Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/virus Windows Xp Security, Win32/heur, Trojen Horse, More


  • This topic is locked This topic is locked
11 replies to this topic

#1 SkiBumBrian

SkiBumBrian

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 29 July 2008 - 02:15 PM

I have been chasing the butterfly with AdAware, AVG, SpyBot in both safe and regular mode.

Please review my logs, thanks. SHould I cut/paste the text of the logs? or only included them as attachments?


Brian

***

Attached Files



BC AdBot (Login to Remove)

 


#2 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 09 August 2008 - 11:44 AM

Hello SkiBumBrian,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log (do not post attachments, unless i ask you to).

Edited by chryssi2001, 09 August 2008 - 11:45 AM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#3 SkiBumBrian

SkiBumBrian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 11 August 2008 - 12:58 PM

Hello,

Here is the Hijack This Log I just ran.

Thanks for your help!

-Brian


***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:51 PM, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Ac...%20Controls.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182374704452
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

--
End of file - 5960 bytes

#4 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 12 August 2008 - 12:38 AM

Hello SkiBumBrian,

Remove/Disable one of your Anti Virus programs.
You are operating your computer with multiple Anti Virus programs running in memory at once:

Symantec
AVG8


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

I suspect that Symantec are old remainants.

So go in Add/Remove programs, and uninstall each program with Symantec or Norton name.
----------------------------------------------
REMOVE NORTON

Please click HERE and follow the instructions to download and run the norton removal tool for your own version.
----------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Click start/ run and type in exactly:

"%userprofile%\desktop\dss.exe" /daft

Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:
.bat
.cmd
.inf
.ini
.reg
.txt
.vbs
.cpl
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • I'll need that log later.
If everything is ok again, it should display the "all associations ok message"

Post back with the contents of daft.txt.
----------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
----------------------------------------------
Post back:
daft.txt
Combofix report
A new HijackThis log
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#5 SkiBumBrian

SkiBumBrian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 12 August 2008 - 11:01 AM

OK, Thanks for the detailed instructions:

Log Files Follow.

-Brian


***
DAFT Log saved on 2008-08-12 10:34:05
-----------------------------------------------------------------------
All associations okay!


***
ComboFix 08-08-11.01 - Douglas Swanson 2008-08-12 10:43:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.236 [GMT -5:00]
Running from: C:\Documents and Settings\Douglas Swanson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Douglas Swanson\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Douglas Swanson\Application Data\macromedia\Flash Player\#SharedObjects\WSUNU22V\interclick.com
C:\Documents and Settings\Douglas Swanson\Application Data\macromedia\Flash Player\#SharedObjects\WSUNU22V\interclick.com\ud.sol
C:\Documents and Settings\Douglas Swanson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Douglas Swanson\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Douglas Swanson\Application Data\rhcvkqj0eaa1
C:\Documents and Settings\Douglas Swanson\Local Settings\Temporary Internet Files\itiwimeci.dl
C:\Documents and Settings\Douglas Swanson\Local Settings\Temporary Internet Files\qosybis.lib
C:\WINDOWS\system32\blphcrkqj0eaa1.scr
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\wsnpoem

