Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log - Please Help Diagnose.


  • Please log in to reply
7 replies to this topic

#1 SweePie0My

SweePie0My

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 17 September 2008 - 11:31 PM

I have had pop-ups in IE and Firefox the past 2 days, and have run Trend Micro, AVG, A-squared, and several other virus/spyware/malware programs. AVG is the only one I have left installed on my system as of now. Several viruses/trojans/worms were supposedly removed. I wound up having to 'repair' windows xp with the install disc. I'm not at all 100% confident that this juju virus (as a lack of what the actual name of this mess is) is actually gone! Here is a copy of the HijackThis log I ran right after windows finished repairing/reinstalling:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:23, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Mozilla Firefox\firefox.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {E786DFCA-83B6-41A9-9C17-610AC383E466} - C:\WINDOWS\system32\cbXOFVLD.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204888470453
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B19FDE22-5907-4315-B558-1D537E86C3E1} - http://www.flipviewer.com/exe/fv421.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.31.3/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.32...est/tt_test.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: geBroPJY - C:\WINDOWS\
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6817 bytes


Thank you all in advance for any help you can give me.

BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 18 September 2008 - 04:26 PM

HI

Your log only shows a couple of orphan registry keys ...

A repair install will only repair damaged system files, it wont remove malware files or registry entries ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 SweePie0My

SweePie0My
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 18 September 2008 - 07:46 PM

Steam, Thank you for replying! Here's the log files:

Malwarebytes' Anti-Malware 1.28
Database version: 1171
Windows 5.1.2600 Service Pack 2

