Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Euniverse.incredifind And 2x Funwebproducts


  • This topic is locked This topic is locked
12 replies to this topic

#1 hockeysocdad

hockeysocdad

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 31 August 2008 - 12:33 PM

Hi,
Finally got to working on this Dell computer .....an extra computer used by all the family ....

Deleted Norton, installed AVG, updated Maleware bites, updated spyBot.

Ran all of them .....

Maleware nor SpoyBot, nor AVG could not remove 3 threats,

SPybot reports
1 x eUniverse.IncrediFind and
2 x FunWebProducts

Not sure of computer symptoms since I have not used it long since repair of many other maleware issues via the S/W above.

Below is HiJack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:58 PM, on 8/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {86C2D4FA-1163-4423-8AC0-EA5DC4D28C8D} - C:\WINDOWS\System32\ialdmdev5.dll (file missing)
O2 - BHO: {9b1d252b-2804-9348-3444-5bf867a88c99} - {99c88a76-8fb5-4443-8439-4082b252d1b9} - C:\WINDOWS\system32\tapwbsfo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {5A59502A-B0BE-4787-B836-98D46AD5D526} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Can You See What I See\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: abriis - C:\WINDOWS\Microsoft.NET\abriis.dll (file missing)
O20 - Winlogon Notify: binsvc - C:\WINDOWS\Fonts\binsvc.dll (file missing)
O20 - Winlogon Notify: combak - C:\WINDOWS\Sun\combak.dll (file missing)
O20 - Winlogon Notify: dllodbc - C:\WINDOWS\Fonts\Fonts\dllodbc.dll (file missing)
O20 - Winlogon Notify: doskb - C:\WINDOWS\ServicePackFiles\doskb.dll (file missing)
O20 - Winlogon Notify: fontutil - C:\WINDOWS\repair\fontutil.dll (file missing)
O20 - Winlogon Notify: hardreg - C:\WINDOWS\msagent\CHARS\hardreg.dll (file missing)
O20 - Winlogon Notify: msas - C:\WINDOWS\Help\starter\msas.dll (file missing)
O20 - Winlogon Notify: psinet - C:\WINDOWS\msagent\INTL\psinet.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 8945 bytes

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 01 September 2008 - 06:45 AM

Hi,

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as").
Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 hockeysocdad

hockeysocdad
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 01 September 2008 - 09:36 AM

Hi Miekiemoes,

Thanks for your help.

Here is combo fix log and new Hijack this log .....



