} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [{95-5D-D9-9D-ZN}] C:\WINDOWS\system32\lkdsrngs.exe CHD003
O4 - HKLM\..\Run: [RtC3 Cache Cleaner] C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\lkdsrngs.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O20 - AppInit_DLLs: inicfg32.dll,iniwin32.dll
O20 - Winlogon Notify: tuvwutt - tuvwutt.dll (file missing)
O20 - Winlogon Notify: vturq - C:\WINDOWS\system32\vturq.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 1: (no name) - C:\Program Files\Movie Maker\wuowuymeke.html
O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:AiWf...udio/tweety.gif
O24 - Desktop Component 3: (no name) - http://www.igualaonline.com/Galerias/tmp/igu11.jpg
O24 - Desktop Component 4: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 5: (no name) - file:///C:/DOCUME~1/CYNTHIA/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg

--
End of file - 10983 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 WinToolsSvc (WinTools for IE service) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-08 and 2008-05-08 -----------------------------

2008-04-18 12:24:12 0 d-------- C:\Documents and Settings\CYNTHIA\Application Data\Grisoft
2008-04-18 12:11:07 0 d-------- C:\Program Files\Trend Micro
2008-04-17 19:04:18 0 dr-h----- C:\$VAULT$.AVG
2008-04-17 19:01:59 0 d-------- C:\Documents and Settings\CYNTHIA\Application Data\AVG7
2008-04-17 19:01:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-17 18:59:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-17 18:59:33 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-17 17:19:08 0 d-------- C:\Program Files\Lavasoft
2008-04-17 17:18:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 17:17:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 17:16:58 0 d-------- C:\Program Files\KleinSoft


-- Find3M Report ---------------------------------------------------------------

2008-05-08 16:17:39 1595508 ---hs---- C:\WINDOWS\system32\qrutv.ini2
2008-05-08 14:50:03 0 d-------- C:\Documents and Settings\CYNTHIA\Application Data\COMCASTTOOLBAR
2008-04-18 12:31:21 0 d-------- C:\Program Files\Common Files\WinTools
2008-04-18 12:21:31 0 d-------- C:\Program Files\Viewpoint
2008-04-18 12:20:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-18 12:18:20 0 d-------- C:\Program Files\Screensavers.com
2008-04-17 20:21:09 0 d-------- C:\Program Files\WinPop
2008-04-17 20:21:08 0 d-------- C:\Program Files\Common Files\ruom
2008-04-17 20:21:07 0 d-------- C:\Program Files\Common Files
2008-04-17 19:04:23 0 d-------- C:\Documents and Settings\CYNTHIA\Application Data\ratorefaci
2008-04-17 18:49:10 0 d-------- C:\Program Files\Messenger
2008-04-17 18:27:57 0 d-------- C:\Program Files\Movie Maker


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{243C8AAE-6737-48CB-3423-4D71B70295CF}]
09/06/2007 08:47 AM 60928 --a------ C:\WINDOWS\system32\znj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41993592-58BC-3E87-A3D0-7A94BD59535D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4766D6C7-2CA3-4D5E-66BA-BE72FF2593E7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4EFE677-C3E9-4AD4-AC2D-D6ADB8F5840B}]
08/14/2007 06:53 PM 243808 --a------ C:\WINDOWS\system32\vturq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E393FA29-1FB8-3910-EC5B-3A76171805C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E9BD0828-1FD9-410C-A50F-43EBE65D310F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [12/14/2001 05:01 PM]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [05/27/2003 05:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/03/2005 01:32 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [04/19/2007 02:21 PM]
"@"="" []
"{95-5D-D9-9D-ZN}"="C:\WINDOWS\system32\lkdsrngs.exe" [08/14/2007 09:10 PM]
"RtC3 Cache Cleaner"="C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe" [08/18/2003 01:43 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/17/2008 07:00 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

C:\Documents and Settings\CYNTHIA\Start Menu\Programs\Startup\
TA_Start.lnk - C:\WINDOWS\system32\lkdsrngs.exe [8/14/2007 9:10:43 PM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [4/18/2008 12:27:41 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Program Files\Movie Maker\wuowuymeke.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwutt]
tuvwutt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturq]
C:\WINDOWS\system32\vturq.dll 08/14/2007 06:53 PM 243808 C:\WINDOWS\system32\vturq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=inicfg32.dll,iniwin32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aaou]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\adrotate.dll" DllVerify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrcopul.dll]
C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\YESENIA\Local Settings\Application Data\hrcopul.dll",vuljcec

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
ltmsg.exe 9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
"C:\Program Files\PDF Complete\pdfsty.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
C:\WINDOWS\pop06ap2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpsxmf]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
"C:\Program Files\eAcceleration\Station\station.exe" /b Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0229843.dll]
RUNDLL32.EXE w0229843.dll,I2 0007168000229843

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2008-05-08 16:20:42 ------------






Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 247.48 MiB / 68.85 MiB
Pagefile Memory (total/avail): 606.65 MiB / 173.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.92 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 24.25 GiB free.
D: is CDROM (No Media)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST340015A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

\\.\PHYSICALDRIVE1 - USB 2.0 Flash Disk USB Device - 964.84 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 967.48 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\America Online 9.0b\\waol.exe"="C:\\Program Files\\America Online 9.0b\\waol.exe:*:Enabled:America Online 9.0b"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2b4.1.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2b4.1.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2a4.1.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2a4.1.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2ok.2.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2ok.2.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s1jg.2.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s1jg.2.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2ho.1.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2ho.1.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2tk.3.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s2tk.3.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s5s0.4.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s5s0.4.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s1ok.2.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s1ok.2.exe:*:Enabled:enable"
"C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s380.3.exe"="C:\\Documents and Settings\\CYNTHIA\\Local Settings\\Temp\\s380.3.exe:*:Enabled:enable"
"C:\\WINDOWS\\system32\\perzum.exe"="C:\\WINDOWS\\system32\\perzum.exe:*:Enabled:enable"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\ikmtxnml.exe"="C:\\WINDOWS\\system32\\ikm"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CYNTHIA\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HP20569286621
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CYNTHIA
LOGONSERVER=\\HP20569286621
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CYNTHIA\LOCALS~1\Temp
TMP=C:\DOCUME~1\CYNTHIA\LOCALS~1\Temp
USERDOMAIN=HP20569286621
USERNAME=CYNTHIA
USERPROFILE=C:\Documents and Settings\CYNTHIA
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