9/18/2008 6:21:35 PM
mbam-log-2008-09-18 (18-21-35).txt

Scan type: Quick Scan
Objects scanned: 58472
Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 08-09-16.05 - NANCY 2008-09-18 18:25:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2680 [GMT -5:00]
Running from: C:\Documents and Settings\NANCY\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\NANCY\Cookies\nancy@a.hasbro[2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\DLVFOXbc.ini
C:\WINDOWS\system32\DLVFOXbc.ini2
C:\WINDOWS\system32\ekvcphmq.ini
C:\WINDOWS\system32\taskkill.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-17 23:01 . 2008-09-17 23:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 23:01 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 22:52 . 2004-08-04 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-17 22:51 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-09-17 22:49 . 2004-08-04 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-17 21:42 . 2008-09-18 18:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 21:42 . 2008-09-17 21:42 <DIR> d-------- C:\Documents and Settings\NANCY\Application Data\Malwarebytes
2008-09-17 21:42 . 2008-09-17 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 21:42 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 21:42 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 19:31 . 2008-09-18 07:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 19:14 . 2008-09-18 05:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 19:14 . 2008-09-17 19:14 <DIR> d-------- C:\Program Files\AVG
2008-09-17 19:14 . 2008-09-18 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 19:14 . 2008-09-17 19:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 19:14 . 2008-09-17 19:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 06:21 . 2008-09-17 06:41 1,794 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-17 06:11 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-17 06:11 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-17 06:11 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-17 06:11 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-17 06:11 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-17 06:11 . 2008-09-15 18:51 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-17 06:11 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-17 06:11 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-17 06:11 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-17 06:11 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 21:38 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-15 18:03 . 2008-09-15 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eAcceleration
2008-09-15 17:55 . 2006-02-01 17:09 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-15 17:55 . 2008-09-14 20:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HPAppData
2008-09-15 17:55 . 2006-02-01 18:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-15 17:55 . 2008-09-17 19:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-15 06:17 . 2008-09-15 06:17 16,384 --a------ C:\WINDOWS\DCEBoot.exe
2008-09-15 05:31 . 2008-09-15 05:31 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\HPAppData
2008-09-14 20:00 . 2008-09-14 20:00 5,753 --a------ C:\WINDOWS\system32\yawqhsll.dll
2008-09-14 19:58 . 2008-09-14 19:58 5,753 --a------ C:\WINDOWS\system32\fywwjcfn.dll
2008-09-14 07:45 . 2008-09-14 07:45 <DIR> d--hs---- C:\Documents and Settings\NANCY\PrivacIE
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Program Files\iPod
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 22:35 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 22:35 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 22:34 . 2008-09-13 22:34 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 22:32 . 2008-09-13 22:34 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-10 18:41 . 2008-09-10 18:41 <DIR> d-------- C:\Program Files\Microsoft Research
2008-09-09 07:15 . 2008-09-09 07:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-07 18:53 . 2008-09-14 20:12 <DIR> d-------- C:\Program Files\Coupons
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-25 19:31 . 2008-08-25 19:31 <DIR> d-------- C:\Documents and Settings\NANCY\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 23:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-17 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-17 02:22 --------- d-----w C:\Program Files\MSECACHE
2008-09-16 11:18 --------- d-----w C:\Documents and Settings\NANCY\Application Data\FrostWire
2008-09-16 10:47 --------- d-----w C:\Program Files\Viewpoint
2008-09-15 02:27 --------- d-----w C:\Program Files\Miuchiz
2008-09-15 00:54 --------- d-----w C:\Documents and Settings\NANCY\Application Data\BitTorrent
2008-09-14 03:33 --------- d-----w C:\Program Files\Apple Software Update
2008-09-09 12:14 --------- d-----w C:\Documents and Settings\NANCY\Application Data\AdobeUM
2008-09-07 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 01:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-26 01:00 --------- d-----w C:\Program Files\ArcSoft
2008-08-19 08:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 16:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-08 22:10 --------- d-----w C:\Documents and Settings\NANCY\Application Data\U3
2008-08-08 02:28 --------- d-----w C:\Program Files\Java
2008-07-24 22:46 --------- d-----w C:\Program Files\The ToonTown Spoofer Ultimate V4
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-10-30 531784]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^NANCY^Start Menu^Programs^Startup^Registration Dogz.LNK]
path=C:\Documents and Settings\NANCY\Start Menu\Programs\Startup\Registration Dogz.LNK
backup=C:\WINDOWS\pss\Registration Dogz.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 C:\Program Files\America Online 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
--a------ 2001-05-22 19:17 49152 c:\Program Files\Volume 2\Banner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 D:\COREL\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-10-30 19:52 531784 C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 18:51 133104 C:\Documents and Settings\NANCY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1152659955\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 06:24 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-12-13 01:29 8744960 C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2006-11-21 20:09 842584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-03-27 10:57 126104 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-04-27 20:27 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 22:29 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 02:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STacSV"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"Pml Driver"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"rpcapd"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"iPod Service"=3 (0x3)
"eac_productsvc"=2 (0x2)
"eac_notifysvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152659955\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152659955\\EE\\aolsoftware.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R1 totalio;TotalIO;C:\WINDOWS\system32\drivers\totalio.sys [2006-09-20 2358]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 awlbkkj;awlbkkj;C:\WINDOWS\system32\drivers\ydpk.sys [ ]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [ ]
S3 lc3pkt_2.1;LC3 Packet Driver;D:\Program Files\@stake\LC4\lc3pkt.sys [ ]
S4 eac_notifysvc;eAcceleration Notification Service;C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [ ]
S4 eac_productsvc;eAcceleration Product Manager Service;C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - sttray.exe
ShellExecuteHooks-{55737035-1B75-48DD-A4D8-66155D8AC7A3} - (no file)
Notify-geBroPJY - (no file)
MSConfigStartUp-98423dc4 - C:\WINDOWS\system32\qmhpcvke.dll
MSConfigStartUp-AIMPro - C:\Program Files\AIM\AIM Pro\aimpro.exe
MSConfigStartUp-BM9b710e58 - C:\WINDOWS\system32\fnxsawwy.dll
MSConfigStartUp-MegaPanel - C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
MSConfigStartUp-NetMeter - C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
MSConfigStartUp-pccguide - C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-UfSeAgnt - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
MSConfigStartUp-SigmatelSysTrayApp - sttray.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\NANCY\Application Data\Mozilla\Firefox\Profiles\463ym88s.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.pogo.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 18:29:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-18 18:36:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-18 23:35:18