ComboFix 08-08-31.01 - Zoltan Gyarfas 2008-09-01 8:21:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -5:00]
Running from: C:\Documents and Settings\Zoltan Gyarfas\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\SX97DNVD\interclick.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\#SharedObjects\SX97DNVD\interclick.com\ud.sol
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Guest\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Tracy Gyarfas\Application Data\FunWebProducts
C:\Documents and Settings\Tracy Gyarfas\Application Data\FunWebProducts\Data\Tracy Gyarfas\avatar.dat
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\XVPMA7YK\bin.clearspring.com
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\XVPMA7YK\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\XVPMA7YK\interclick.com
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\XVPMA7YK\interclick.com\ud.sol
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Tracy Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Tracy Gyarfas\Cookies\tracy gyarfas@2o7[1].txt
C:\Documents and Settings\Tracy Gyarfas\Cookies\tracy gyarfas@ad.yieldmanager[1].txt
C:\Documents and Settings\Tracy Gyarfas\Cookies\tracy gyarfas@advertising[2].txt
C:\Documents and Settings\Tracy Gyarfas\Cookies\tracy gyarfas@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Tracy Gyarfas\Cookies\tracy gyarfas@insightexpressai[2].txt
C:\Documents and Settings\Zoltan Gyarfas\Application Data\FunWebProducts
C:\Documents and Settings\Zoltan Gyarfas\Application Data\FunWebProducts\Data\Zoltan Gyarfas\avatar.dat
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\VU3D5WVW\bin.clearspring.com
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\VU3D5WVW\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\VU3D5WVW\interclick.com
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\#SharedObjects\VU3D5WVW\interclick.com\ud.sol
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Zoltan Gyarfas\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Zoltan Gyarfas\Cookies\zoltan gyarfas@antispywaremaster[1].txt
C:\Documents and Settings\Zoltan Gyarfas\Cookies\zoltan gyarfas@cubics[1].txt
C:\Documents and Settings\Zoltan Gyarfas\Cookies\zoltan gyarfas@myspace[1].txt
C:\Documents and Settings\Zoltan Gyarfas\Cookies\zoltan gyarfas@trustedantivirus[1].txt
C:\Documents and Settings\Zoltan Gyarfas\Cookies\zoltan gyarfas@trustedantivirus[3].txt
C:\Program Files\Common Files\InetGet2
C:\Program Files\Dynamic Toolbar
C:\WINDOWS\BM836f7b9b.txt
C:\WINDOWS\BM836f7b9b.xml
C:\WINDOWS\bobsaver.exe
C:\WINDOWS\bobsaver.scr
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\agnjlnju.ini
C:\WINDOWS\system32\boicvmyp.ini
C:\WINDOWS\system32\cjixavbr.ini
C:\WINDOWS\system32\cwmalnxs.ini
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\efjeklkl.ini
C:\WINDOWS\system32\eggbelhf.ini
C:\WINDOWS\system32\ffeexpvu.ini
C:\WINDOWS\system32\fsenjicv.ini
C:\WINDOWS\system32\fyxhlhlu.ini
C:\WINDOWS\system32\hkcxevqr.ini
C:\WINDOWS\system32\krdrgjfu.ini
C:\WINDOWS\system32\lyfjhwvp.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nmexaenb.ini
C:\WINDOWS\system32\tvvcuktm.ini
C:\WINDOWS\system32\twthvyng.ini
C:\WINDOWS\system32\ubbehnya.ini
C:\WINDOWS\system32\vmoeoxmx.ini
C:\WINDOWS\system32\vqegxylx.ini
C:\WINDOWS\system32\vtojvdwe.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-30 21:11 . 2008-08-30 21:11 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-30 13:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-30 09:40 . 2008-08-31 07:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-30 09:35 . 2008-09-01 08:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-08-30 09:35 . 2008-08-31 09:21 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-08-30 09:35 . 2008-08-30 09:35 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-08-30 09:35 . 2008-08-30 09:35 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-08-30 09:34 . 2008-08-30 09:34 <DIR> d-------- C:\Program Files\AVG
2008-08-30 09:34 . 2008-08-30 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-28 18:32 . 2008-08-28 18:32 <DIR> d---s---- C:\Documents and Settings\Guest\UserData
2008-08-18 21:59 . 2008-08-18 21:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\acccore
2008-08-01 21:14 . 2008-08-01 21:16 <DIR> d-------- C:\Program Files\Can You See What I See