YESENIA (admin)
CYNTHIA (admin)
VIOLETA (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister
--> C:\PROGRA~1\ACCELE~1\StopSign\ss_uninst.exe
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
AIM Toolbar --> C:\Program Files\AIM Toolbar\uninstall.exe
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Management Programs --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{750DFF5E-C559-11D4-A441-00B0D0436EE7}\Setup.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Desktop Doctor --> MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
eAcceleration --> C:\PROGRA~1\COMMON~1\EACCEL~1\INSTAL~1\eaccelsetup.exe -AddRemove
Easy Access Button Support --> C:\Program Files\COMPAQ\Easy Access Button Support\Uninst.exe
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Home Search Assistent --> rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/HomeSearchAssistant.html
Icons --> C:\WINDOWS\system32\uninstIcn.exe
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Keyboarding Pro 4 --> C:\WINDOWS\unvise32.exe C:\Program Files\Keyboarding Pro\uninstal.log
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_9_b33ad\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.7 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Lucent Win Modem --> C:\WINDOWS\System32\ltremove.exe
Microsoft Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Standard for Students and Teachers --> MsiExec.exe /I{913D0409-6000-11D3-8CFE-0050048383C9}
Outerinfo --> "C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe"
PDF Complete --> C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Real World Training's Instant Accounting --> C:\WINDOWS\unvise32.exe C:\Program Files\Instant Accounting\uninstal.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RealTime Cookie & Cache Cleaner (RtC3) --> "C:\Program Files\KleinSoft\RtC3\unins000.exe"
Roll --> C:\WINDOWS\UniFish3.exe C:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Search Extender --> rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/SearchExtender.html
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shopping Wizard --> rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/ShoppingWizard.html
Software Setup --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
TargetSaver --> C:\WINDOWS\system32\tsuninst.exe /u
Trend Micro Anti-Spyware --> C:\Program Files\Trend Micro\Tmasy\tmasy.exe -uninstall
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type3150 / Error
Event Submitted/Written: 04/18/2008 00:16:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Aolunins_us.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3149 / Error
Event Submitted/Written: 04/18/2008 00:16:23 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Aolunins_us.exe, version 1.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3130 / Error
Event Submitted/Written: 04/17/2008 06:33:22 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ad-aware2007.exe, version 7.0.2.7, faulting module ad-aware2007.exe, version 7.0.2.7, fault address 0x0009691a.
Processing media-specific event for [ad-aware2007.exe!ws!]

Event Record #/Type3129 / Error
Event Submitted/Written: 04/17/2008 06:28:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aawservice.exe, version 7.0.2.7, faulting module CEAPI.dll, version 7.0.2.6, fault address 0x000529f0.
Processing media-specific event for [aawservice.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type561 / Error
Event Submitted/Written: 05/08/2008 01:55:49 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type543 / Error
Event Submitted/Written: 05/08/2008 01:53:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The WinTools for IE service service failed to start due to the following error:
%%3

Event Record #/Type542 / Error
Event Submitted/Written: 05/08/2008 01:53:07 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScriptBlocking Service service failed to start due to the following error:
%%3

Event Record #/Type541 / Warning
Event Submitted/Written: 05/08/2008 01:51:12 PM / 05/08/2008 01:51:41 PM
Event ID/Source: 4 / b57w2k
Event Description:
Broadcom NetXtreme Gigabit Ethernet for hp: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type535 / Error
Event Submitted/Written: 04/18/2008 00:31:16 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The WinTools for IE service service terminated unexpectedly. It has done this 1 time(s).



-- End of Deckard's System Scanner: finished at 2008-05-08 16:20:42 ------------

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 May 2008 - 08:37 AM

Diablita

Sorry for the delay

Could you Post a fresh Hiajckthis log please?
Posted Image
Microsoft MVP - Windows Security

#3 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 May 2008 - 01:16 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:43 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\windows\system32\dwdsrngt.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\EACCEL~1\Station\station.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {41993592-58BC-3E87-A3D0-7A94BD59535D} - (no file)
O2 - BHO: 0 - {4766D6C7-2CA3-4D5E-66BA-BE72FF2593E7} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O2 - BHO: (no name) - {E393FA29-1FB8-3910-EC5B-3A76171805C3} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [{95-5D-D9-9D-ZN}] C:\windows\system32\dwdsrngt.exe CHD003
O4 - HKLM\..\Run: [RtC3 Cache Cleaner] C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsrngt.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse0.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O20 - AppInit_DLLs: inicfg32.dll,iniwin32.dll,
O20 - Winlogon Notify: tuvwutt - tuvwutt.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 1: (no name) - C:\Program Files\Movie Maker\wuowuymeke.html
O24 - Desktop Component 2: (no name) - http://images.google.com/images?q=tbn:AiWf...udio/tweety.gif
O24 - Desktop Component 3: (no name) - http://www.igualaonline.com/Galerias/tmp/igu11.jpg
O24 - Desktop Component 4: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 5: (no name) - file:///C:/DOCUME~1/CYNTHIA/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg

--
End of file - 10711 bytes

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 May 2008 - 01:30 PM

Diablita

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#5 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 23 May 2008 - 02:15 PM

