Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Overclick.cn redirect spyware


  • This topic is locked This topic is locked
13 replies to this topic

#1 Kamioni

Kamioni

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 June 2009 - 10:40 AM

I recently contracted this Spyware program, and I do not know how to remove it. It basically redirects any links from google or yahoo search to a site called overclick.cn, and other various sites. It sometimes displays porn sites, so I want to remove this immediately. I tried running Malwarebytes Anti-Malware, Spyware Doctor, and ComboFix, but none of these fixed the problem. I also deleted all browser cache, and pretty much everything in the Temporary Internet Files folder but that didn't solve the issue either. I would appreciate any help in helping me remove this. Thanks!

=========================================

DDS (Ver_09-06-26.01) - NTFSx86
Run by Henry Chen at 11:30:09.81 on Tue 06/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1306 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Documents and Settings\Henry Chen\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.worldofwarcraft.com/index.xml
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9c2d1c4a-53d1-4103-b456-0288cba15861} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: {BBABDA67-BBC5-410F-A157-0C2E7D926D16} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Live Search Club Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\live search club toolbar\Toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\ign\download manager\dlm.exe /windowsstart /startifwork
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\henryc~1\applic~1\mozilla\firefox\profiles\kgrp1qbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\{5601b994-0e9b-4ce2-8ab9-ad1155f2abbd}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {524383FD-88EF-4C99-98B7-22BA4218778F} - c:\windows\system32\config\systemprofile\local settings\application data\{524383fd-88ef-4c99-98b7-22ba4218778f}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-5 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-12 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-4-13 28672]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-27 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-27 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-27 81288]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\program files\gravity\ro\npkycryp.sys --> c:\program files\gravity\ro\npkycryp.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-20 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-20 1079176]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\xdva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\xdva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]

=============== Created Last 30 ================

2009-06-30 11:06 <DIR> --d----- C:\HJT
2009-06-30 10:43 11 a------- C:\AuResult.ini
2009-06-30 08:53 <DIR> --d----- c:\program files\AVG
2009-06-30 08:48 <DIR> --d----- c:\docume~1\henryc~1\applic~1\AVG8
2009-06-29 22:11 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-29 21:56 <DIR> a-dshr-- C:\cmdcons
2009-06-29 21:47 161,792 a------- c:\windows\SWREG.exe
2009-06-29 21:47 155,136 a------- c:\windows\PEV.exe
2009-06-29 21:47 98,816 a------- c:\windows\sed.exe
2009-06-27 17:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-27 09:49 <DIR> --d----- c:\docume~1\henryc~1\applic~1\ZOO Digital Publishing
2009-06-27 09:42 <DIR> --d----- c:\program files\Guilty Gear X2
2009-06-26 15:34 4,128 a------- C:\INFCACHE.1
2009-06-26 15:33 59,904 a------- c:\windows\system32\zlib1.dll
2009-06-22 16:28 96 a---h--- c:\windows\system32\HsInfo.dat
2009-06-16 20:00 <DIR> --d----- c:\program files\CCP
2009-06-12 21:32 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-12 21:32 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-11 18:29 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-04 20:13 <DIR> --d----- C:\Warrior Epic
2009-05-31 12:25 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-31 12:25 <DIR> --d----- c:\program files\NHN USA

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-22 16:33 1,682 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-05-12 20:48 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-04-01 20:18 78,737 a------- c:\windows\War3Unin.dat
2008-04-30 22:28 1,654,869 a------- c:\docume~1\alluse~1\applic~1\DynuEncrypt.dll
2008-03-08 14:08 88 ---shr-- c:\docume~1\alluse~1\applic~1\2846E052C3.sys
2008-01-28 20:16 32 a----r-- c:\documents and settings\all users\hash.dat
2007-07-10 17:52 0 a------- c:\documents and settings\henry chen\WoW-2.0.7.6383-to-2.0.8.6403-enUS-patch.exe
2002-10-04 15:09 204,800 a------- c:\windows\inf\FXPlugin.dll
2008-08-25 17:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 11:31:48.50 ===============

BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 30 June 2009 - 10:59 AM

Hi,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
Please run DDS again after that post both logs it gives. Let me know if you are still getting redirected after this.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 June 2009 - 11:24 AM

Ok, I ran GooredFix, and Scanned and deleted, but I am still getting the redirects. Here are the logs you requested:

=============
GooredFix v1.92 by jpshortstuff
Log created at 12:13 on 30/06/2009 running Option #2 (Henry Chen)
Firefox version 3.0.11 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{524383FD-88EF-4C99-98B7-22BA4218778F}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{524383FD-88EF-4C99-98B7-22BA4218778F}\"
->Backing up value... Done.
->Deleting value... Done.