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-31 02:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 18:32 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-30 18:10 --------- d-----w C:\Program Files\Punch! Pro
2008-08-30 18:07 --------- d-----w C:\Program Files\Punch! Home Design - AS4000
2008-08-30 17:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-30 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-17 20:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 02:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 16:32 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\Playrix Entertainment
2008-07-26 16:31 --------- d-----w C:\Program Files\Fishdom
2008-07-19 15:51 --------- d-----w C:\Program Files\DDD Pool
2008-07-16 02:36 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\Talkback
2008-07-16 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-16 00:53 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\GameHouse
2008-07-16 00:52 --------- d-----w C:\Program Files\GameHouse
2008-07-15 18:09 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-07-15 18:03 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\MSN6
2008-07-15 02:45 --------- d-----w C:\Program Files\BGroom
2008-07-15 01:41 --------- d-----w C:\Program Files\Elf Bowling - Hawaiian Vacation
2008-07-15 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-12 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-12 14:18 --------- d-----w C:\Program Files\Yahtzee
2005-01-28 15:02 63,360 ----a-w C:\Program Files\INDEX.pdf
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2005-09-05 21:06 182,333 --sh--w C:\WINDOWS\Fonts\cvsnib.bak1
2005-09-04 21:06 178,662 --sh--w C:\WINDOWS\Fonts\cvsnib.bak2
2005-09-03 02:58 180,049 --sh--w C:\WINDOWS\Fonts\Fonts\cbdolld.bak1
2005-10-17 06:50 350,936 --sha-w C:\WINDOWS\Microsoft.NET\siirba.bak1
2005-10-18 02:44 347,653 --sha-w C:\WINDOWS\Microsoft.NET\siirba.bak2
2005-10-18 02:57 347,791 --sha-w C:\WINDOWS\Microsoft.NET\siirba.ini2
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

------- Sigcheck -------

2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2003-09-25 11:49 560128 32173306185f603e75c477e117f3bb8d C:\WINDOWS\$NtServicePackUninstall$\user32.dll
2002-08-29 06:00 560128 dd9269230c21ee8fb7fd3fccc3b1cfcb C:\WINDOWS\$NtUninstallKB824141$\user32.dll
2004-08-04 02:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2004-08-04 02:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2004-06-17 12:58 560128 31fb2d788a9aa618452c02e8375b6dcd C:\WINDOWS\SoftwareDistribution\Download\453a5dd959bf8c3148eb54e4e1aff1d8\sp1qfe\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SYSTEM32\user32.dll
2007-03-08 10:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SYSTEM32\DLLCACHE\user32.dll

2004-09-29 13:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 12:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-03-10 02:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 18:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2006-03-03 22:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 00:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 06:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2006-09-14 03:31 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$hf_mig$\KB922760\SP2QFE\wininet.dll
2006-10-23 10:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$hf_mig$\KB925454\SP2QFE\wininet.dll
2007-01-04 09:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-20 04:52 665600 b258c922d22deec880b60720531d7627 C:\WINDOWS\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 07:46 665600 4261ba03afd659de04f0a17dfbdd454d C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 09:35 665600 e1a3dd68b5380b360a7310a64d9bb188 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 07:55 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 00:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-12-06 19:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
2008-02-16 04:32 666112 bb1eacd6ab47e78ebca02eb781550d55 C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 02:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
2004-09-29 13:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-01-27 12:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-03-10 03:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-09-02 18:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 22:33 658432 1c0979c7a489bee573cd0bf4ad94bb06 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 00:23 658432 38ab7a56f566d9aaad31812494944824 C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 06:02 658944 2b4db890936430c71419037039502752 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 03:39 658944 621af3f6174a3f60677f5230e28bcc07 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 10:17 658944 6b2735adff5a5d3b9130ca4a794722f0 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 08:37 658944 8c393df5234cbcbff1ee31902d6b40ae C:\WINDOWS\$NtUninstallKB931768$\wininet.dll
2007-02-20 04:48 658944 30d1c47e40efbb792ff8d3c3b51ce507 C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 07:31 658944 b7156cd97e739f3014bc4d61758f868a C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 09:09 658944 184e47c8f7b331025e6dc92740db188f C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 08:12 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 01:13 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-06 20:07 659456 57d1b5150cf6331fac6b3e04c1fcb966 C:\WINDOWS\$NtUninstallKB947864$\wininet.dll
2004-08-04 02:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2008-02-16 03:59 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\SYSTEM32\wininet.dll
2008-02-16 03:59 659456 0c690e77c0e924c45b4d7045b182fff1 C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2002-08-29 06:00 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys

2005-03-01 19:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 11:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 04:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2003-04-24 08:57 1949440 46ae6f2d416c39ffdcfc8bcb01203ea3 C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 00:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-01 19:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 07:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2002-08-29 02:04 1947904 0e8efb15746878a9b256e75267337233 C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2004-08-04 00:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2004-06-17 03:03 1954688 ed0d7a5f1138ccfd3ecaf8f6ac691f13 C:\WINDOWS\SoftwareDistribution\Download\453a5dd959bf8c3148eb54e4e1aff1d8\sp1qfe\ntkrnlpa.exe
2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2007-02-28 03:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe

2005-03-01 20:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 11:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 04:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-04-24 08:57 1925760 97ec4ab4650da6fc521cf16f8a6ddcb0 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 01:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 19:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 09:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2002-08-29 03:03 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2004-08-04 01:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2004-06-17 12:22 2051584 f240dc474f8edb2d95514d831df069e5 C:\WINDOWS\SoftwareDistribution\Download\453a5dd959bf8c3148eb54e4e1aff1d8\sp1qfe\ntoskrnl.exe
2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2007-02-28 04:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe

2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 06:00 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\SYSTEM32\DLLCACHE\explorer.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2002-08-29 06:00 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\SYSTEM32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40 524288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 01:07 114688]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 09:21 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\GameHouse\\Nick-Jigsaw\\NJigsaw.exe"=
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 09:21]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 09:21]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 09:21]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-30 09:35]
S1 Alicbrd;Alicbrd;C:\WINDOWS\system32\drivers\nulnpdxx.sys []
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-24 21:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9890d996-b44e-11d9-b2bb-00038a000015}]
\Shell\AutoRun\command - F:\start.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{86C2D4FA-1163-4423-8AC0-EA5DC4D28C8D} - C:\WINDOWS\System32\ialdmdev5.dll
BHO-{99c88a76-8fb5-4443-8439-4082b252d1b9} - C:\WINDOWS\system32\tapwbsfo.dll
Toolbar-{5A59502A-B0BE-4787-B836-98D46AD5D526} - (no file)
WebBrowser-{5A59502A-B0BE-4787-B836-98D46AD5D526} - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-RunServices-Microsoft Windows DLL Services Configuration - windir32.exe
Notify-abriis - C:\WINDOWS\Microsoft.NET\abriis.dll
Notify-binsvc - C:\WINDOWS\Fonts\binsvc.dll
Notify-combak - C:\WINDOWS\Sun\combak.dll
Notify-dllodbc - C:\WINDOWS\Fonts\Fonts\dllodbc.dll
Notify-doskb - C:\WINDOWS\ServicePackFiles\doskb.dll
Notify-fontutil - C:\WINDOWS\repair\fontutil.dll
Notify-hardreg - C:\WINDOWS\msagent\CHARS\hardreg.dll
Notify-msas - C:\WINDOWS\Help\starter\msas.dll
Notify-psinet - C:\WINDOWS\msagent\INTL\psinet.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zoltan Gyarfas\Application Data\Mozilla\Firefox\Profiles\ajflrngl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 08:31:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\25aa7a1b-7b49-419d-ac48-483eebe5e646.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\snmp.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\update\update.exe
.
**************************************************************************
.
Completion time: 2008-09-01 8:57:16 - machine was rebooted [Zoltan Gyarfas]
ComboFix-quarantined-files.txt 2008-09-01 13:56:57

Pre-Run: 2,792,341,504 bytes free
Post-Run: 3,057,266,688 bytes free

331 --- E O F --- 2008-04-11 08:04:57






After Comboifix, I re-booted and ran Hijack this ....here is log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:33 AM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Can You See What I See\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7320 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 01 September 2008 - 09:53 AM

Hi,

Combofix reports a hidden file in your temp folder, but that could be because Windows update was running at that time.
Also, I see a driver related with SpyArsenal or Wiretap present. This is a monitoring "spy" application designed to log all activity performed on the computer. This is in most cases installed by a person and not by malware. So do you have similar Spy application installed? Please let me know.
However, the C:\WINDOWS\system32\Drivers\HNPsSdk.drv is actually a legitimate driver and may be installed by legitimate programs as well...