ComboFix 08-05-21.3 - CYNTHIA 2008-05-23 13:45:22.1 - NTFSx86
Running from: C:\Documents and Settings\CYNTHIA\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\CYNTHIA\Application Data\ICROSO~1
C:\Documents and Settings\CYNTHIA\My Documents\ASKS~1
C:\Documents and Settings\CYNTHIA\My Documents\ASKS~1\w?aclt.exe
C:\Documents and Settings\CYNTHIA\My Documents\FNTS~1
C:\Documents and Settings\CYNTHIA\Start Menu\Programs\Startup\ta_start.lnk
C:\Program Files\Movie Maker\wuowuymeke.html
C:\Program Files\sembly~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\bass.exe
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\cvzrk.dat
C:\WINDOWS\eukol.dat
C:\WINDOWS\gyegn.dat
C:\WINDOWS\hgivh.dat
C:\WINDOWS\jtqfa.dat
C:\WINDOWS\kehou.dat
C:\WINDOWS\kfike.dat
C:\WINDOWS\qsesp.dat
C:\WINDOWS\sxtvn.dat
C:\WINDOWS\system32\ascwo.dat
C:\WINDOWS\system32\cacbhinx.ini
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\curity~1\??curity\
C:\WINDOWS\system32\dczam.dat
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dwdsrngt.exe
C:\WINDOWS\system32\eksqc.dat
C:\WINDOWS\system32\emurl.dat
C:\WINDOWS\system32\flevw.dat
C:\WINDOWS\system32\gebid.dat
C:\WINDOWS\system32\gpyit.dat
C:\WINDOWS\system32\gqiys.dat
C:\WINDOWS\system32\hpbroeom.ini
C:\WINDOWS\system32\ijdqp.dat
C:\WINDOWS\system32\jffveunh.ini
C:\WINDOWS\system32\jzbuw.dat
C:\WINDOWS\system32\lqnwy.dat
C:\WINDOWS\system32\lwxdg.dat
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nirhogck.ini
C:\WINDOWS\system32\nodeipproc.dll
C:\WINDOWS\system32\nufhh.dat
C:\WINDOWS\system32\oklui.dat
C:\WINDOWS\system32\ovetwjhl.ini
C:\WINDOWS\system32\qevgyxnm.ini
C:\WINDOWS\system32\rtjmpoec.ini
C:\WINDOWS\system32\tsks~1
C:\WINDOWS\system32\uninsticn.exe
C:\WINDOWS\system32\vibvdwmi.ini
C:\WINDOWS\system32\vsjnylcn.ini
C:\WINDOWS\system32\vwqlvwnl.ini
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\wintsvsu.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\xmrdsdit.ini
C:\WINDOWS\system32\ybuswune.ini
C:\WINDOWS\ukukb.dat
C:\WINDOWS\xpona.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-12 13:54 . 2008-05-12 13:54 <DIR> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 13:53 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 22:49 . 2008-05-11 22:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-08 15:23 . 2008-05-08 15:23 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-23 18:04 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\AVG7
2008-05-12 03:54 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\COMCASTTOOLBAR
2008-04-18 17:31 --------- d-----w C:\Program Files\Common Files\WinTools
2008-04-18 17:27 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-18 17:27 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 17:24 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\Grisoft
2008-04-18 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 17:21 --------- d-----w C:\Program Files\Viewpoint
2008-04-18 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 01:21 --------- d-----w C:\Program Files\Common Files\ruom
2008-04-18 00:04 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\ratorefaci
2008-04-18 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 00:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-17 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-17 22:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 22:16 --------- d-----w C:\Program Files\KleinSoft
2006-07-09 01:27 0 -c--a-w C:\Documents and Settings\CYNTHIA\Application Data\internaldb41.dat
2004-11-21 18:58 40 -c--a-w C:\Documents and Settings\Guest\language.dat
2004-06-19 22:21 30,920 -c--a-w C:\Documents and Settings\CYNTHIA\Application Data\GDIPFONTCACHEV1.DAT
2004-11-05 09:36 56,320 -csha-w C:\WINDOWS\azykm.dll
2005-01-26 09:09 11,592 -csha-w C:\WINDOWS\bcknr.dat
2004-11-07 15:16 11,591 -csha-w C:\WINDOWS\bgehr.dat
2004-10-18 09:18 56,320 -csha-w C:\WINDOWS\cxdaw.dll
2004-11-04 08:02 3,347 -csha-w C:\WINDOWS\dkqap.dat
2004-12-27 14:52 3,537 -csha-w C:\WINDOWS\fplmr.dat
2005-01-11 15:21 11,592 -csha-w C:\WINDOWS\hlqmc.dat
2004-12-21 23:09 0 -csha-w C:\WINDOWS\ljoyo.dat
2004-12-03 22:23 0 -csha-w C:\WINDOWS\mlqgt.dll
2004-10-24 18:02 56,320 -csha-w C:\WINDOWS\mquhj.dll
2005-01-01 08:00 11,592 -csha-w C:\WINDOWS\ofkkm.dat
2004-11-08 19:31 11,591 -csha-w C:\WINDOWS\pgoaj.dat
2004-11-10 20:26 11,591 -csha-w C:\WINDOWS\tkuwk.dat
2004-12-16 17:34 11,591 -csha-w C:\WINDOWS\wjeoi.dat
2005-01-02 12:49 3,547 -csha-w C:\WINDOWS\xljta.dat
2004-11-29 23:40 11,591 -csha-w C:\WINDOWS\zsvho.dat
2005-03-29 23:40 32 -csha-w C:\WINDOWS\{D41FC78C-C475-4D72-B13E-7CA091BF6655}.dat
2004-10-29 13:45 56,320 -csha-w C:\WINDOWS\system32\auksz.dll
2004-12-12 18:37 3,347 -csha-w C:\WINDOWS\system32\axlfq.dat
2004-12-20 13:31 11,591 -csha-w C:\WINDOWS\system32\bcznw.dat
2005-01-03 11:14 3,347 -csha-w C:\WINDOWS\system32\blulx.dat
2004-11-23 21:17 3,347 -csha-w C:\WINDOWS\system32\ctbev.dat
2004-11-12 08:03 11,591 -csha-w C:\WINDOWS\system32\dcoxr.dat
2004-12-31 06:22 0 -csha-w C:\WINDOWS\system32\dpvog.dat
2004-12-11 18:55 3,547 -csha-w C:\WINDOWS\system32\ecnso.dat
2005-01-21 00:32 3,537 -csha-w C:\WINDOWS\system32\evwcc.dat
2004-11-10 10:40 0 -csha-w C:\WINDOWS\system32\eydws.dll
2005-01-23 00:26 3,567 -csha-w C:\WINDOWS\system32\fhtvf.dat
2005-01-13 09:46 11,592 -csha-w C:\WINDOWS\system32\gbfle.dat
2004-10-17 18:20 56,320 -csha-w C:\WINDOWS\system32\gexpl.dll
2005-01-16 06:39 0 -csha-w C:\WINDOWS\system32\gpnju.dll
2004-11-22 10:18 11,591 -csha-w C:\WINDOWS\system32\grhql.dat
2005-01-21 22:12 0 -csha-w C:\WINDOWS\system32\hxora.dat
2004-11-05 02:41 3,362 -csha-w C:\WINDOWS\system32\ikaex.dat
2005-01-11 03:19 11,591 -csha-w C:\WINDOWS\system32\jnxrw.dat
2004-10-16 05:25 11,591 -csha-w C:\WINDOWS\system32\kqatn.dat
2004-11-08 15:45 11,591 -csha-w C:\WINDOWS\system32\krzph.dat
2004-11-28 11:14 11,591 -csha-w C:\WINDOWS\system32\lbgvj.dat
2004-10-25 15:14 11,591 -csha-w C:\WINDOWS\system32\lleqt.dat
2005-01-12 07:37 11,591 -csha-w C:\WINDOWS\system32\mdpyw.dat
2005-01-15 05:48 3,567 -csha-w C:\WINDOWS\system32\mtfra.dat
2004-10-18 16:30 11,591 -csha-w C:\WINDOWS\system32\nyeuv.dat
2004-11-01 10:01 3,362 -csha-w C:\WINDOWS\system32\ptkti.dat
2004-12-08 01:31 0 -csha-w C:\WINDOWS\system32\qcdhy.dll
2004-11-09 12:18 3,347 -csha-w C:\WINDOWS\system32\qcmct.dat
2004-11-04 03:45 56,320 -csha-w C:\WINDOWS\system32\qgltf.dll
2004-11-08 01:29 11,591 -csha-w C:\WINDOWS\system32\sggbm.dat
2004-12-05 12:41 3,347 -csha-w C:\WINDOWS\system32\sscrt.dat
2004-12-03 00:48 0 -csha-w C:\WINDOWS\system32\sttuc.dll
2004-11-01 02:01 3,347 -csha-w C:\WINDOWS\system32\vnckz.dat
2004-11-08 02:11 3,347 -csha-w C:\WINDOWS\system32\wuwqk.dat
2004-11-10 04:40 0 -csha-w C:\WINDOWS\system32\xbltx.dll
2004-12-23 08:19 3,347 -csha-w C:\WINDOWS\system32\xhobm.dat
2004-10-09 07:28 3,362 -csha-w C:\WINDOWS\system32\xqzyp.dat
2004-11-22 02:39 11,591 -csha-w C:\WINDOWS\system32\yybpe.dat
2004-10-14 01:16 3,362 -csha-w C:\WINDOWS\system32\zuqdd.dat
2005-03-29 23:40 32 -csha-w C:\WINDOWS\system32\{8CC45D60-D354-479D-A24C-3BA5B0BA6455}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\WUVTRU5JQSA\qopnlocLkmE.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 17:01 32768]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [2003-05-27 05:00 99840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-03 13:32 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"{95-5D-D9-9D-ZN}"="C:\windows\system32\dwdsrngt.exe" [ ]
"RtC3 Cache Cleaner"="C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe" [2003-08-18 01:43 12288]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 19:00 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-17 19:00 219136]

C:\Documents and Settings\CYNTHIA\Start Menu\Programs\Startup\
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2008-04-18 12:27:41 1406480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwutt]
tuvwutt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aaou]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
C:\WINDOWS\system32\adrotate.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 07:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 08:19 118784 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrcopul.dll]
C:\Documents and Settings\YESENIA\Local Settings\Application Data\hrcopul.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 08:37 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-22 09:54 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 04:38 38912 C:\WINDOWS\system32\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2003-06-06 10:46 167936 C:\Program Files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
C:\WINDOWS\pop06ap2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpsxmf]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-04-04 13:40 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 13:01 525824 C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
--------- 2006-04-07 13:42 161440 C:\Program Files\eAcceleration\Station\station.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 16:34 36864 C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-08-19 20:23 32873 C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-07-03 13:32 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0229843.dll]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 12:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 13:58:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\River Sumida.bmp:oatpb 56320 bytes executable
C:\WINDOWS\jwlzg.dll:uasvp 56320 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\COMPAQ\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2008-05-23 14:12:04 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 19:11:53