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 10:32 . 2008-08-12 10:32 <DIR> d-------- C:\Deckard
2008-07-29 10:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-29 09:47 . 2008-07-29 09:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 03:01 . 2008-07-29 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-28 16:52 . 2008-07-28 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 10:36 . 2008-08-11 14:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-28 10:29 . 2008-08-11 12:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Program Files\AVG
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 10:29 . 2008-07-28 10:29 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-07-28 10:29 . 2008-07-28 10:29 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-07-28 10:20 . 2008-07-28 10:20 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-07-27 23:11 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-07-27 23:10 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-07-27 23:09 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-07-27 23:08 . 2008-04-14 00:01 2,023,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-07-27 23:07 . 2003-03-31 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-07-27 23:06 . 2003-03-31 05:00 10,129,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2008-07-27 23:05 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-07-27 23:04 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-07-27 23:03 . 2003-03-31 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-07-27 23:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-07-27 23:01 . 2008-04-14 00:54 2,145,280 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-07-27 23:01 . 2004-03-19 17:38 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisui.dll
2008-07-27 23:01 . 2004-03-19 17:34 94,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\certmap.ocx
2008-07-27 23:01 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-07-27 23:01 . 2004-03-19 17:38 19,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetsloc.dll
2008-07-27 23:01 . 2004-03-19 17:38 14,336 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisreset.exe
2008-07-27 23:01 . 2004-03-19 17:38 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetmgr.exe
2008-07-27 23:01 . 2004-03-19 17:44 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wamregps.dll
2008-07-27 23:01 . 2004-03-19 17:37 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ftpsapi2.dll
2008-07-27 23:01 . 2004-03-19 17:38 5,632 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisrstap.dll
2008-07-27 13:39 . 2008-07-27 13:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 13:39 . 2008-07-27 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 13:35 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-07-27 13:30 . 2008-07-27 13:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 14:41 . 2008-07-25 14:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-07-25 14:40 . 2008-04-14 05:41 268,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\httpext.dll
2008-07-25 14:39 . 2008-04-14 05:42 259,072 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpcl.dll
2008-07-25 14:38 . 2008-04-14 05:42 358,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpincl.dll
2008-07-25 14:38 . 2008-04-14 05:41 218,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\c_g18030.dll
2008-07-25 14:38 . 2008-04-14 05:42 119,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtstocom.exe
2008-07-25 14:38 . 2008-04-14 05:41 35,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iprip.dll
2008-07-25 14:38 . 2008-04-14 05:42 29,184 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw330ext.dll
2008-07-25 14:38 . 2008-04-14 05:42 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw001ext.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt0412.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt040d.dll
2008-07-25 14:38 . 2008-04-14 05:41 18,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lprmon.dll
2008-07-25 14:38 . 2008-04-14 05:39 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdibm02.dll
2008-07-25 14:38 . 2008-04-14 05:39 6,656 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdlk41a.dll
2008-07-25 14:37 . 2008-07-25 14:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-25 14:37 . 2008-04-14 05:42 456,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-07-25 14:37 . 2008-04-14 05:41 331,264 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\aqueue.dll
2008-07-25 14:37 . 2008-04-14 05:41 101,888 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\evntagnt.dll
2008-07-25 14:37 . 2008-04-14 05:42 39,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpthrd.dll
2008-07-25 14:37 . 2008-04-14 05:41 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lmmib2.dll
2008-07-25 14:37 . 2008-04-14 05:39 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdax2.dll
2008-07-25 14:36 . 2008-04-14 05:42 294,912 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\dlimport.exe
2008-07-25 14:31 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002809_.tmp
2008-07-25 14:27 . 2008-04-14 05:45 1,202,774 --a------ C:\sysmain.sdb
2008-07-25 13:33 . 2008-07-25 13:33 19,864 --a------ C:\WINDOWS\lapifoho.dl
2008-07-25 13:33 . 2008-07-25 13:33 19,245 --a------ C:\WINDOWS\hinifepaj.com
2008-07-25 13:33 . 2008-07-25 13:33 17,650 --a------ C:\Program Files\Common Files\defyko.pif
2008-07-25 13:33 . 2008-07-25 13:33 17,404 --a------ C:\Documents and Settings\All Users\Application Data\kijul.dat
2008-07-25 13:33 . 2008-07-25 13:33 16,442 --a------ C:\Program Files\Common Files\eqoqytijeh.reg
2008-07-25 13:33 . 2008-07-25 13:33 16,046 --a------ C:\WINDOWS\bekysuqer.ban
2008-07-25 13:33 . 2008-07-25 13:33 14,383 --a------ C:\Documents and Settings\All Users\Application Data\lufyqa.reg
2008-07-25 13:33 . 2008-07-25 13:33 14,344 --a------ C:\WINDOWS\SYSTEM32\vakeju.pif
2008-07-25 13:33 . 2008-07-25 13:33 13,545 --a------ C:\Documents and Settings\All Users\Application Data\mydova.vbs
2008-07-25 13:33 . 2008-07-25 13:33 13,076 --a------ C:\WINDOWS\ogalu.pif
2008-07-25 13:33 . 2008-07-25 13:33 12,207 --a------ C:\Documents and Settings\All Users\Application Data\uqyvevywe.bat
2008-07-25 13:33 . 2008-07-25 13:33 11,100 --a------ C:\WINDOWS\hesoduti.scr
2008-07-24 11:19 . 2008-07-24 11:19 17,411 --a------ C:\WINDOWS\cavoqyf.com
2008-07-22 14:37 . 2008-07-22 14:37 18,568 --a------ C:\Documents and Settings\Douglas Swanson\Application Data\umysa.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-29 15:02 --------- d-----w C:\Program Files\Java
2008-07-28 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-25 18:33 13,639 ----a-w C:\Program Files\Common Files\qopovopyj.inf
2008-07-22 19:37 19,599 ----a-w C:\WINDOWS\aquw.reg
2008-07-22 19:37 17,446 ----a-w C:\WINDOWS\okydygamo.dll
2008-07-22 19:37 15,497 ----a-w C:\Program Files\Common Files\lexo.ban
2008-07-22 19:37 15,221 ----a-w C:\WINDOWS\qylavy.scr
2008-07-22 19:37 12,293 ----a-w C:\WINDOWS\uqoqiz.vbs
2008-07-09 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comcast
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 14:10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-28 10:29 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 15:17 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-02-02 15:32 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-07-29 13:30 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 13:25 202560 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-03-15 01:04 122933 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-19 12:49 86016 C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2003-11-19 17:48 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 14:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2002-04-24 20:37 1544192 C:\Program Files\support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 10:29]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 10:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-braviax - C:\WINDOWS\System32\braviax.exe
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-SMrhcvkqj0eaa1 - C:\Program Files\rhcvkqj0eaa1\rhcvkqj0eaa1.exe
MSConfigStartUp-SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-XP SecurityCenter - C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
MSConfigStartUp-buritos - buritos.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Douglas Swanson\Application Data\Mozilla\Firefox\Profiles\ym09f5uj.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 10:49:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-08-12 10:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-12 15:53:28

Pre-Run: 22,723,895,296 bytes free
Post-Run: 22,630,150,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

266 --- E O F --- 2008-08-11 17:55:49


***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:20 AM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://connect.comcast.com/dl/Comcast%20Ac...%20Controls.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182374704452
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE

--
End of file - 5131 bytes

#6 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 12 August 2008 - 02:53 PM

Hello SkiBumBrian,

Upload a File to Jotti
Please visit http://virusscan.jotti.org/

Copy/paste this file and path into the white box at the top:

C:\WINDOWS\002809_.tmp

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
----------------------------------------------
COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    http://www.bleepingcomputer.com/forums/t/160405/malwarevirus-windows-xp-security-win32heur-trojen-horse-more/?p=909620
    