C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{524383FD-88EF-4C99-98B7-22BA4218778F}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.11\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

===============

Edited by Kamioni, 30 June 2009 - 11:37 AM.


#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 30 June 2009 - 11:28 AM

Can I see a the DDS.txt log please?

Are you getting these redirects in both Internet Explorer and Firefox?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 June 2009 - 11:42 AM

Woops, posted Attach.txt instead of DDS.txt. Sorry about that. And yes, it does occur in both IE and Firefox. Here is the DDS:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Henry Chen at 12:38:34.06 on Tue 06/30/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1376 [GMT -4:00]

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Henry Chen\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uLocal Page = \blank.htm
uStart Page = hxxp://www.worldofwarcraft.com/index.xml
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {9c2d1c4a-53d1-4103-b456-0288cba15861} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: {BBABDA67-BBC5-410F-A157-0C2E7D926D16} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Live Search Club Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\live search club toolbar\Toolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\ign\download manager\dlm.exe /windowsstart /startifwork
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\henryc~1\applic~1\mozilla\firefox\profiles\kgrp1qbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\{5601b994-0e9b-4ce2-8ab9-ad1155f2abbd}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\flashplugin@idm\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\documents and settings\henry chen\application data\mozilla\firefox\profiles\kgrp1qbr.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-5 1247600]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-12 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-4-13 28672]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-27 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-27 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-27 81288]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\program files\gravity\ro\npkycryp.sys --> c:\program files\gravity\ro\npkycryp.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-20 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-20 1079176]
S3 XDva011;XDva011;\??\c:\windows\system32\xdva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\xdva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\xdva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\xdva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\xdva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\xdva275.sys --> c:\windows\system32\XDva275.sys [?]

=============== Created Last 30 ================

2009-06-30 11:06 <DIR> --d----- C:\HJT
2009-06-30 10:43 11 a------- C:\AuResult.ini
2009-06-30 08:53 <DIR> --d----- c:\program files\AVG
2009-06-30 08:48 <DIR> --d----- c:\docume~1\henryc~1\applic~1\AVG8
2009-06-29 22:11 <DIR> --d----- c:\windows\system32\dllcache\cache
2009-06-29 21:56 <DIR> a-dshr-- C:\cmdcons
2009-06-29 21:47 161,792 a------- c:\windows\SWREG.exe
2009-06-29 21:47 155,136 a------- c:\windows\PEV.exe
2009-06-29 21:47 98,816 a------- c:\windows\sed.exe
2009-06-27 17:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-27 09:49 <DIR> --d----- c:\docume~1\henryc~1\applic~1\ZOO Digital Publishing
2009-06-27 09:42 <DIR> --d----- c:\program files\Guilty Gear X2
2009-06-26 15:34 4,128 a------- C:\INFCACHE.1
2009-06-26 15:33 59,904 a------- c:\windows\system32\zlib1.dll
2009-06-22 16:28 96 a---h--- c:\windows\system32\HsInfo.dat
2009-06-16 20:00 <DIR> --d----- c:\program files\CCP
2009-06-12 21:32 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-12 21:32 <DIR> --d----- c:\program files\Microsoft WSE
2009-06-11 18:29 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-04 20:13 <DIR> --d----- C:\Warrior Epic

==================== Find3M ====================

2009-06-17 11:27 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 11:27 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-26 17:31 58,800 a------- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-22 16:33 1,682 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-05-12 20:48 710,064 a------- c:\windows\system32\ijjiSetup.exe
2009-04-01 20:18 78,737 a------- c:\windows\War3Unin.dat
2008-04-30 22:28 1,654,869 a------- c:\docume~1\alluse~1\applic~1\DynuEncrypt.dll
2008-03-08 14:08 88 ---shr-- c:\docume~1\alluse~1\applic~1\2846E052C3.sys
2008-01-28 20:16 32 a----r-- c:\documents and settings\all users\hash.dat
2007-07-10 17:52 0 a------- c:\documents and settings\henry chen\WoW-2.0.7.6383-to-2.0.8.6403-enUS-patch.exe
2002-10-04 15:09 204,800 a------- c:\windows\inf\FXPlugin.dll
2008-08-25 17:18 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082520080826\index.dat

============= FINISH: 12:40:08.76 ===============

#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 30 June 2009 - 11:52 AM

Hi,

No worries, easy mistake to make. I notice you are using Limewire - this is a sure-fire way to get yourself infected.