Pre-Run: 9,518,329,856 bytes free
Post-Run: 10,427,600,896 bytes free

304 --- E O F --- 2008-09-18 04:36:54

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 September 2008 - 04:43 PM

Hi

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
File::
C:\WINDOWS\system32\yawqhsll.dll
C:\WINDOWS\system32\fywwjcfn.dll


Save this as "CFScript.txt"

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 SweePie0My

SweePie0My
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 19 September 2008 - 05:18 PM

Here's the latest Combofix log:

ComboFix 08-09-19.04 - NANCY 2008-09-19 17:10:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2819 [GMT -5:00]
Running from: C:\Documents and Settings\NANCY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\NANCY\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fywwjcfn.dll
C:\WINDOWS\system32\yawqhsll.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-19 13:25 . 2008-09-19 13:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-17 23:01 . 2008-09-17 23:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 23:01 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-17 22:52 . 2004-08-04 07:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-09-17 22:51 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-09-17 22:49 . 2004-08-04 07:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-17 22:49 . 2008-09-17 22:49 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-17 21:42 . 2008-09-18 18:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-17 21:42 . 2008-09-17 21:42 <DIR> d-------- C:\Documents and Settings\NANCY\Application Data\Malwarebytes
2008-09-17 21:42 . 2008-09-17 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-17 21:42 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-17 21:42 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-17 19:31 . 2008-09-18 07:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-09-17 19:14 . 2008-09-18 05:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-09-17 19:14 . 2008-09-17 19:14 <DIR> d-------- C:\Program Files\AVG
2008-09-17 19:14 . 2008-09-18 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-17 19:14 . 2008-09-17 19:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-17 19:14 . 2008-09-17 19:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-17 06:21 . 2008-09-17 06:41 1,794 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-17 06:11 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-17 06:11 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-17 06:11 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-17 06:11 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-17 06:11 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-17 06:11 . 2008-09-15 18:51 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-17 06:11 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-17 06:11 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-17 06:11 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-17 06:11 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-15 21:38 . 2008-09-17 19:29 <DIR> d-------- C:\Program Files\a-squared Anti-Malware
2008-09-15 18:03 . 2008-09-15 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\eAcceleration
2008-09-15 17:55 . 2006-02-01 17:09 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-09-15 17:55 . 2006-02-01 18:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-09-15 17:55 . 2008-09-17 19:14 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-15 06:17 . 2008-09-15 06:17 16,384 --a------ C:\WINDOWS\DCEBoot.exe
2008-09-14 19:51 . 2008-09-14 19:51 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\HPAppData
2008-09-14 07:45 . 2008-09-14 07:45 <DIR> d--hs---- C:\Documents and Settings\NANCY\PrivacIE
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Program Files\iTunes
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Program Files\iPod
2008-09-13 22:35 . 2008-09-13 22:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 22:35 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-13 22:35 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-13 22:34 . 2008-09-13 22:34 <DIR> d-------- C:\Program Files\QuickTime
2008-09-13 22:32 . 2008-09-13 22:34 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-10 18:41 . 2008-09-10 18:41 <DIR> d-------- C:\Program Files\Microsoft Research
2008-09-09 07:15 . 2008-09-09 07:15 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-07 18:53 . 2008-09-14 20:12 <DIR> d-------- C:\Program Files\Coupons
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-25 19:31 . 2008-08-25 19:31 <DIR> d-------- C:\Documents and Settings\NANCY\Application Data\Uniblue