    Collect::
    C:\WINDOWS\lapifoho.dl
    C:\WINDOWS\hinifepaj.com
    C:\Program Files\Common Files\defyko.pif
    C:\Documents and Settings\All Users\Application Data\kijul.dat
    C:\Program Files\Common Files\eqoqytijeh.reg
    C:\WINDOWS\bekysuqer.ban
    C:\Documents and Settings\All Users\Application Data\lufyqa.reg
    C:\WINDOWS\SYSTEM32\vakeju.pif
    C:\Documents and Settings\All Users\Application Data\mydova.vbs
    C:\WINDOWS\ogalu.pif
    C:\Documents and Settings\All Users\Application Data\uqyvevywe.bat
    C:\WINDOWS\hesoduti.scr
    C:\WINDOWS\cavoqyf.com
    C:\Documents and Settings\Douglas Swanson\Application Data\umysa.bat
    C:\Program Files\Common Files\qopovopyj.inf
    C:\WINDOWS\aquw.reg
    C:\WINDOWS\okydygamo.dll
    C:\Program Files\Common Files\lexo.ban
    C:\WINDOWS\qylavy.scr
    C:\WINDOWS\uqoqiz.vbs
    
    Folder::
    C:\Program Files\Java\j2re1.4.2_03
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.
----------------------------------------------
Post back:
Jotti results
Combofix report
Malwarebytes' Anti-Malware report.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#7 SkiBumBrian

SkiBumBrian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 12 August 2008 - 05:31 PM

Posting back logs:

***Jotti Log
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan: Virus

Service
Service load:
0% 100%
File: 002809_.tmp
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 8737f6f4c8ec1e2a9ea5516f1b3ae1ad
Packers detected:
-
Scanner results
Scan taken on 12 Aug 2008 20:26:32 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


***
SNIP - ADVERTISING
***
Statistics
Last file scanned at least one scanner reported something about: adobe_flash.exe (MD5: 06bd0701d470475d32c6d98a0c685e4b, size: 74752 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Dldr.Exchanger.DW
ArcaVir X
Avast X
AVG Antivirus Downloader.Agent.AJFH
BitDefender Trojan.Downloader.Exchanger.Gen.2
ClamAV X
CPsecure X
Dr.Web Trojan.DownLoad.3248
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan-Downloader.Exchanger.Gen.2
Kaspersky Anti-Virus X
NOD32 a variant of Win32/Agent.ETH
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Mal/EncPk-DA
VirusBuster X
VBA32 X


You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.