Download ComboFix by sUBs from here or here

Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

**Save it to your desktop**

We need to disable one or more of your security programs so that they do not interfere with ComboFix.

Please disable your security programs via their System Tray icons.

Double click on ComboFix.exe & follow the prompts. If you are prompted to install the Recovery Console I recommend you go ahead and hit yes.
When finished, it shall produce a log for you. Please save that log to post in your next reply along with a fresh HJT log

Notes:
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
  • ComboFix disconnects your machine from the internet when it runs. This connection should be automatically restored when ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by jpshortstuff, 30 June 2009 - 11:52 AM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 June 2009 - 01:01 PM

Ok, I did as you asked. I had to restart my modem, computer, and router, and repair my network to access the internet. Here are the logs you requested. And thanks again for all your help.

ComboFix 09-06-29.07 - Henry Chen 06/30/2009 13:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1619 [GMT -4:00]
Running from: c:\documents and settings\Henry Chen\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\hjgruianucbjma.sys
c:\windows\system32\hjgruikownmwqj.dat
c:\windows\system32\hjgruioykysoav.dll
c:\windows\system32\hjgruiuhwlfuvr.dat
c:\windows\system32\hjgruixnflqcbj.dll

----- BITS: Possible infected sites -----

hxxp://ccp.vo.llnwd.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruibkfarmqy
-------\Service_hjgruibkfarmqy