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 17:59 --------- d-----w C:\Program Files\Hp
2008-09-17 23:56 --------- d-----w C:\Program Files\Trend Micro
2008-09-17 23:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-09-17 02:22 --------- d-----w C:\Program Files\MSECACHE
2008-09-16 11:18 --------- d-----w C:\Documents and Settings\NANCY\Application Data\FrostWire
2008-09-16 10:47 --------- d-----w C:\Program Files\Viewpoint
2008-09-15 02:27 --------- d-----w C:\Program Files\Miuchiz
2008-09-15 00:54 --------- d-----w C:\Documents and Settings\NANCY\Application Data\BitTorrent
2008-09-14 03:33 --------- d-----w C:\Program Files\Apple Software Update
2008-09-09 12:14 --------- d-----w C:\Documents and Settings\NANCY\Application Data\AdobeUM
2008-09-07 20:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 01:23 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-26 01:00 --------- d-----w C:\Program Files\ArcSoft
2008-08-19 08:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 16:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-10 15:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-08 22:10 --------- d-----w C:\Documents and Settings\NANCY\Application Data\U3
2008-08-08 02:28 --------- d-----w C:\Program Files\Java
2008-08-05 22:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-24 22:46 --------- d-----w C:\Program Files\The ToonTown Spoofer Ultimate V4
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-26 01:06 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_18.35.00.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 16:29:04 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 15:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
- 2006-05-25 16:29:04 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-25 15:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
- 2006-05-24 18:32:48 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 17:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2006-05-24 18:32:48 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2006-05-24 17:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
- 2004-08-04 05:56:42 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
- 2004-08-04 05:56:42 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
- 2004-08-04 05:56:42 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2005-01-28 18:44:28 28,672 -c--a-w C:\WINDOWS\ie7\custsat.dll
- 2006-09-14 08:31:26 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
- 2006-09-14 08:31:26 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
- 2006-09-14 08:31:26 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
- 2004-08-04 05:56:44 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
- 2004-08-04 05:56:52 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
- 2004-08-04 05:56:44 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
- 2004-08-04 05:56:44 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
- 2003-03-31 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
- 2004-08-04 05:56:44 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
- 2006-09-13 09:10:27 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
- 2004-08-04 05:56:44 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
- 2006-09-14 08:31:27 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2006-11-08 03:03:36 287,744 -c--a-w C:\WINDOWS\ie7\ieproxy.dll
- 2004-08-04 05:56:44 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
- 2004-08-04 05:56:44 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2006-11-08 03:03:36 180,736 -c--a-w C:\WINDOWS\ie7\ieui.dll
- 2004-08-04 05:56:52 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
- 2004-08-04 05:56:44 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
- 2006-09-14 08:31:27 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
- 2006-09-14 08:31:27 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
- 2004-08-04 05:56:44 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-10-17 17:58:32 12,288 -c--a-w C:\WINDOWS\ie7\msfeedssync.exe
- 2004-08-04 05:56:54 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
- 2006-09-14 08:31:30 3,058,688 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\ie7\mshtml.dll
- 2006-09-14 08:31:28 448,512 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
- 2004-08-04 05:56:16 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
- 2003-03-31 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
- 2006-09-14 08:31:28 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
- 2006-09-14 08:31:29 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
- 2004-08-04 05:56:46 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
- 2006-09-14 08:31:29 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
- 2006-11-08 03:04:18 31,856 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
- 2006-11-08 03:01:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
- 2004-08-04 05:56:48 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
- 2006-09-14 08:31:30 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\ie7\urlmon.dll
- 2004-08-04 05:56:48 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
- 2006-09-18 14:15:52 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\ie7\vgx.dll
- 2004-08-04 05:56:48 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2006-10-17 18:05:58 206,336 -c--a-w C:\WINDOWS\ie7\winfxdocobj.exe
- 2006-09-14 08:31:30 664,576 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
- 2004-08-04 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-13 23:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-04 12:00:00 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 23:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
- 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 23:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 12:00:00 35,328 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 23:42:54 17,408 -c--a-w C:\WINDOWS\system32\dllcache\corpol.dll
- 2005-01-28 18:44:28 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 23:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2008-06-23 15:38:30 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 15:38:30 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 15:38:30 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 23:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 23:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 23:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2008-06-23 15:38:31 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 23:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2004-08-04 12:00:00 93,184 -cs-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -cs-a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 23:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2008-06-23 15:38:31 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 23:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 23:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2008-06-23 15:38:31 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 23:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-06-23 15:38:33 3,059,712 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-13 23:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 15:38:33 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2008-06-23 15:38:33 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-13 23:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 15:38:33 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-13 23:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-13 23:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 15:38:33 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-13 23:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 15:38:34 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-12-18 14:40:58 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 23:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-13 23:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