*** COMBOFIX
ComboFix 08-08-11.01 - Douglas Swanson 2008-08-12 15:35:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.292 [GMT -5:00]
Running from: C:\Documents and Settings\Douglas Swanson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Douglas Swanson\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\kijul.dat
C:\Documents and Settings\All Users\Application Data\lufyqa.reg
C:\Documents and Settings\All Users\Application Data\mydova.vbs
C:\Documents and Settings\All Users\Application Data\uqyvevywe.bat
C:\Documents and Settings\Douglas Swanson\Application Data\umysa.bat
C:\Program Files\Common Files\defyko.pif
C:\Program Files\Common Files\eqoqytijeh.reg
C:\Program Files\Common Files\lexo.ban
C:\Program Files\Common Files\qopovopyj.inf
C:\Program Files\Java\j2re1.4.2_03
C:\Program Files\Java\j2re1.4.2_03\bin\awt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\axbridge.dll
C:\Program Files\Java\j2re1.4.2_03\bin\client\jvm.dll
C:\Program Files\Java\j2re1.4.2_03\bin\client\Xusage.txt
C:\Program Files\Java\j2re1.4.2_03\bin\cmm.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dcpr.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dt_shmem.dll
C:\Program Files\Java\j2re1.4.2_03\bin\dt_socket.dll
C:\Program Files\Java\j2re1.4.2_03\bin\eula.dll
C:\Program Files\Java\j2re1.4.2_03\bin\fontmanager.dll
C:\Program Files\Java\j2re1.4.2_03\bin\hpi.dll
C:\Program Files\Java\j2re1.4.2_03\bin\hprof.dll
C:\Program Files\Java\j2re1.4.2_03\bin\ioser12.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jaas_nt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\java.dll
C:\Program Files\Java\j2re1.4.2_03\bin\java.exe
C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jawt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jcov.dll
C:\Program Files\Java\j2re1.4.2_03\bin\JdbcOdbc.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jdwp.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpeg.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpicom32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpicpl32.cpl
C:\Program Files\Java\j2re1.4.2_03\bin\jpicpl32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jpiexp32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins4.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins6.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpins7.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpinsp.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jpishare.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jsound.dll
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\keytool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\kinit.exe
C:\Program Files\Java\j2re1.4.2_03\bin\klist.exe
C:\Program Files\Java\j2re1.4.2_03\bin\ktab.exe
C:\Program Files\Java\j2re1.4.2_03\bin\msvcrt.dll
C:\Program Files\Java\j2re1.4.2_03\bin\net.dll
C:\Program Files\Java\j2re1.4.2_03\bin\nio.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
C:\Program Files\Java\j2re1.4.2_03\bin\orbd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\policytool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\RegUtils.dll
C:\Program Files\Java\j2re1.4.2_03\bin\rmi.dll
C:\Program Files\Java\j2re1.4.2_03\bin\rmid.exe
C:\Program Files\Java\j2re1.4.2_03\bin\rmiregistry.exe
C:\Program Files\Java\j2re1.4.2_03\bin\servertool.exe
C:\Program Files\Java\j2re1.4.2_03\bin\tnameserv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\verify.dll
C:\Program Files\Java\j2re1.4.2_03\bin\w2k_lsa_auth.dll
C:\Program Files\Java\j2re1.4.2_03\bin\zip.dll
C:\Program Files\Java\j2re1.4.2_03\CHANGES
C:\Program Files\Java\j2re1.4.2_03\COPYRIGHT
C:\Program Files\Java\j2re1.4.2_03\javaws\cacerts
C:\Program Files\Java\j2re1.4.2_03\javaws\JavaCup.ico
C:\Program Files\Java\j2re1.4.2_03\javaws\javalogo52x88.gif
C:\Program Files\Java\j2re1.4.2_03\javaws\JavaWebStart.dll
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws-l10n.jar
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws-license.txt
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.exe
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.jar
C:\Program Files\Java\j2re1.4.2_03\javaws\javaws.policy
C:\Program Files\Java\j2re1.4.2_03\javaws\javawspl.dll
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_de.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_es.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_fr.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_it.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ja.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ko.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_sv.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_CN.html
C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_TW.html
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\copyright.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_de.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_es.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_fr.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_it.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_ja.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_ko.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_sv.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_zh_CN.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\messages_zh_TW.properties
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\miniSplash.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\resources\splash.jpg
C:\Program Files\Java\j2re1.4.2_03\javaws\sunlogo64x30.gif
C:\Program Files\Java\j2re1.4.2_03\lib\audio\soundbank.gm
C:\Program Files\Java\j2re1.4.2_03\lib\charsets.jar
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\GRAY.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\PYCC.pf
C:\Program Files\Java\j2re1.4.2_03\lib\cmm\sRGB.pf
C:\Program Files\Java\j2re1.4.2_03\lib\content-types.properties
C:\Program Files\Java\j2re1.4.2_03\lib\ext\dnsns.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\ldapsec.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\localedata.jar
C:\Program Files\Java\j2re1.4.2_03\lib\ext\sunjce_provider.jar
C:\Program Files\Java\j2re1.4.2_03\lib\flavormap.properties
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1250
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1251
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1253
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1254
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1256
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.CP1257
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.hi
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.iw
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ja
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ko
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.ru
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.th
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh.98
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_CN_GB18030
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW.95
C:\Program Files\Java\j2re1.4.2_03\lib\font.properties.zh_TW_MS950_HKSCS
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightDemiBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightDemiItalic.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightItalic.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaBrightRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaSansDemiBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaTypewriterBold.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\fonts\LucidaTypewriterRegular.ttf
C:\Program Files\Java\j2re1.4.2_03\lib\i386\jvm.cfg
C:\Program Files\Java\j2re1.4.2_03\lib\im\indicim.jar
C:\Program Files\Java\j2re1.4.2_03\lib\im\thaiim.jar
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\cursors.properties
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\j2re1.4.2_03\lib\jce.jar
C:\Program Files\Java\j2re1.4.2_03\lib\jsse.jar
C:\Program Files\Java\j2re1.4.2_03\lib\jvm.hprof.txt
C:\Program Files\Java\j2re1.4.2_03\lib\jvm.jcov.txt
C:\Program Files\Java\j2re1.4.2_03\lib\logging.properties
C:\Program Files\Java\j2re1.4.2_03\lib\plugin.jar
C:\Program Files\Java\j2re1.4.2_03\lib\psfont.properties.ja
C:\Program Files\Java\j2re1.4.2_03\lib\psfontj2d.properties
C:\Program Files\Java\j2re1.4.2_03\lib\rt.jar
C:\Program Files\Java\j2re1.4.2_03\lib\security\cacerts
C:\Program Files\Java\j2re1.4.2_03\lib\security\java.policy
C:\Program Files\Java\j2re1.4.2_03\lib\security\java.security
C:\Program Files\Java\j2re1.4.2_03\lib\security\local_policy.jar
C:\Program Files\Java\j2re1.4.2_03\lib\security\US_export_policy.jar
C:\Program Files\Java\j2re1.4.2_03\lib\sunrsasign.jar
C:\Program Files\Java\j2re1.4.2_03\lib\tzmappings
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Abidjan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Accra
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Algiers
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Asmera
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bamako
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bangui
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Banjul
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bissau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Blantyre
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Brazzaville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Bujumbura
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Cairo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Casablanca
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ceuta
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Conakry
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Dakar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Djibouti
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Douala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Freetown
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Gaborone
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Harare
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Johannesburg
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kampala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Khartoum
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kigali
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Kinshasa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lagos
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Libreville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Luanda
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Lusaka
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Malabo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Maputo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Maseru
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Mbabane
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Mogadishu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Monrovia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Nairobi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ndjamena
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Niamey
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Nouakchott
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Timbuktu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Tripoli
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Tunis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Africa\Windhoek
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Adak
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Anchorage
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Anguilla
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Antigua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Araguaina
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Aruba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Asuncion
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Barbados
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Belem
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Belize
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Boa_Vista
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Bogota
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Boise
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Buenos_Aires
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cancun
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Caracas
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Catamarca
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cayenne
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cayman
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Chicago
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Chihuahua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cordoba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Costa_Rica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Cuiaba
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Curacao
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Danmarkshavn
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dawson
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dawson_Creek
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Denver
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Detroit
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Dominica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Edmonton
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Eirunepe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\El_Salvador
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Fortaleza
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Glace_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Godthab
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Goose_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Grand_Turk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Grenada
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guadeloupe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guatemala
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guayaquil
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Guyana
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Halifax
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Havana
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Hermosillo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Knox
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Indianapolis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Inuvik
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Iqaluit
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Jamaica
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Jujuy
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Juneau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\La_Paz
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Lima
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Los_Angeles
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Louisville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Maceio
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Managua
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Manaus
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Martinique
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mazatlan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mendoza
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Menominee