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 15:06 . 2009-06-30 15:08 -------- d-----w- C:\HJT
2009-06-30 12:53 . 2009-06-30 12:53 -------- d-----w- c:\program files\AVG
2009-06-30 12:48 . 2009-06-30 12:48 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\AVG8
2009-06-27 21:05 . 2009-06-27 21:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-27 21:04 . 2009-06-27 21:04 152576 ----a-w- c:\documents and settings\Henry Chen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-27 13:49 . 2009-06-27 13:49 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\ZOO Digital Publishing
2009-06-27 13:42 . 2009-06-27 13:47 -------- d-----w- c:\program files\Guilty Gear X2
2009-06-26 19:33 . 2005-07-18 15:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2009-06-22 20:28 . 2009-06-23 14:33 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-06-17 00:00 . 2009-06-17 00:00 -------- d-----w- c:\program files\CCP
2009-06-13 01:32 . 2009-06-13 01:32 10134 ----a-r- c:\documents and settings\Henry Chen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-13 01:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-13 01:32 . 2009-06-13 01:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-05 00:13 . 2009-06-28 18:12 -------- d-----w- C:\Warrior Epic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 17:19 . 2008-02-15 00:54 -------- d-----w- c:\program files\DNA
2009-06-30 17:19 . 2008-02-15 00:54 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\DNA
2009-06-30 14:58 . 2006-12-05 09:07 -------- d-----w- c:\program files\Java
2009-06-30 13:00 . 2008-08-12 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-30 00:07 . 2007-09-28 23:03 -------- d-----w- c:\program files\StepMania
2009-06-29 22:59 . 2007-12-27 22:49 -------- d-----w- c:\program files\NoAdware5.0
2009-06-29 22:42 . 2007-01-15 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 22:34 . 2007-12-27 23:03 -------- d-----w- c:\program files\Spyware Doctor
2009-06-29 20:40 . 2008-12-21 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:35 . 2009-01-08 23:32 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-29 20:30 . 2007-01-14 20:20 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\IGN_DLM
2009-06-29 17:09 . 2007-01-15 15:06 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\BitTorrent
2009-06-27 21:15 . 2008-06-03 20:36 -------- d-----w- c:\program files\Steam
2009-06-25 17:17 . 2007-09-15 18:20 -------- d-----w- c:\program files\NCSoft
2009-06-25 17:16 . 2007-03-17 00:31 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\GetRightToGo
2009-06-25 17:16 . 2008-04-21 18:37 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Xfire
2009-06-25 13:30 . 2008-04-21 18:37 -------- d-----w- c:\program files\Xfire
2009-06-22 15:32 . 2008-03-26 22:42 -------- d-----w- c:\program files\Windower
2009-06-22 13:53 . 2006-12-05 09:30 73184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 13:32 . 2009-01-26 13:56 -------- d-----w- c:\program files\Gravity
2009-06-22 13:32 . 2006-12-05 09:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 01:32 . 2008-05-23 23:04 -------- d-----w- c:\program files\Neffy
2009-06-21 01:25 . 2009-04-13 12:58 -------- d-----w- c:\program files\Bonjour
2009-06-21 01:22 . 2009-02-19 00:14 -------- d-----w- c:\program files\Pando Networks
2009-06-21 01:02 . 2009-02-16 21:11 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Move Networks
2009-06-17 15:27 . 2008-12-21 00:25 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-21 00:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:06 . 2007-11-12 18:29 -------- d-----w- c:\program files\AIM6
2009-06-14 14:06 . 2006-12-05 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 14:06 . 2006-12-05 09:16 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-13 00:48 . 2007-10-06 21:23 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-10 21:24 . 2009-05-10 21:24 -------- d-----w- c:\program files\Firaxis Games
2009-05-02 17:33 . 2009-05-02 16:29 -------- d-----w- c:\program files\TotalMovieConverter
2009-05-02 16:29 . 2009-05-02 16:29 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Softplicity
2009-05-02 16:18 . 2009-05-02 16:18 -------- d-----w- c:\program files\Windows Media Components
2009-05-02 16:02 . 2009-05-02 16:02 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\vlc
2009-05-02 16:01 . 2009-05-02 16:01 -------- d-----w- c:\program files\VideoLAN
2009-05-02 15:21 . 2009-05-02 15:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-13 12:54 . 2009-04-13 12:54 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 00:18 . 2007-12-29 16:54 78737 ----a-w- c:\windows\War3Unin.dat
2009-03-11 22:20 . 2009-03-11 22:20 208384 ----a-w- c:\program files\mozilla firefox\plugins\uc_rohan_launching.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_02.11.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 17:19 . 2009-06-30 17:19 16384 c:\windows\Temp\Perflib_Perfdata_9cc.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-07 21:42 . 2009-06-29 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-07 21:42 . 2009-06-29 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-07 21:42 . 2009-06-29 22:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-30 13:01 . 2009-06-30 13:08 22206 c:\windows\SoftwareDistribution\EventCache\{84F107FD-EFA1-4E6C-AE44-72BEF6E28FC8}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2009-05-14 1103216]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Steam\\steamapps\\christianmeno\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19824:TCP"= 19824:TCP:BitComet 19824 TCP
"19824:UDP"= 19824:UDP:BitComet 19824 UDP
"23959:TCP"= 23959:TCP:BitComet 23959 TCP
"23959:UDP"= 23959:UDP:BitComet 23959 UDP
"25331:TCP"= 25331:TCP:BitComet 25331 TCP
"25331:UDP"= 25331:UDP:BitComet 25331 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/12/2007 2:31 PM 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [4/13/2009 9:33 AM 28672]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 npkycryp;npkycryp;\??\c:\program files\Gravity\RO\npkycryp.sys --> c:\program files\Gravity\RO\npkycryp.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/20/2008 4:20 PM 356920]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys --> c:\windows\system32\XDva011.sys [?]
S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]
S3 XDva090;XDva090;\??\c:\windows\system32\XDva090.sys --> c:\windows\system32\XDva090.sys [?]
S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\XDva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva158;XDva158;\??\c:\windows\system32\XDva158.sys --> c:\windows\system32\XDva158.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva275;XDva275;\??\c:\windows\system32\XDva275.sys --> c:\windows\system32\XDva275.sys [?]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9c2d1c4a-53d1-4103-b456-0288cba15861} - (no file)
BHO-{BBABDA67-BBC5-410F-A157-0C2E7D926D16} - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.worldofwarcraft.com/index.xml
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 13:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3730782852-1421294670-1690706563-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-3730782852-1421294670-1690706563-1006\Software\SecuROM\License information*]
"datasecu"=hex:83,ae,34,3a,6a,d7,f4,5f,b7,92,18,22,7f,dc,19,9b,b4,e4,ad,b0,4d,
92,e3,16,7f,70,97,06,6f,ae,e4,26,75,10,45,7a,c7,00,a3,48,24,84,9c,2a,57,00,\
"rkeysecu"=hex:7a,d3,fc,53,88,2d,a3,82,d5,fc,59,3b,58,a8,f3,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-06-30 13:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 17:26
ComboFix2.txt 2009-06-30 02:15