Also, I see Realbar installed. I suggest you uninstall it since this one is not recommended.

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\Fonts\cvsnib.bak1
C:\WINDOWS\Fonts\cvsnib.bak2
C:\WINDOWS\Fonts\Fonts\cbdolld.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak2
C:\WINDOWS\Microsoft.NET\siirba.ini2
Driver::
Alicbrd
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Edited by miekiemoes, 01 September 2008 - 09:58 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 hockeysocdad

hockeysocdad
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 01 September 2008 - 12:04 PM

Hi,

The logger is possibly remnants of Home Key Logger or perhaps and AIM logger. (Need to keep one step ahead of some teenagers several years ago). I un-installed home key logger, but can't find AIM logger to uninstall.

Getting an error when startgin combofix ..... Cannot access specified device path .....hideExec.EV ....I click to accept and everything seems to start ok.
they can go ....not needed anymore

I installed some of the MS updates to try and get rid of the Icon, but holding off on service pack 3 until we are done here.



ComboFix 08-08-31.01 - Zoltan Gyarfas 2008-09-01 10:58:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.863 [GMT -5:00]
Running from: C:\Documents and Settings\Zoltan Gyarfas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zoltan Gyarfas\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Fonts\cvsnib.bak1
C:\WINDOWS\Fonts\cvsnib.bak2
C:\WINDOWS\Fonts\Fonts\cbdolld.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak2
C:\WINDOWS\Microsoft.NET\siirba.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dynamic Toolbar
C:\WINDOWS\Fonts\cvsnib.bak1
C:\WINDOWS\Fonts\cvsnib.bak2
C:\WINDOWS\Fonts\Fonts\cbdolld.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak1
C:\WINDOWS\Microsoft.NET\siirba.bak2
C:\WINDOWS\Microsoft.NET\siirba.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALICBRD
-------\Service_Alicbrd


((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 10:49 . 2008-06-23 11:57 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-09-01 10:49 . 2007-04-17 04:32 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-09-01 10:49 . 2007-03-08 00:10 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-09-01 10:49 . 2008-06-23 11:57 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-09-01 10:49 . 2008-06-23 11:57 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-09-01 10:49 . 2008-06-23 11:57 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-09-01 10:49 . 2008-06-23 11:57 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-09-01 10:49 . 2008-06-23 11:57 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-09-01 10:49 . 2008-06-23 04:20 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-09-01 08:50 . 2008-09-01 09:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\CatRoot_bak
2008-09-01 08:48 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-09-01 08:46 . 2008-05-01 09:30 331,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
2008-08-31 12:22 . 2008-08-31 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-30 21:11 . 2008-08-30 21:11 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-30 13:30 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-30 09:40 . 2008-08-31 07:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-30 09:35 . 2008-09-01 08:35 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\Avg
2008-08-30 09:35 . 2008-08-31 09:21 97,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys
2008-08-30 09:35 . 2008-08-30 09:35 76,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdix.sys
2008-08-30 09:35 . 2008-08-30 09:35 10,520 --a------ C:\WINDOWS\SYSTEM32\avgrsstx.dll
2008-08-30 09:34 . 2008-08-30 09:34 <DIR> d-------- C:\Program Files\AVG
2008-08-30 09:34 . 2008-08-30 09:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-28 18:32 . 2008-08-28 18:32 <DIR> d---s---- C:\Documents and Settings\Guest\UserData
2008-08-18 21:59 . 2008-08-18 21:59 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\acccore
2008-08-01 21:14 . 2008-08-01 21:16 <DIR> d-------- C:\Program Files\Can You See What I See