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Merida
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Mexico_City
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Miquelon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Monterrey
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montevideo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montreal
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Montserrat
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nassau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\New_York
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nipigon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Nome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Noronha
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Panama
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Pangnirtung
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Paramaribo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Phoenix
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Port-au-Prince
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Port_of_Spain
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Porto_Velho
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Puerto_Rico
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Rainy_River
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Recife
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Regina
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Rio_Branco
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Santiago
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Santo_Domingo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Sao_Paulo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Scoresbysund
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\St_Johns
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\St_Kitts
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\St_Lucia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\St_Thomas
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\St_Vincent
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Swift_Current
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Tegucigalpa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Thule
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Thunder_Bay
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Tijuana
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Tortola
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Vancouver
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Whitehorse
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Winnipeg
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Yakutat
C:\Program Files\Java\j2re1.4.2_03\lib\zi\America\Yellowknife
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Casey
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Davis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Mawson
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Palmer
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Rothera
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Syowa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Antarctica\Vostok
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Aden
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Almaty
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Amman
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Anadyr
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Aqtau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Aqtobe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Ashgabat
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Baghdad
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Bahrain
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Baku
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Bangkok
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Beirut
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Bishkek
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Brunei
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Calcutta
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Choibalsan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Chongqing
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Colombo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Damascus
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Dhaka
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Dili
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Dubai
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Dushanbe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Gaza
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Harbin
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Hovd
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Irkutsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Jakarta
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Jayapura
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Jerusalem
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kabul
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kamchatka
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Karachi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kashgar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Katmandu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kuching
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Kuwait
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Macau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Magadan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Makassar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Manila
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Muscat
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Nicosia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Omsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Oral
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Pontianak
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Pyongyang
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qatar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Rangoon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Riyadh
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Riyadh87
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Riyadh88
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Riyadh89
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Saigon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Sakhalin
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Samarkand
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Seoul
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Shanghai
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Singapore
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Taipei
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Tashkent
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Tbilisi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Tehran
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Thimphu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Tokyo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Urumqi
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Vientiane
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Vladivostok
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Yakutsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Asia\Yerevan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Azores
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Canary
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Faeroe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Madeira
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Atlantic\Stanley
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Adelaide
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Brisbane
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Darwin
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Hobart
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Lindeman
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Melbourne
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Perth
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Australia\Sydney
C:\Program Files\Java\j2re1.4.2_03\lib\zi\CET
C:\Program Files\Java\j2re1.4.2_03\lib\zi\EET
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-1
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-10
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-11
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-12
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-13
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-14
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-2
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-3
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-4
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-5
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-6
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-7
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-8
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT-9
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\GMT
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\UCT
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Etc\UTC
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Amsterdam
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Andorra
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Athens
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Belfast
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Belgrade
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Berlin
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Brussels
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Bucharest
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Budapest
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Chisinau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Copenhagen
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Dublin
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Gibraltar
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Helsinki
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Istanbul
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Kiev
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Lisbon
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\London
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Luxembourg
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Madrid
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Malta
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Minsk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Monaco
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Moscow
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Oslo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Paris
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Prague
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Riga
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Rome
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Samara
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Simferopol
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Sofia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Stockholm
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Tallinn
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Tirane
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Vaduz
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Vienna
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Vilnius
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Warsaw
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Europe\Zurich
C:\Program Files\Java\j2re1.4.2_03\lib\zi\GMT
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Antananarivo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Chagos
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Christmas
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Cocos
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Comoro
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Kerguelen
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Mahe
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Maldives
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Mauritius
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Mayotte
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Indian\Reunion
C:\Program Files\Java\j2re1.4.2_03\lib\zi\MET
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Apia
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Auckland
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Chatham
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Easter
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Efate
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Enderbury
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Fiji
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Funafuti
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Galapagos
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Gambier
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Guam
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Honolulu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Johnston
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Kosrae
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Majuro
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Marquesas
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Midway
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Nauru
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Niue
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Norfolk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Noumea
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Palau
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Ponape
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Saipan
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Tahiti
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Tarawa
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Truk
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Wake
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Wallis
C:\Program Files\Java\j2re1.4.2_03\lib\zi\Pacific\Yap
C:\Program Files\Java\j2re1.4.2_03\lib\zi\WET
C:\Program Files\Java\j2re1.4.2_03\lib\zi\ZoneInfoMappings
C:\Program Files\Java\j2re1.4.2_03\LICENSE
C:\Program Files\Java\j2re1.4.2_03\LICENSE.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_de.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_es.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_fr.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_it.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_ja.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_ko.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_sv.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_zh_CN.rtf
C:\Program Files\Java\j2re1.4.2_03\LICENSE_zh_TW.rtf
C:\Program Files\Java\j2re1.4.2_03\README.txt
C:\Program Files\Java\j2re1.4.2_03\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\j2re1.4.2_03\Welcome.html
C:\WINDOWS\aquw.reg
C:\WINDOWS\bekysuqer.ban
C:\WINDOWS\cavoqyf.com
C:\WINDOWS\hesoduti.scr
C:\WINDOWS\hinifepaj.com
C:\WINDOWS\lapifoho.dl
C:\WINDOWS\ogalu.pif
C:\WINDOWS\okydygamo.dll
C:\WINDOWS\qylavy.scr
C:\WINDOWS\SYSTEM32\vakeju.pif
C:\WINDOWS\uqoqiz.vbs