Pre-Run: 25,967,833,088 bytes free
Post-Run: 25,958,219,776 bytes free

295 --- E O F --- 2007-09-08 15:42:09

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 23 May 2008 - 09:06 PM

Diablita

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (not the word code)
File::
C:\Documents and Settings\CYNTHIA\Application Data\internaldb41.dat
C:\WINDOWS\azykm.dll
C:\WINDOWS\bcknr.dat
C:\WINDOWS\bgehr.dat
C:\WINDOWS\cxdaw.dll
C:\WINDOWS\dkqap.dat
C:\WINDOWS\fplmr.dat
C:\WINDOWS\hlqmc.dat
C:\WINDOWS\ljoyo.dat
C:\WINDOWS\mlqgt.dll
C:\WINDOWS\mquhj.dll
C:\WINDOWS\ofkkm.dat
C:\WINDOWS\pgoaj.dat
C:\WINDOWS\tkuwk.dat
C:\WINDOWS\wjeoi.dat
C:\WINDOWS\xljta.dat
C:\WINDOWS\zsvho.dat
C:\WINDOWS\system32\auksz.dll
C:\WINDOWS\system32\axlfq.dat
C:\WINDOWS\system32\bcznw.dat
C:\WINDOWS\system32\blulx.dat
C:\WINDOWS\system32\ctbev.dat
C:\WINDOWS\system32\dcoxr.dat
C:\WINDOWS\system32\dpvog.dat
C:\WINDOWS\system32\ecnso.dat
C:\WINDOWS\system32\evwcc.dat
C:\WINDOWS\system32\eydws.dll
C:\WINDOWS\system32\fhtvf.dat
C:\WINDOWS\system32\gbfle.dat
C:\WINDOWS\system32\gexpl.dll
C:\WINDOWS\system32\gpnju.dll
C:\WINDOWS\system32\grhql.dat
C:\WINDOWS\system32\hxora.dat
C:\WINDOWS\system32\ikaex.dat
C:\WINDOWS\system32\jnxrw.dat
C:\WINDOWS\system32\kqatn.dat
C:\WINDOWS\system32\krzph.dat
C:\WINDOWS\system32\lbgvj.dat
C:\WINDOWS\system32\lleqt.dat
C:\WINDOWS\system32\mdpyw.dat
C:\WINDOWS\system32\mtfra.dat
C:\WINDOWS\system32\nyeuv.dat
C:\WINDOWS\system32\ptkti.dat
C:\WINDOWS\system32\qcdhy.dll
C:\WINDOWS\system32\qcmct.dat
C:\WINDOWS\system32\qgltf.dll
C:\WINDOWS\system32\sggbm.dat
C:\WINDOWS\system32\sscrt.dat
C:\WINDOWS\system32\sttuc.dll
C:\WINDOWS\system32\vnckz.dat
C:\WINDOWS\system32\wuwqk.dat
C:\WINDOWS\system32\xbltx.dll
C:\WINDOWS\system32\xhobm.dat
C:\WINDOWS\system32\xqzyp.dat
C:\WINDOWS\system32\yybpe.dat
C:\WINDOWS\system32\zuqdd.dat

Folder::
C:\Program Files\Common Files\WinTools
C:\Documents and Settings\CYNTHIA\Application Data\ratorefaci
C:\Program Files\Common Files\ruom

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{95-5D-D9-9D-ZN}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvwutt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aaou]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adstart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eZWO]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrcopul.dll]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irssyncd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pop06ap]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpsxmf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHBundle]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w0229843.dll]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

Posted Image
Microsoft MVP - Windows Security

#7 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 25 May 2008 - 01:38 PM

ComboFix 08-05-21.3 - CYNTHIA 2008-05-25 13:24:01.2 - NTFSx86
Running from: C:\Documents and Settings\CYNTHIA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CYNTHIA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\CYNTHIA\Application Data\internaldb41.dat
C:\WINDOWS\azykm.dll
C:\WINDOWS\bcknr.dat
C:\WINDOWS\bgehr.dat
C:\WINDOWS\cxdaw.dll
C:\WINDOWS\dkqap.dat
C:\WINDOWS\fplmr.dat
C:\WINDOWS\hlqmc.dat
C:\WINDOWS\ljoyo.dat
C:\WINDOWS\mlqgt.dll
C:\WINDOWS\mquhj.dll
C:\WINDOWS\ofkkm.dat
C:\WINDOWS\pgoaj.dat
C:\WINDOWS\system32\auksz.dll
C:\WINDOWS\system32\axlfq.dat
C:\WINDOWS\system32\bcznw.dat
C:\WINDOWS\system32\blulx.dat
C:\WINDOWS\system32\ctbev.dat
C:\WINDOWS\system32\dcoxr.dat
C:\WINDOWS\system32\dpvog.dat
C:\WINDOWS\system32\ecnso.dat
C:\WINDOWS\system32\evwcc.dat
C:\WINDOWS\system32\eydws.dll
C:\WINDOWS\system32\fhtvf.dat
C:\WINDOWS\system32\gbfle.dat
C:\WINDOWS\system32\gexpl.dll
C:\WINDOWS\system32\gpnju.dll
C:\WINDOWS\system32\grhql.dat
C:\WINDOWS\system32\hxora.dat
C:\WINDOWS\system32\ikaex.dat
C:\WINDOWS\system32\jnxrw.dat
C:\WINDOWS\system32\kqatn.dat
C:\WINDOWS\system32\krzph.dat
C:\WINDOWS\system32\lbgvj.dat
C:\WINDOWS\system32\lleqt.dat
C:\WINDOWS\system32\mdpyw.dat
C:\WINDOWS\system32\mtfra.dat
C:\WINDOWS\system32\nyeuv.dat
C:\WINDOWS\system32\ptkti.dat
C:\WINDOWS\system32\qcdhy.dll
C:\WINDOWS\system32\qcmct.dat
C:\WINDOWS\system32\qgltf.dll
C:\WINDOWS\system32\sggbm.dat
C:\WINDOWS\system32\sscrt.dat
C:\WINDOWS\system32\sttuc.dll
C:\WINDOWS\system32\vnckz.dat
C:\WINDOWS\system32\wuwqk.dat
C:\WINDOWS\system32\xbltx.dll
C:\WINDOWS\system32\xhobm.dat
C:\WINDOWS\system32\xqzyp.dat
C:\WINDOWS\system32\yybpe.dat
C:\WINDOWS\system32\zuqdd.dat
C:\WINDOWS\tkuwk.dat
C:\WINDOWS\wjeoi.dat
C:\WINDOWS\xljta.dat
C:\WINDOWS\zsvho.dat
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\CYNTHIA\Application Data\internaldb41.dat
C:\Documents and Settings\CYNTHIA\Application Data\ratorefaci
C:\Documents and Settings\CYNTHIA\Application Data\ratorefaci\disinstalla.htm
C:\Program Files\Common Files\ruom
C:\Program Files\Common Files\ruom\ruoma.lck
C:\Program Files\Common Files\ruom\ruomh
C:\Program Files\Common Files\ruom\ruoml.lck
C:\Program Files\Common Files\ruom\ruomm.lck
C:\Program Files\Common Files\WinTools
C:\Program Files\Common Files\WinTools\WToolsP.cfg
C:\WINDOWS\azykm.dll
C:\WINDOWS\bcknr.dat
C:\WINDOWS\bgehr.dat
C:\WINDOWS\cxdaw.dll
C:\WINDOWS\dkqap.dat
C:\WINDOWS\fplmr.dat
C:\WINDOWS\hlqmc.dat
C:\WINDOWS\ljoyo.dat
C:\WINDOWS\mlqgt.dll
C:\WINDOWS\mquhj.dll
C:\WINDOWS\ofkkm.dat
C:\WINDOWS\pgoaj.dat
C:\WINDOWS\system32\auksz.dll
C:\WINDOWS\system32\axlfq.dat
C:\WINDOWS\system32\bcznw.dat
C:\WINDOWS\system32\blulx.dat
C:\WINDOWS\system32\ctbev.dat
C:\WINDOWS\system32\dcoxr.dat
C:\WINDOWS\system32\dpvog.dat
C:\WINDOWS\system32\ecnso.dat
C:\WINDOWS\system32\evwcc.dat
C:\WINDOWS\system32\eydws.dll
C:\WINDOWS\system32\fhtvf.dat
C:\WINDOWS\system32\gbfle.dat
C:\WINDOWS\system32\gexpl.dll
C:\WINDOWS\system32\gpnju.dll
C:\WINDOWS\system32\grhql.dat
C:\WINDOWS\system32\hxora.dat
C:\WINDOWS\system32\ikaex.dat
C:\WINDOWS\system32\jnxrw.dat
C:\WINDOWS\system32\kqatn.dat
C:\WINDOWS\system32\krzph.dat
C:\WINDOWS\system32\lbgvj.dat
C:\WINDOWS\system32\lleqt.dat
C:\WINDOWS\system32\mdpyw.dat
C:\WINDOWS\system32\mtfra.dat
C:\WINDOWS\system32\nyeuv.dat
C:\WINDOWS\system32\ptkti.dat
C:\WINDOWS\system32\qcdhy.dll
C:\WINDOWS\system32\qcmct.dat
C:\WINDOWS\system32\qgltf.dll
C:\WINDOWS\system32\sggbm.dat
C:\WINDOWS\system32\sscrt.dat
C:\WINDOWS\system32\sttuc.dll
C:\WINDOWS\system32\vnckz.dat
C:\WINDOWS\system32\wuwqk.dat
C:\WINDOWS\system32\xbltx.dll
C:\WINDOWS\system32\xhobm.dat
C:\WINDOWS\system32\xqzyp.dat
C:\WINDOWS\system32\yybpe.dat
C:\WINDOWS\system32\zuqdd.dat
C:\WINDOWS\tkuwk.dat
C:\WINDOWS\wjeoi.dat
C:\WINDOWS\xljta.dat
C:\WINDOWS\zsvho.dat