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-31 02:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-30 18:32 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-30 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-30 18:10 --------- d-----w C:\Program Files\Punch! Pro
2008-08-30 18:07 --------- d-----w C:\Program Files\Punch! Home Design - AS4000
2008-08-30 17:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-30 14:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-17 20:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 02:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-26 16:32 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\Playrix Entertainment
2008-07-26 16:31 --------- d-----w C:\Program Files\Fishdom
2008-07-19 15:51 --------- d-----w C:\Program Files\DDD Pool
2008-07-16 02:36 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\Talkback
2008-07-16 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-16 00:53 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\GameHouse
2008-07-16 00:52 --------- d-----w C:\Program Files\GameHouse
2008-07-15 18:09 --------- d-----w C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-07-15 18:03 --------- d-----w C:\Documents and Settings\Zoltan Gyarfas\Application Data\MSN6
2008-07-15 02:45 --------- d-----w C:\Program Files\BGroom
2008-07-15 01:41 --------- d-----w C:\Program Files\Elf Bowling - Hawaiian Vacation
2008-07-15 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-12 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-07-12 14:18 --------- d-----w C:\Program Files\Yahtzee
2005-01-28 15:02 63,360 ----a-w C:\Program Files\INDEX.pdf
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 1,028,096 --sha-w C:\WINDOWS\SYSTEM32\mfc42.dll
2004-08-04 07:56 54,784 --sh--w C:\WINDOWS\SYSTEM32\msvcirt.dll
2004-08-04 07:56 413,696 --sha-w C:\WINDOWS\SYSTEM32\msvcp60.dll
2004-08-04 07:56 343,040 --sha-w C:\WINDOWS\SYSTEM32\msvcrt.dll
2004-08-04 07:56 11,776 --sh--w C:\WINDOWS\SYSTEM32\regsvr32.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-01_ 8.55.45.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\I386\bthport.sys
+ 2004-08-04 07:56:41 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 07:56:41 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 07:56:41 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 07:56:42 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 07:56:50 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 07:56:42 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 07:56:42 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2002-08-29 11:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 07:56:42 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 07:56:42 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 07:56:50 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 07:56:42 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 07:56:53 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll.000
+ 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 07:56:14 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2002-08-29 11:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 07:56:44 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll.000
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 07:56:46 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll.000
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll.000
+ 2007-08-13 23:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe.000
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll.000
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll.000
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll.000
+ 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll.000
+ 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll.000
+ 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe.000
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll.000
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll.000
+ 2007-08-13 23:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll.000
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll.000
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll.000
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll.000
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 07:56:41 61,440 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
- 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
- 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\browseui.dll
- 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\SYSTEM32\cdfview.dll
- 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\danim.dll
+ 2007-08-13 23:39:20 71,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
+ 2008-06-23 16:57:27 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-06-20 10:44:38 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
- 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
- 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
+ 2007-08-13 23:42:54 17,408 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
- 2005-01-28 17:44:28 28,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
+ 2007-08-13 23:54:10 33,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
- 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
+ 2008-03-25 04:50:25 554,008 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll
- 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
- 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-13 23:18:02 60,416 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2008-02-15 09:23:37 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 23:44:02 69,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 23:45:18 78,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-08-13 23:39:12 55,296 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
+ 2008-06-23 09:20:52 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2007-08-13 23:36:06 36,352 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
- 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
- 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2007-12-18 14:40:58 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-08-13 23:44:18 40,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
+ 2008-06-24 16:23:05 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll
+ 2007-08-13 23:32:30 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2008-06-24 15:57:40 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-13 23:01:12 48,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll
- 2004-03-01 18:52:15 358,976 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll
+ 2008-03-27 08:12:54 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll
- 2002-08-29 11:00:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll
+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll
- 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll
+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll
+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll
- 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll
+ 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
- 2006-07-13 08:48:58 202,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
- 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