.
((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
.

2008-08-12 10:32 . 2008-08-12 10:32 <DIR> d-------- C:\Deckard
2008-07-29 10:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-29 09:47 . 2008-07-29 09:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 03:01 . 2008-07-29 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-28 16:52 . 2008-07-28 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 10:36 . 2008-08-11 14:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-28 10:29 . 2008-08-11 12:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Program Files\AVG
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 10:29 . 2008-07-28 10:29 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-07-28 10:29 . 2008-07-28 10:29 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-07-28 10:20 . 2008-07-28 10:20 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-07-27 23:11 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-07-27 23:10 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-07-27 23:09 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-07-27 23:08 . 2008-04-14 00:01 2,023,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-07-27 23:07 . 2003-03-31 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-07-27 23:06 . 2003-03-31 05:00 10,129,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2008-07-27 23:05 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-07-27 23:04 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-07-27 23:03 . 2003-03-31 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-07-27 23:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-07-27 23:01 . 2008-04-14 00:54 2,145,280 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-07-27 23:01 . 2004-03-19 17:38 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisui.dll
2008-07-27 23:01 . 2004-03-19 17:34 94,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\certmap.ocx
2008-07-27 23:01 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-07-27 23:01 . 2004-03-19 17:38 19,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetsloc.dll
2008-07-27 23:01 . 2004-03-19 17:38 14,336 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisreset.exe
2008-07-27 23:01 . 2004-03-19 17:38 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetmgr.exe
2008-07-27 23:01 . 2004-03-19 17:44 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wamregps.dll
2008-07-27 23:01 . 2004-03-19 17:37 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ftpsapi2.dll
2008-07-27 23:01 . 2004-03-19 17:38 5,632 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisrstap.dll
2008-07-27 13:39 . 2008-07-27 13:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 13:39 . 2008-07-27 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 13:35 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-07-27 13:30 . 2008-07-27 13:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 14:41 . 2008-07-25 14:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-07-25 14:40 . 2008-04-14 05:41 268,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\httpext.dll
2008-07-25 14:39 . 2008-04-14 05:42 259,072 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpcl.dll
2008-07-25 14:38 . 2008-04-14 05:42 358,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpincl.dll
2008-07-25 14:38 . 2008-04-14 05:41 218,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\c_g18030.dll
2008-07-25 14:38 . 2008-04-14 05:42 119,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtstocom.exe
2008-07-25 14:38 . 2008-04-14 05:41 35,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iprip.dll
2008-07-25 14:38 . 2008-04-14 05:42 29,184 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw330ext.dll
2008-07-25 14:38 . 2008-04-14 05:42 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw001ext.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt0412.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt040d.dll
2008-07-25 14:38 . 2008-04-14 05:41 18,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lprmon.dll
2008-07-25 14:38 . 2008-04-14 05:39 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdibm02.dll
2008-07-25 14:38 . 2008-04-14 05:39 6,656 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdlk41a.dll
2008-07-25 14:37 . 2008-07-25 14:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-25 14:37 . 2008-04-14 05:42 456,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-07-25 14:37 . 2008-04-14 05:41 331,264 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\aqueue.dll
2008-07-25 14:37 . 2008-04-14 05:41 101,888 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\evntagnt.dll
2008-07-25 14:37 . 2008-04-14 05:42 39,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpthrd.dll
2008-07-25 14:37 . 2008-04-14 05:41 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lmmib2.dll
2008-07-25 14:37 . 2008-04-14 05:39 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdax2.dll
2008-07-25 14:36 . 2008-04-14 05:42 294,912 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\dlimport.exe
2008-07-25 14:31 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002809_.tmp
2008-07-25 14:27 . 2008-04-14 05:45 1,202,774 --a------ C:\sysmain.sdb
2008-07-22 14:37 . 2008-07-22 14:37 18,949 --a------ C:\WINDOWS\hucac.ban
2008-07-22 14:37 . 2008-07-22 14:37 16,092 --a------ C:\WINDOWS\butitycica.lib
2008-07-22 14:37 . 2008-07-22 14:37 15,837 --a------ C:\WINDOWS\jomepa.inf
2008-07-22 14:37 . 2008-07-22 14:37 15,407 --a------ C:\WINDOWS\ozagabo.ban
2008-07-22 14:37 . 2008-07-22 14:37 13,216 --a------ C:\WINDOWS\teducytyz.ban
2008-07-22 14:37 . 2008-07-22 14:37 10,493 --a------ C:\WINDOWS\yxap.lib
2008-07-22 14:37 . 2008-07-22 14:37 10,141 --a------ C:\WINDOWS\SYSTEM32\ucaro.ban

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 20:36 --------- d-----w C:\Program Files\Java
2008-08-12 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-28 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comcast
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_10.53.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-12 20:39:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_638.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 14:10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 05:42 169984]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 15:17 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-02-02 15:32 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-07-29 13:30 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-07-28 10:29 1232152 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 13:25 202560 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-03-15 01:04 122933 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-19 12:49 86016 C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 14:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2002-04-24 20:37 1544192 C:\Program Files\support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg8wd"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 10:29]
S4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 10:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bef5190-5a77-11dd-a08f-000f1fb6e642}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 15:39:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\SYSTEM32\scardsvr.exe
.
**************************************************************************
.
Completion time: 2008-08-12 15:45:37 - machine was rebooted [Douglas Swanson]
ComboFix-quarantined-files.txt 2008-08-12 20:45:31
ComboFix2.txt 2008-08-12 15:53:34