- 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 15:38:34 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-13 23:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 15:38:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-13 23:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-13 22:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2004-08-04 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
- 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-13 23:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2004-08-04 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2008-08-22 08:06:24 36,864 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 23:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2006-11-08 03:03:36 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
+ 2007-08-13 23:54:10 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-12-04 00:39:16 67,984 ----a-w C:\WINDOWS\system32\Macromed\Download\Download.exe
+ 2007-12-03 21:39:18 59,717 ----a-w C:\WINDOWS\system32\Macromed\Download\Install.exe
- 2008-06-26 01:35:24 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-09-19 19:02:26 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
- 2006-10-17 17:58:32 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
+ 2007-08-13 23:36:40 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-13 23:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-13 23:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-13 23:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-13 23:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-13 23:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 23:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-10-17 18:05:58 206,336 ----a-w C:\WINDOWS\system32\winfxdocobj.exe
+ 2007-08-13 23:45:16 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-13 23:54:10 818,688 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-17 1235736]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2003-03-31 44032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-10-30 531784]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JDCT"= jl_jdct.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^NANCY^Start Menu^Programs^Startup^Registration Dogz.LNK]
path=C:\Documents and Settings\NANCY\Start Menu\Programs\Startup\Registration Dogz.LNK
backup=C:\WINDOWS\pss\Registration Dogz.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 C:\Program Files\America Online 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 17:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 07:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtariBanner]
--a------ 2001-05-22 19:17 49152 c:\Program Files\Volume 2\Banner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
--a------ 2007-10-30 19:52 16200 D:\COREL\CorelIOMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-10-30 19:52 531784 C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 18:51 133104 C:\Documents and Settings\NANCY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 19:52 50736 C:\Program Files\Common Files\AOL\1152659955\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2001-08-23 06:24 196608 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2005-12-13 01:29 8744960 C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2006-11-21 20:09 842584 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-03-27 10:57 126104 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2007-04-27 20:27 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-16 14:01 13529088 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 16:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-03 22:29 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 02:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"STacSV"=2 (0x2)
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"Pml Driver"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"rpcapd"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"iPod Service"=3 (0x3)
"eac_productsvc"=2 (0x2)
"eac_notifysvc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152659955\\EE\\AOLServiceHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Common Files\\AOL\\1152659955\\EE\\aolsoftware.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-17 97928]
R1 totalio;TotalIO;C:\WINDOWS\system32\drivers\totalio.sys [2006-09-20 2358]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-17 231704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 awlbkkj;awlbkkj;C:\WINDOWS\system32\drivers\ydpk.sys [ ]
S3 JL2005C;Dual Mode Camera;C:\WINDOWS\system32\Drivers\jl2005c.sys [ ]
S3 lc3pkt_2.1;LC3 Packet Driver;D:\Program Files\@stake\LC4\lc3pkt.sys [ ]
S4 eac_notifysvc;eAcceleration Notification Service;C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe [ ]
S4 eac_productsvc;eAcceleration Product Manager Service;C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\NANCY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 18:51]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 17:12:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-09-19 17:14:43
ComboFix-quarantined-files.txt 2008-09-19 22:13:41
ComboFix2.txt 2008-09-18 23:36:23

Pre-Run: 9,926,389,760 bytes free
Post-Run: 9,939,365,888 bytes free

527 --- E O F --- 2008-09-19 19:02:01

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 September 2008 - 06:19 PM

HI

Looking good :thumbsup:

how's the computer running ?

Please post a new hijackthis log

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 SweePie0My

SweePie0My
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 19 September 2008 - 06:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:26, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/activex...wareControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204888470453
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {B19FDE22-5907-4315-B558-1D537E86C3E1} - http://www.flipviewer.com/exe/fv421.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.31.3/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamem...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} (Toontown TestServer Installer ActiveX Control) - http://download.test.toontown.com/sv1.0.32...est/tt_test.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6285 bytes


Thanks for all your help, steam!

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 19 September 2008 - 06:51 PM

Hi

You're very welcome :thumbsup:

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

This will uninstall Combofix, delete any of its related folders and files (Qoobox, VundoFix Backups, Avenger, Deckard, _OTMoveIt), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then you're good to go :)

Before you leave the site ...

Please Have a look here at ways to keep your computer safe :-

Simple steps to keep your computer secure! By Grinler > http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

& here :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing :)

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users