.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.

2008-05-12 13:54 . 2008-05-12 13:54 <DIR> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 13:53 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 22:49 . 2008-05-11 22:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-08 15:23 . 2008-05-08 15:23 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 18:07 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\AVG7
2008-05-12 03:54 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\COMCASTTOOLBAR
2008-04-18 17:27 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-18 17:27 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 17:24 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\Grisoft
2008-04-18 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 17:21 --------- d-----w C:\Program Files\Viewpoint
2008-04-18 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 00:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-17 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-17 22:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 22:16 --------- d-----w C:\Program Files\KleinSoft
2004-11-21 18:58 40 -c--a-w C:\Documents and Settings\Guest\language.dat
2004-06-19 22:21 30,920 -c--a-w C:\Documents and Settings\CYNTHIA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-29 23:40 32 -csha-w C:\WINDOWS\{D41FC78C-C475-4D72-B13E-7CA091BF6655}.dat
2005-03-29 23:40 32 -csha-w C:\WINDOWS\system32\{8CC45D60-D354-479D-A24C-3BA5B0BA6455}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\WUVTRU5JQSA\qopnlocLkmE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_14.11.20.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-23 18:56:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 18:05:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 17:01 32768]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [2003-05-27 05:00 99840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-03 13:32 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"RtC3 Cache Cleaner"="C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe" [2003-08-18 01:43 12288]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 19:00 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-17 19:00 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 07:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 08:19 118784 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 08:37 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-22 09:54 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 04:38 38912 C:\WINDOWS\system32\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2003-06-06 10:46 167936 C:\Program Files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-04-04 13:40 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 13:01 525824 C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
--------- 2006-04-07 13:42 161440 C:\Program Files\eAcceleration\Station\station.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 16:34 36864 C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-08-19 20:23 32873 C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-07-03 13:32 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 12:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=


.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-25 13:29:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\River Sumida.bmp:oatpb 56320 bytes executable
C:\WINDOWS\jwlzg.dll:uasvp 56320 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-05-25 13:35:53
ComboFix-quarantined-files.txt 2008-05-25 18:35:48
ComboFix2.txt 2008-05-23 19:12:09

Pre-Run: 25,959,731,200 bytes free
Post-Run: 25,945,956,352 bytes free

264 --- E O F --- 2007-09-08 15:42:09

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 26 May 2008 - 08:25 AM

Diablita

Good work

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan
Posted Image
Microsoft MVP - Windows Security

#9 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 26 May 2008 - 02:19 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 2:17:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 800955
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 181182
Number of viruses found: 36
Number of infected objects: 99
Number of suspicious objects: 0
Duration of the scan process: 01:18:31

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080508153242\backup\DOCUME~1\CYNTHIA\LOCALS~1\Temp\aupd.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.EZula.cn skipped
C:\Deckard\System Scanner\20080508153242\backup\DOCUME~1\CYNTHIA\LOCALS~1\Temp\aupd.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cn skipped
C:\Deckard\System Scanner\20080508153242\backup\DOCUME~1\CYNTHIA\LOCALS~1\Temp\aupd.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\3OBCZAWF.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\66ReVUQ1.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\aupd.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.EZula.cn skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\aupd.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cn skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\aupd.exe NSIS: infected - 2 skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\Ayim0mID.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\cpThxwBf.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\DenpJamS.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\dwXzJm4o.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\nmv1Dj5x.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\PoxCKEsX.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\Qjt3y4ys.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Deckard\System Scanner\backup\WINDOWS\temp\vq1tzOPb.exe Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\75c4b004b8a56e7c5e0ea1960b4bd466_c3e3ea8a-ac17-49a4-ad4f-34c5b997d13d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\ddoctorv2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D9C3E2C.exe Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\Documents and Settings\CYNTHIA\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.77837 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Documents and Settings\CYNTHIA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\CYNTHIA\Desktop\YESENIA\My Documents\ѕеcurity\msconfig.exe Object is locked skipped
C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\CYNTHIA\Local Settings\Application Data\SupportSoft\ddoctorv2\CYNTHIA\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\CYNTHIA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CYNTHIA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\CYNTHIA\ntuser.dat Object is locked skipped
C:\Documents and Settings\CYNTHIA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Movie Maker\wuowuymeke.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir/data0003/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir/data0004 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir/data0005 Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\QooBox\Quarantine\C\temp\bass.exe.vir NSIS: infected - 5 skipped
C:\QooBox\Quarantine\C\WINDOWS\azykm.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\cxdaw.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\mquhj.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\auksz.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gexpl.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nodeipproc.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qgltf.dll.vir Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138904.dll Infected: not-a-virus:AdWare.Win32.E2Give.d skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138906.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138908.dll Infected: not-a-virus:AdWare.Win32.BHO.bh skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138923.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138940.dll Infected: not-a-virus:AdWare.Win32.E2Give.e skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138941.dll Infected: not-a-virus:AdWare.Win32.E2Give.e skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138944.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138945.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138946.exe Infected: not-a-virus:AdWare.Win32.Wintol.af skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138947.dll Infected: not-a-virus:AdWare.Win32.Wintol.al skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP663\A1138964.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP664\A1140195.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP664\A1140227.dll Infected: not-a-virus:AdWare.Win32.EZula.cn skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP664\A1140270.exe Infected: not-a-virus:AdWare.Win32.Wintol.ah skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP665\A1140764.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP665\A1140764.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP665\A1140764.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP665\A1140764.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP665\A1140765.dll Infected: not-a-virus:AdWare.Win32.SideFind skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141859.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141861.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141862.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141866.exe Infected: not-a-virus:AdWare.Win32.NetNucleus skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP666\A1141916.dll Object is locked skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP668\A1141937.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP668\A1141942.dll Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142048.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142049.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142051.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142052.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142054.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\A1142057.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\System Volume Information\_restore{FAF3A79F-981E-49D5-8191-87F38A83E320}\RP669\change.log Object is locked skipped
C:\temp\FLEOK\salm.exe Infected: not-a-virus:AdWare.Win32.180Solutions.x skipped
C:\temp\sahagent-cdt1004.exe Infected: not-a-virus:AdWare.Win32.Sahat.m skipped
C:\WINDOWS\chadch.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe NSIS: infected - 2 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\WINDOWS\geder.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\jwlzg.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\jwlzg.dll:uasvp:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\kcjlq.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\nfrzh.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\petcc.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\qplpq.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\River Sumida.bmp:oatpb:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cdlriisu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\fpweudja.exe Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iherawlf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\irismon.dll Infected: not-a-virus:AdWare.Win32.SafeSurfing.a skipped
C:\WINDOWS\system32\lkdsrngs.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\WINDOWS\system32\msxml3a.dll Object is locked skipped
C:\WINDOWS\system32\nsh4.dll Infected: not-a-virus:AdWare.Win32.EZula.cr skipped
C:\WINDOWS\system32\oneabwbr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\pjjgnkvd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tpgaycjh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wgdkadeb.exe Object is locked skipped
C:\WINDOWS\system32\WinDmy.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\WINDOWS\system32\Winwcd.dll Infected: not-a-virus:AdWare.Win32.Agent.ahh skipped
C:\WINDOWS\system32\xunuimfb.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\yawifvft.exe Object is locked skipped
C:\WINDOWS\system32\ycugplpx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\yxdeoqkl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\vesgo.dll Infected: Trojan-Downloader.Win32.WinShow.ak skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 26 May 2008 - 02:46 PM