- 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
- 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
- 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
+ 2008-06-23 16:57:40 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
- 2007-12-18 14:40:58 417,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
+ 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
+ 2007-08-13 23:54:10 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
+ 2008-06-23 16:57:41 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-06-23 16:57:41 826,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
- 2004-08-04 06:14:14 138,496 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
+ 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys
- 2004-08-04 06:10:37 274,304 ------w C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
+ 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\SYSTEM32\DRIVERS\bthport.sys
- 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
+ 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\rmcast.sys
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
+ 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip6.sys
- 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ------w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ------w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\SYSTEM32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
- 2008-02-16 08:59:35 55,808 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2006-06-29 13:05:44 26,112 ------w C:\WINDOWS\SYSTEM32\idndl.dll
- 2004-08-04 07:56:50 34,304 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2004-08-04 07:56:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2004-08-04 07:56:42 216,576 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2002-08-29 11:00:00 221,184 ----a-w C:\WINDOWS\SYSTEM32\IEAKUI.DLL
+ 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2004-08-04 07:56:42 323,584 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2004-08-04 07:56:42 81,920 ------w C:\WINDOWS\SYSTEM32\ieencode.dll
+ 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2004-08-04 07:56:42 48,640 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2004-08-04 07:56:42 62,976 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ------w C:\WINDOWS\SYSTEM32\ieui.dll
- 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
- 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
- 2004-08-04 07:56:42 22,016 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2008-08-05 16:11:02 15,888,504 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
- 2004-08-04 07:56:43 512,029 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll
- 2004-08-04 07:56:43 319,517 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ------w C:\WINDOWS\SYSTEM32\msfeedssync.exe
- 2004-08-04 07:56:53 29,184 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
- 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-06-24 15:57:40 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ------w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-04 07:56:14 56,832 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
- 2004-08-04 07:56:43 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll
- 2004-03-01 18:52:15 358,976 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll
- 2004-08-04 07:56:43 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll
- 2004-08-04 07:56:43 53,279 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll
- 2004-08-04 07:56:43 241,693 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll
- 2002-08-29 11:00:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\MSLS31.DLL
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
- 2004-08-04 07:56:43 213,023 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll
- 2004-08-04 07:56:43 348,189 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll
- 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ------w C:\WINDOWS\SYSTEM32\msrating.dll
- 2004-08-04 07:56:43 421,919 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll
- 2004-08-04 07:56:43 315,423 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll
- 2004-08-04 07:56:43 552,989 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll
- 2004-08-04 07:56:43 258,077 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll
- 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
- 2004-08-04 07:56:44 831,519 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll
- 2004-08-04 07:56:44 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
- 2004-08-04 07:56:44 614,429 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll
- 2004-08-04 07:56:44 348,189 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll
+ 2006-06-28 22:59:26 24,576 ------w C:\WINDOWS\SYSTEM32\nlsdl.dll
+ 2006-06-29 13:05:44 23,552 ------w C:\WINDOWS\SYSTEM32\normaliz.dll
- 2004-08-04 07:56:44 96,256 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-06-23 16:57:40 102,912 ------w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ------w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
- 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\shdocvw.dll
- 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\SYSTEM32\shlwapi.dll
- 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
+ 2006-09-06 22:43:16 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
- 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
- 2004-08-04 07:56:46 49,152 ----a-w C:\WINDOWS\SYSTEM32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\SYSTEM32\wdigest.dll
- 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-08-13 23:45:16 206,336 ------w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
- 2008-02-16 08:59:39 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\SYSTEM32\xmllite.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\SYSTEM32\xpsp3res.dll
+ 2008-09-01 16:07:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6e4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 10:40 524288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17 50736]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 12:08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 01:07 114688]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2003-08-13 11:27 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2003-08-26 20:47 204800]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-31 09:21 1235736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\GameHouse\\Nick-Jigsaw\\NJigsaw.exe"=
"C:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-31 09:21]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 09:21]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 09:21]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-30 09:35]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-24 21:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9890d996-b44e-11d9-b2bb-00038a000015}]
\Shell\AutoRun\command - F:\start.exe
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 11:11:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
C:\WINDOWS\SYSTEM32\snmp.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-09-01 11:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-01 16:27:43
ComboFix2.txt 2008-09-01 13:57:19