Pre-Run: 22,652,407,808 bytes free
Post-Run: 22,626,349,056 bytes free

817 --- E O F --- 2008-08-11 17:55:49

*** MALWAREBYTES
Malwarebytes' Anti-Malware 1.24
Database version: 1045
Windows 5.1.2600 Service Pack 3

5:25:16 PM 8/12/2008
mbam-log-8-12-2008 (17-25-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 101094
Time elapsed: 35 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvkqj0eaa1 (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

#8 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 13 August 2008 - 01:24 AM

Hello SkiBumBrian,

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    http://www.bleepingcomputer.com/forums/t/160405/malwarevirus-windows-xp-security-win32heur-trojen-horse-more/?p=910017
    
    Collect::
    C:\WINDOWS\hucac.ban
    C:\WINDOWS\butitycica.lib
    C:\WINDOWS\jomepa.inf
    C:\WINDOWS\ozagabo.ban
    C:\WINDOWS\teducytyz.ban
    C:\WINDOWS\yxap.lib
    C:\WINDOWS\SYSTEM32\ucaro.ban
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#9 SkiBumBrian

SkiBumBrian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 August 2008 - 11:14 AM

Here is the combo fix log. Also two attachments that Combo Fix uploaded to bleeping computer. One was yesterday, sorry, and one this morning.

Thanks,

Brian

***
ComboFix 08-08-12.01 - Douglas Swanson 2008-08-13 10:55:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.210 [GMT -5:00]
Running from: C:\Documents and Settings\Douglas Swanson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Douglas Swanson\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\butitycica.lib
C:\WINDOWS\hucac.ban
C:\WINDOWS\jomepa.inf
C:\WINDOWS\ozagabo.ban
C:\WINDOWS\SYSTEM32\ucaro.ban
C:\WINDOWS\teducytyz.ban
C:\WINDOWS\yxap.lib