Diablita

We are going to make another CFScript file.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad
File::
C:\temp\FLEOK\salm.exe
C:\temp\sahagent-cdt1004.exe 
C:\WINDOWS\chadch.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll 
C:\WINDOWS\geder.dll
C:\WINDOWS\jwlzg.dll
C:\WINDOWS\jwlzg.dll
C:\WINDOWS\kcjlq.dll
C:\WINDOWS\nfrzh.dll
C:\WINDOWS\petcc.dll
C:\WINDOWS\qplpq.dll
C:\WINDOWS\River Sumida.bmp
C:\WINDOWS\system32\fpweudja.exe
C:\WINDOWS\system32\iherawlf.exe
C:\WINDOWS\system32\irismon.dll
C:\WINDOWS\system32\lkdsrngs.exe
C:\WINDOWS\system32\nsh4.dll
C:\WINDOWS\system32\oneabwbr.exe
C:\WINDOWS\system32\pjjgnkvd.exe
C:\WINDOWS\system32\tpgaycjh.exe
C:\WINDOWS\system32\wgdkadeb.exe
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32\Winwcd.dll
C:\WINDOWS\system32\xunuimfb.exe
C:\WINDOWS\system32\yawifvft.exe
C:\WINDOWS\system32\ycugplpx.exe
C:\WINDOWS\system32\yxdeoqkl.exe
C:\WINDOWS\vesgo.dll

Folder::
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\temp\FLEOK
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#11 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 27 May 2008 - 12:21 AM

ComboFix 08-05-21.3 - CYNTHIA 2008-05-26 23:46:08.3 - NTFSx86
Running from: C:\Documents and Settings\CYNTHIA\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CYNTHIA\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\temp\FLEOK\salm.exe
C:\temp\sahagent-cdt1004.exe
C:\WINDOWS\chadch.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
C:\WINDOWS\geder.dll
C:\WINDOWS\jwlzg.dll
C:\WINDOWS\kcjlq.dll
C:\WINDOWS\nfrzh.dll
C:\WINDOWS\petcc.dll
C:\WINDOWS\qplpq.dll
C:\WINDOWS\River Sumida.bmp
C:\WINDOWS\system32\fpweudja.exe
C:\WINDOWS\system32\iherawlf.exe
C:\WINDOWS\system32\irismon.dll
C:\WINDOWS\system32\lkdsrngs.exe
C:\WINDOWS\system32\nsh4.dll
C:\WINDOWS\system32\oneabwbr.exe
C:\WINDOWS\system32\pjjgnkvd.exe
C:\WINDOWS\system32\tpgaycjh.exe
C:\WINDOWS\system32\wgdkadeb.exe
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32\Winwcd.dll
C:\WINDOWS\system32\xunuimfb.exe
C:\WINDOWS\system32\yawifvft.exe
C:\WINDOWS\system32\ycugplpx.exe
C:\WINDOWS\system32\yxdeoqkl.exe
C:\WINDOWS\vesgo.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\temp\FLEOK
C:\temp\FLEOK\salm.exe
C:\temp\sahagent-cdt1004.exe
C:\WINDOWS\chadch.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf
C:\WINDOWS\geder.dll
C:\WINDOWS\jwlzg.dll
C:\WINDOWS\kcjlq.dll
C:\WINDOWS\nfrzh.dll
C:\WINDOWS\petcc.dll
C:\WINDOWS\qplpq.dll
C:\WINDOWS\River Sumida.bmp
C:\WINDOWS\system32\fpweudja.exe
C:\WINDOWS\system32\iherawlf.exe
C:\WINDOWS\system32\irismon.dll
C:\WINDOWS\system32\lkdsrngs.exe
C:\WINDOWS\system32\nsh4.dll
C:\WINDOWS\system32\oneabwbr.exe
C:\WINDOWS\system32\pjjgnkvd.exe
C:\WINDOWS\system32\tpgaycjh.exe
C:\WINDOWS\system32\wgdkadeb.exe
C:\WINDOWS\system32\WinDmy.dll
C:\WINDOWS\system32\Winwcd.dll
C:\WINDOWS\system32\xunuimfb.exe
C:\WINDOWS\system32\yawifvft.exe
C:\WINDOWS\system32\ycugplpx.exe
C:\WINDOWS\system32\yxdeoqkl.exe
C:\WINDOWS\vesgo.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 )))))))))))))))))))))))))))))))
.