Pre-Run: 3,580,719,104 bytes free
Post-Run: 3,568,713,728 bytes free

529 --- E O F --- 2008-09-01 15:51:03



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:59 AM, on 9/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Can You See What I See\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7226 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 01 September 2008 - 12:17 PM

Hi,

Yes, it may be a leftover from the AIM logger you had installed previously.
And it's normal that you may not find it to uninstall since these loggers are hidden, so no reference in add/remove programs as well.

To delete it...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\Drivers\HNPsSdk.drv
Folder::
C:\WINDOWS\System32\csvdea
Driver::
PSSdk21


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 hockeysocdad

hockeysocdad
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 02 September 2008 - 07:09 PM

Wow ...I think I got it ..... lots of hurdles ....

Combofix icon seemed to have been deleted off desktop ....had to reload.

Keep getting a warning (AVG and Combofix)...." Cannot access specified device path, file" .... HideExec.EV
Combofix seems to run ok after I aknowledge.
AVG does not let me heal (I think) ....only quarantine ...although it might have tried to heal it once.

Had lots of trouble with copy / paste ..... Combofix log seemed too big .. ... kept crashing Internet. .... finally I copy pasted in about six sections ... ...well that did not work wither ...too big to send ....so had to delete and zip it.



ComboFix 08-09-01.03 - Zoltan Gyarfas 2008-09-02 12:18:33.3 - NTFSx86

See attached zip file



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:02 PM, on 9/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Can You See What I See\Images\stg_drm.ocx
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Monopoly\Images\armhelper.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7267 bytes

Attached Files



#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 03 September 2008 - 02:10 AM

Hi,

You were actually supposed to disable your Antivirus during the Combofix run as it was posted in the instructions. Then you wouldn't have so many problems with it.
Also, I see you were performing a Windows update in between. That wasn't a good idea either.

Anyway, I see the driver is gone and AVG most probably deleted the file.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • Java™ 6 Update 5
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Then,

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 hockeysocdad

hockeysocdad
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 04 September 2008 - 05:58 AM

Hi,

Sorry about the mis - steps. I did turn off AVG and all other running items before running combofix, but each time Combofix re-booted the system automatically, they all started up before combofix would finish ..... perhaps there is a way to disable them from starting regardless of start-up ....but I did not think to look for that.

The timing on Windows update was a mistake in hindsight .... meant to do it before ...forgot ...then the icon was annoying me at reboot, so I gave in when waiting for next steps. ...my mistake.

I did the Java update and reboot.

Tried to run the combofix uninstall .....and NO Combofix ..... no ICON and run command could not find the program.
Searched for it in file manager, but not there, except for some combofix text files I saved.

Do I still need to get the settings updated ?? via the combofix uninstall ??

I tried to update Maleware bytes and run ..... update seemed to work ....bnut I got an error that it failed, although the date was changed in the update field.

Ran Maleware bytes and it found only 1 item ..... Trojan.Vundo and reports it successfully cleaned it

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 04 September 2008 - 06:21 AM

Tried to run the combofix uninstall .....and NO Combofix ..... no ICON and run command could not find the program.
Searched for it in file manager, but not there, except for some combofix text files I saved.

No problem. Just delete the C:\Qoobox folder if still present.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 hockeysocdad

hockeysocdad
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 06 September 2008 - 08:41 AM

miekiemoes,

THANKS MUCH .... seems to be healthy now ..... just got to do my file clean up, defrag, etc.

best regards

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 06 September 2008 - 09:15 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:50 PM

Posted 07 September 2008 - 07:12 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users