.
((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-13 10:49 . 2008-08-13 10:49 <DIR> d-------- C:\WINDOWS\LastGood
2008-08-12 15:53 . 2008-08-12 15:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 15:53 . 2008-08-12 15:53 <DIR> d-------- C:\Documents and Settings\Douglas Swanson\Application Data\Malwarebytes
2008-08-12 15:53 . 2008-08-12 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 15:53 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-12 15:53 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-12 10:32 . 2008-08-12 10:32 <DIR> d-------- C:\Deckard
2008-07-29 10:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-29 09:47 . 2008-07-29 09:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-29 03:01 . 2008-07-29 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-28 16:52 . 2008-07-28 16:53 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 10:36 . 2008-08-11 14:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-28 10:29 . 2008-08-11 12:49 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Program Files\AVG
2008-07-28 10:29 . 2008-07-28 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-28 10:29 . 2008-07-28 10:29 96,520 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-07-28 10:29 . 2008-07-28 10:29 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-07-28 10:20 . 2008-07-28 10:20 118 --a------ C:\WINDOWS\SYSTEM32\MRT.INI
2008-07-27 23:11 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usr1801.sys
2008-07-27 23:10 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-07-27 23:09 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-07-27 23:08 . 2008-04-14 00:01 2,023,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
2008-07-27 23:07 . 2003-03-31 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-07-27 23:06 . 2003-03-31 05:00 10,129,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxkor.dll
2008-07-27 23:05 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-07-27 23:04 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\cicap.sys
2008-07-27 23:03 . 2003-03-31 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-07-27 23:02 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-07-27 23:01 . 2008-04-14 00:54 2,145,280 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-07-27 23:01 . 2004-03-19 17:38 169,984 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisui.dll
2008-07-27 23:01 . 2004-03-19 17:34 94,720 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\certmap.ocx
2008-07-27 23:01 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-07-27 23:01 . 2004-03-19 17:38 19,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetsloc.dll
2008-07-27 23:01 . 2004-03-19 17:38 14,336 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisreset.exe
2008-07-27 23:01 . 2004-03-19 17:38 7,680 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\inetmgr.exe
2008-07-27 23:01 . 2004-03-19 17:44 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wamregps.dll
2008-07-27 23:01 . 2004-03-19 17:37 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ftpsapi2.dll
2008-07-27 23:01 . 2004-03-19 17:38 5,632 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iisrstap.dll
2008-07-27 13:39 . 2008-07-27 13:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-27 13:39 . 2008-07-27 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 13:35 . 2008-04-14 05:42 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
2008-07-27 13:30 . 2008-07-27 13:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-25 14:41 . 2008-07-25 14:41 <DIR> d-------- C:\WINDOWS\SYSTEM32\scripting
2008-07-25 14:40 . 2008-04-14 05:41 268,288 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\httpext.dll
2008-07-25 14:39 . 2008-04-14 05:42 259,072 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpcl.dll
2008-07-25 14:38 . 2008-04-14 05:42 358,400 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpincl.dll
2008-07-25 14:38 . 2008-04-14 05:41 218,112 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\c_g18030.dll
2008-07-25 14:38 . 2008-04-14 05:42 119,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\mtstocom.exe
2008-07-25 14:38 . 2008-04-14 05:41 35,328 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\iprip.dll
2008-07-25 14:38 . 2008-04-14 05:42 29,184 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw330ext.dll
2008-07-25 14:38 . 2008-04-14 05:42 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\rw001ext.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt0412.dll
2008-07-25 14:38 . 2007-04-02 23:56 19,456 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\agt040d.dll
2008-07-25 14:38 . 2008-04-14 05:41 18,944 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lprmon.dll
2008-07-25 14:38 . 2008-04-14 05:39 7,168 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdibm02.dll
2008-07-25 14:38 . 2008-04-14 05:39 6,656 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdlk41a.dll
2008-07-25 14:37 . 2008-07-25 14:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-25 14:37 . 2008-04-14 05:42 456,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\smtpsvc.dll
2008-07-25 14:37 . 2008-04-14 05:41 331,264 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\aqueue.dll
2008-07-25 14:37 . 2008-04-14 05:41 101,888 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\evntagnt.dll
2008-07-25 14:37 . 2008-04-14 05:42 39,936 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\snmpthrd.dll
2008-07-25 14:37 . 2008-04-14 05:41 33,792 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\lmmib2.dll
2008-07-25 14:37 . 2008-04-14 05:39 6,144 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdax2.dll
2008-07-25 14:36 . 2008-04-14 05:42 294,912 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\dlimport.exe
2008-07-25 14:31 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002809_.tmp
2008-07-25 14:27 . 2008-04-14 05:45 1,202,774 --a------ C:\sysmain.sdb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 20:36 --------- d-----w C:\Program Files\Java
2008-08-12 15:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-28 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 00:48 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2008-07-09 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comcast
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\SETBF.tmp
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-26 08:15 619,520 ----a-w C:\WINDOWS\SYSTEM32\SET48.tmp
2008-06-26 08:15 619,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-06-26 08:15 1,499,136 ----a-w C:\WINDOWS\SYSTEM32\SET49.tmp
2008-06-26 08:15 1,499,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\SETC7.tmp
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\SYSTEM32\SET47.tmp
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-06-23 15:09 3,067,392 ----a-w C:\WINDOWS\SYSTEM32\SET4A.tmp
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:46 147,968 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\SYSTEM32\lsdelete.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-12_10.53.06.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
+ 2007-05-10 15:11:42 1,767,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PPCNV.DLL
+ 2007-03-22 00:00:06 72,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6021\PXBCOM.EXE
- 2008-06-13 13:07:04 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-08-13 15:51:24 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2008-07-09 13:21:59 12,288 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-08-13 15:53:22 12,288 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-09 13:21:59 135,168 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-13 15:53:21 135,168 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-09 13:21:59 11,264 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-08-13 15:53:22 11,264 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-09 13:21:59 27,136 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-08-13 15:53:22 27,136 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-09 13:21:59 4,096 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-08-13 15:53:22 4,096 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-09 13:21:59 794,624 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-08-13 15:53:22 794,624 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-09 13:21:59 249,856 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-08-13 15:53:22 249,856 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-09 13:21:59 61,440 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-08-13 15:53:22 61,440 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-07-09 13:21:59 23,040 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-08-13 15:53:22 23,040 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-09 13:21:59 286,720 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-08-13 15:53:21 286,720 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-09 13:21:58 409,600 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-08-13 15:53:21 409,600 ----a-r C:\WINDOWS\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-14 10:41:56 691,712 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
- 2008-04-14 10:42:00 331,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
- 2008-04-14 10:41:56 691,712 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2008-03-27 10:40:24 60,416 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
+ 2008-08-13 15:42:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 14:10 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-13 15:17 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2004-02-02 15:32 155648 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-07-29 13:30 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-07-28 10:29 1232152 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2008-04-24 13:25 202560 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 09:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-03-15 01:04 122933 C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 09:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
--a------ 2007-03-15 19:16 454784 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2005-01-12 14:54 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-19 12:49 86016 C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-07-07 09:42 2156368 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 14:10 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2002-04-24 20:37 1544192 C:\Program Files\support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\SYSTEM32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
--a------ 2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymWSC"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"sprtsvc_dellsupportcenter"=2 (0x2)
"sprtsvc_ddoctorv2"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"SNDSrvc"=2 (0x2)
"SAVScan"=3 (0x3)
"S24EventMonitor"=2 (0x2)
"RegSrvc"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"DSBrokerService"=3 (0x3)
"comHost"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"avg8wd"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-28 10:29]
S4 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-28 10:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bef5190-5a77-11dd-a08f-000f1fb6e642}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-13 10:57:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-08-13 10:59:16
ComboFix-quarantined-files.txt 2008-08-13 15:59:06
ComboFix2.txt 2008-08-12 20:45:38
ComboFix3.txt 2008-08-12 15:53:34

Pre-Run: 22,327,369,728 bytes free
Post-Run: 22,314,754,048 bytes free

315 --- E O F --- 2008-08-13 15:53:54

***

Attached Files



#10 SkiBumBrian

SkiBumBrian
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 August 2008 - 11:16 AM

This is the file uploaded by combo fix yesterday but I am over the available space to upload here.

Filename: [4]-Submit_2008-08-12@15.34.zip

-Brian

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 13 August 2008 - 04:53 PM

Hello SkiBumBrian,

Thank you for the reports. It's enough for me to know that the files were submitted.

Your latest Combofix report looks good.
----------------------------------------------
Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#12 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:12:50 AM

Posted 19 August 2008 - 03:52 AM

Due to the lack of feedback, this Topic is now closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users