2008-05-26 12:35 . 2008-05-26 12:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-26 12:35 . 2008-05-26 12:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-26 12:26 . 2008-05-26 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-05-26 12:22 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-05-12 13:54 . 2008-05-12 13:54 <DIR> d-------- C:\Documents and Settings\CYNTHIA\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:53 . 2008-05-12 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 13:53 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 13:53 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-11 22:49 . 2008-05-11 22:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-08 15:23 . 2008-05-08 15:23 <DIR> d-------- C:\Deckard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 19:20 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\COMCASTTOOLBAR
2008-05-26 17:25 --------- d-----w C:\Program Files\eAcceleration
2008-05-26 17:25 --------- d-----w C:\Program Files\Common Files\Scanner
2008-05-26 17:24 --------- d-----w C:\Program Files\Common Files\eAcceleration
2008-05-26 17:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-26 17:04 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\AVG7
2008-04-18 17:27 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-18 17:27 --------- d-----w C:\Program Files\Trend Micro
2008-04-18 17:24 --------- d-----w C:\Documents and Settings\CYNTHIA\Application Data\Grisoft
2008-04-18 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 17:21 --------- d-----w C:\Program Files\Viewpoint
2008-04-18 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-18 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 17:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 00:01 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-17 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 22:19 --------- d-----w C:\Program Files\Lavasoft
2008-04-17 22:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 22:16 --------- d-----w C:\Program Files\KleinSoft
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2004-11-21 18:58 40 -c--a-w C:\Documents and Settings\Guest\language.dat
2004-06-19 22:21 30,920 -c--a-w C:\Documents and Settings\CYNTHIA\Application Data\GDIPFONTCACHEV1.DAT
2005-03-29 23:40 32 -csha-w C:\WINDOWS\{D41FC78C-C475-4D72-B13E-7CA091BF6655}.dat
2005-03-29 23:40 32 -csha-w C:\WINDOWS\system32\{8CC45D60-D354-479D-A24C-3BA5B0BA6455}.dat
2005-07-29 21:24 472 --sha-r C:\WINDOWS\WUVTRU5JQSA\qopnlocLkmE.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-05-23_14.11.20.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-02-22 05:14:50 6,656 -c--a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-05-26 19:48:22 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2004-02-22 05:16:44 32,768 -c--a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-05-26 19:48:24 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
- 2004-02-22 05:16:32 712,704 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-05-26 19:48:40 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2004-02-22 05:16:32 286,720 -c--a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-05-26 19:48:25 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2004-02-22 05:16:44 1,564,672 -c--a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-05-26 19:48:41 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
- 2004-02-22 05:16:43 32,768 -c--a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-05-26 19:48:36 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
- 2004-02-22 05:16:43 77,824 -c--a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-05-26 19:48:28 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2004-02-22 05:16:42 1,175,552 -c--a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-05-26 19:48:37 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
- 2004-02-22 05:16:42 1,691,648 -c--a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-05-26 19:48:23 1,695,744 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
- 2004-02-22 05:16:41 86,016 -c--a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-05-26 19:48:39 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2004-02-22 05:16:40 65,536 -c--a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-05-26 19:48:44 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2004-02-22 05:16:40 462,848 -c--a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-05-26 19:48:35 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2004-02-22 05:16:39 212,992 -c--a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-05-26 19:48:26 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2004-02-22 05:16:39 47,104 -c--a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-05-26 19:48:26 48,640 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2004-02-22 05:16:39 348,160 -c--a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-05-26 19:48:34 352,256 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
- 2004-02-22 05:16:38 241,664 -c--a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-05-26 19:48:42 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2004-02-22 05:16:38 307,200 -c--a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-05-26 19:48:31 311,296 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2004-02-22 05:16:37 131,072 -c--a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-05-26 19:48:27 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2004-02-22 05:14:49 77,824 -c--a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-05-26 19:48:31 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
- 2004-02-22 05:16:36 126,976 -c--a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-05-26 19:48:37 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2004-02-22 05:16:37 61,440 -c--a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-05-26 19:48:26 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2004-02-22 05:16:37 503,808 -c--a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-05-26 19:48:24 507,904 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2004-02-22 05:16:32 1,187,840 -c--a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-26 19:48:39 1,200,128 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
- 2004-02-22 05:16:35 1,982,464 -c--a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-05-26 19:48:30 2,002,944 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
- 2004-02-22 05:16:33 1,294,336 -c--a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
+ 2008-05-26 19:48:33 1,302,528 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
- 2004-02-22 05:16:40 1,167,360 -c--a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-05-26 19:48:43 1,179,648 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-05-27 04:43:07 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_7c64e59f\CustomMarshalers.dll
+ 2008-05-26 19:49:23 3,301,376 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_e35aca42\mscorlib.dll
+ 2008-05-26 19:49:46 1,454,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_3d46004e\System.Design.dll
+ 2008-05-27 04:42:55 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_45d2f1d2\System.Drawing.Design.dll
+ 2008-05-26 19:49:30 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_6489df3a\System.Drawing.dll
+ 2008-05-26 19:50:26 2,953,216 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_2d0e002b\System.Windows.Forms.dll
+ 2008-05-26 19:49:58 2,027,520 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_358cf7a3\System.Xml.dll
+ 2008-05-26 19:49:10 1,855,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_27052c0c\System.dll
- 2008-05-23 18:56:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-27 04:53:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2002-01-05 10:55:46 126,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
+ 2004-07-15 07:41:06 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
- 2002-06-12 12:47:38 196,608 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2004-07-15 04:36:08 200,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
- 2002-06-12 12:47:40 24,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2004-07-15 04:36:08 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
- 2002-06-12 12:47:40 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2004-07-15 04:36:10 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
- 2002-06-12 12:54:20 94,208 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
+ 2004-07-15 16:05:24 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
- 2002-06-12 12:03:56 69,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
+ 2004-07-15 03:50:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
- 2002-01-05 12:49:32 49,152 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
+ 2004-07-15 09:45:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
- 2002-06-12 20:19:02 589,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
+ 2004-07-15 15:27:20 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
- 2002-01-05 05:40:40 798,720 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
+ 2004-07-15 04:33:28 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
- 2002-06-12 12:01:54 221,184 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2004-07-15 03:48:20 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
- 2002-06-12 12:54:28 6,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2004-07-15 16:04:44 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
- 2002-01-05 16:41:48 6,656 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
+ 2004-07-15 16:05:18 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
- 2002-06-12 12:54:32 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
+ 2004-07-15 16:04:56 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
- 2002-01-05 05:32:50 180,224 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
+ 2004-07-15 03:50:54 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
- 2002-06-12 12:54:34 24,576 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
+ 2004-07-15 16:05:28 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
- 2002-06-12 12:54:36 40,960 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
+ 2004-07-15 16:05:00 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
- 2002-06-12 12:54:42 712,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
+ 2004-07-15 16:05:48 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
- 2002-06-12 12:54:44 286,720 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
+ 2004-07-15 16:05:16 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
- 2002-06-12 12:55:00 1,564,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
+ 2004-07-15 16:05:52 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
- 2002-01-05 05:32:38 69,632 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
+ 2004-07-15 03:50:28 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
- 2002-01-05 05:32:38 221,184 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
+ 2004-07-15 03:50:28 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
- 2002-01-05 05:32:40 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2004-07-15 03:50:30 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
- 2002-06-12 04:02:02 303,104 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2004-07-15 03:48:28 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
- 2002-06-12 04:04:04 81,920 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2004-07-15 03:50:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
- 2002-06-12 20:55:02 1,953,792 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2004-07-15 16:05:34 1,998,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
- 2002-01-05 05:31:46 61,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
+ 2004-07-15 03:50:32 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
- 2002-01-05 05:32:38 143,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
+ 2004-07-15 03:50:32 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
- 2002-01-05 05:32:38 57,344 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
+ 2004-07-15 03:50:34 46,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
- 2002-01-05 05:32:40 65,536 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
+ 2004-07-15 03:50:34 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
- 2002-06-12 12:02:40 2,260,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2004-07-15 03:49:06 2,265,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
- 2002-01-05 05:32:44 8,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
+ 2004-07-15 03:50:40 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
- 2002-06-12 12:03:24 2,260,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2004-07-15 03:49:54 2,269,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
- 2002-05-09 10:38:44 45,056 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2004-08-10 21:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
- 2002-01-05 05:32:52 143,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
+ 2004-07-15 03:50:58 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
- 2002-01-05 05:40:42 20,480 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
+ 2004-07-15 04:33:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
- 2002-06-12 12:55:06 28,672 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
+ 2004-07-15 16:05:12 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
- 2002-06-12 12:55:08 32,768 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
+ 2004-07-15 16:04:58 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
- 2002-06-12 20:55:12 11,264 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
+ 2004-07-15 16:04:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
- 2002-06-12 12:55:22 77,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
+ 2004-07-15 16:05:10 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
- 2002-06-12 12:55:24 1,175,552 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
+ 2004-07-15 16:05:50 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
- 2002-06-12 12:55:26 1,691,648 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
+ 2004-07-15 16:05:22 1,695,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
- 2002-06-12 12:55:30 86,016 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
+ 2004-07-15 16:05:40 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
- 2002-06-12 20:55:32 1,167,360 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2004-07-15 16:05:20 1,179,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
- 2002-06-12 12:55:32 65,536 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
+ 2004-07-15 16:05:20 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
- 2002-06-12 12:55:34 462,848 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
+ 2004-07-15 16:05:18 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
- 2002-06-12 12:55:38 212,992 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
+ 2004-07-15 16:05:46 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
- 2002-06-12 04:04:28 47,104 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 03:50:50 48,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
- 2002-06-12 20:55:40 348,160 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
+ 2004-07-15 16:05:18 352,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
- 2002-06-12 12:55:42 241,664 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
+ 2004-07-15 16:05:28 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
- 2002-06-12 12:53:44 307,200 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
+ 2004-07-15 16:05:30 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
- 2002-06-12 12:53:46 131,072 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 16:05:14 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
- 2002-01-05 17:12:50 77,824 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2004-07-15 16:05:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
- 2002-06-12 12:53:52 126,976 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
+ 2004-07-15 16:05:26 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
- 2002-06-12 20:53:54 1,187,840 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2004-07-15 16:05:34 1,200,128 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
- 2002-06-12 12:53:56 61,440 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
+ 2004-07-15 16:05:38 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
- 2002-06-12 12:53:58 503,808 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
+ 2004-07-15 16:05:30 507,904 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
- 2002-06-12 20:54:00 1,982,464 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
+ 2004-07-15 16:05:22 2,002,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
- 2002-06-12 20:54:04 1,294,336 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-07-15 16:05:22 1,302,528 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2004-06-22 18:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe
- 2002-01-05 16:00:58 712,704 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
+ 2004-07-15 15:27:02 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
- 2002-01-05 12:39:32 999,424 -c--a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
+ 2004-07-15 09:36:38 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:09:18 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 07:56:42 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-06-14 18:09:18 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-06-14 14:07:24 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:23:37 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 08:59:35 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-06-14 18:09:20 3,058,688 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-07-17 18:34:46 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-06-14 18:09:19 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 08:59:37 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
- 2007-06-14 18:09:20 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-14 18:09:20 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 14:09:10 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 08:59:39 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-27 22:39:20 230,912 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-12-07 23:02:24 2,174,976 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2007-10-27 22:37:38 2,109,440 ------w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 07:56:42 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2003-03-31 02:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2007-04-13 23:12:34 170,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-27 04:38:16 170,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-08-03 04:34:10 16,789,464 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-09 19:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
- 2002-01-05 05:31:44 131,072 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2004-07-15 03:48:24 131,072 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2004-08-04 07:56:43 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 07:56:43 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 07:56:43 1,507,356 -c--a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-07-17 18:34:46 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 07:56:43 53,279 -c--a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 07:56:43 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 07:56:43 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 07:56:43 348,189 -c--a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 421,919 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 -c--a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 -c--a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 831,519 -c--a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 07:56:44 614,429 -c--a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 -c--a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-03-06 01:22:36 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-04 07:56:46 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 22:39:20 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2006-12-07 23:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-27 22:37:38 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 17:01 32768]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [2003-05-27 05:00 99840]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-07-03 13:32 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"RtC3 Cache Cleaner"="C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe" [2003-08-18 01:43 12288]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 19:00 579584]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 19:12 136904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-17 19:00 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlPanel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvLsnr]
--a------ 2003-05-08 07:34 69632 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-10-02 08:19 118784 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-10-02 08:37 155648 C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-22 09:54 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTWinModem1]
--a------ 2001-04-03 04:38 38912 C:\WINDOWS\system32\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2003-06-06 10:46 167936 C:\Program Files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-04-04 13:40 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
--a------ 2003-11-20 13:01 525824 C:\Program Files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
--------- 2007-05-08 19:12 136904 C:\Program Files\eAcceleration\Station\station.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\srmclean]
--a------ 2001-07-24 16:34 36864 C:\Cpqs\Scom\srmclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-08-19 20:23 32873 C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-07-03 13:32 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 12:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

R2 eac_notifysvc;eAcceleration Notification Service;"C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe" [2008-03-24 18:46]
R2 eac_productsvc;eAcceleration Product Manager Service;"C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe" [2008-03-24 18:46]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-26 23:55:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe
C:\COMPAQ\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
.
**************************************************************************
.
Completion time: 2008-05-27 0:08:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-27 05:07:57
ComboFix2.txt 2008-05-25 18:35:54
ComboFix3.txt 2008-05-23 19:12:09

Pre-Run: 26,140,966,912 bytes free
Post-Run: 26,126,770,176 bytes free

612 --- E O F --- 2008-05-26 19:49:56














Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:16 AM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\Program Files\internet explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RtC3 Cache Cleaner] C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 1: (no name) - http://www.igualaonline.com/Galerias/tmp/igu11.jpg
O24 - Desktop Component 2: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/CYNTHIA/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg

--
End of file - 10437 bytes

#12 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 27 May 2008 - 08:08 AM

Diablita

Looking better.

Please download WinHelp2002's DelDomains by right-clicking on the following link, and choosing
"Save Target As":
http://www.mvps.org/winhelp2002/DelDomains.inf

Save the file to the desktop.

Then go to the desktop, right click on DelDomains.inf, and choose Install.
You may not see any noticeable changes or prompts; this is normal.

Then please restart your computer, and post a fresh HijackThis log.
Posted Image
Microsoft MVP - Windows Security

#13 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 27 May 2008 - 01:03 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:56 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RtC3 Cache Cleaner] C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 1: (no name) - http://www.igualaonline.com/Galerias/tmp/igu11.jpg
O24 - Desktop Component 2: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/CYNTHIA/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg

--
End of file - 10036 bytes

#14 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 27 May 2008 - 01:26 PM

Diablita

Good work.

1. Rerun Hijackthis (scan only) and place checks beside the following entries
O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
O9 - Extra button: (no name) - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - (no file)
O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis

2. Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and Delete the following folder (if found)C:\Program Files\EbatesMoeMoneyMaker4
Close Windows Explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.

And in your reply give me an update on how your PC is running now.
Posted Image
Microsoft MVP - Windows Security

#15 Diablita

Diablita
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 27 May 2008 - 02:23 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:29 PM, on 5/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [RtC3 Cache Cleaner] C:\PROGRAM FILES\KLEINSOFT\RTC3\Cache.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O24 - Desktop Component 0: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 1: (no name) - http://www.igualaonline.com/Galerias/tmp/igu11.jpg
O24 - Desktop Component 2: (no name) - http://www.tmsfeatures.com/tmsfeatures/ser...&code=cplis
O24 - Desktop Component 3: (no name) - file:///C:/DOCUME~1/CYNTHIA/LOCALS~1/Temp/msohtml1/03/clip_image002.jpg

--
End of file - 9449 bytes




Hey :thumbsup: my pc is running a lot better now :) Its a lot faster, it no longer lags on startup and when i shut down it no longer has any prompts and shuts down right away :thumbsup: The popups are all gone :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users