Pre-Run: 27,937,456,128 bytes free
Post-Run: 27,851,522,048 bytes free

264 --- E O F --- 2008-12-21 00:23

And here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:30 PM, on 6/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.worldofwarcraft.com/index.xml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061205
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {9c2d1c4a-53d1-4103-b456-0288cba15861} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: (no name) - {BBABDA67-BBC5-410F-A157-0C2E7D926D16} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IntelŪ Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9871 bytes

Edited by Kamioni, 30 June 2009 - 01:02 PM.


#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 30 June 2009 - 01:07 PM

Right, let's see if we can clear this up. Are you using an AntiVirus program?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
npggsvc
npkycryp
XDva011
XDva020
XDva090
XDva098
XDva119
XDva158
XDva164
XDva190
XDva275

Registry::
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {9c2d1c4a-53d1-4103-b456-0288cba15861} - (no file)
O2 - BHO: (no name) - {BBABDA67-BBC5-410F-A157-0C2E7D926D16} - (no file)
O3 - Toolbar: Live Search Club Toolbar - {719D74AB-1AF9-43a1-8C62-D8750628D93E} - C:\Program Files\Live Search Club Toolbar\Toolbar.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt.
Please update your Java, then run the following online scan.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Let me know how things are running now.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 30 June 2009 - 07:50 PM

Done. And currently, all antivirus programs are off, for the purpose of the scanning.The Kaspersky log is attached, since it isn't a text file. Combofix Log:

ComboFix 09-06-29.07 - Henry Chen 06/30/2009 14:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1509 [GMT -4:00]
Running from: c:\documents and settings\Henry Chen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Henry Chen\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XDVA011
-------\Legacy_XDVA020
-------\Legacy_XDVA090
-------\Legacy_XDVA098
-------\Legacy_XDVA119
-------\Legacy_XDVA158
-------\Legacy_XDVA164
-------\Legacy_XDVA190
-------\Legacy_XDVA275
-------\Service_npggsvc
-------\Service_npkycryp
-------\Service_XDva011
-------\Service_XDva020
-------\Service_XDva090
-------\Service_XDva098
-------\Service_XDva119
-------\Service_XDva158
-------\Service_XDva164
-------\Service_XDva190
-------\Service_XDva275


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.

2009-06-30 15:06 . 2009-06-30 18:00 -------- d-----w- C:\HJT
2009-06-30 13:06 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-30 13:06 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-06-30 13:06 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-06-30 13:06 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-06-30 13:06 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-30 13:06 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-30 13:06 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-30 13:06 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-30 13:06 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-06-30 13:06 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-06-30 13:02 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-30 13:02 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-30 12:53 . 2009-06-30 12:53 -------- d-----w- c:\program files\AVG
2009-06-30 12:48 . 2009-06-30 12:48 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\AVG8
2009-06-27 21:05 . 2009-06-27 21:05 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-27 21:04 . 2009-06-27 21:04 152576 ----a-w- c:\documents and settings\Henry Chen\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-27 13:49 . 2009-06-27 13:49 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\ZOO Digital Publishing
2009-06-27 13:42 . 2009-06-27 13:47 -------- d-----w- c:\program files\Guilty Gear X2
2009-06-26 19:33 . 2005-07-18 15:25 59904 ----a-w- c:\windows\system32\zlib1.dll
2009-06-22 20:28 . 2009-06-23 14:33 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-06-17 00:00 . 2009-06-17 00:00 -------- d-----w- c:\program files\CCP
2009-06-13 01:32 . 2009-06-13 01:32 10134 ----a-r- c:\documents and settings\Henry Chen\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-13 01:32 . 2008-09-04 18:17 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-06-13 01:32 . 2009-06-13 01:32 -------- d-----w- c:\program files\Microsoft WSE
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-05 00:13 . 2009-06-30 18:05 -------- d-----w- C:\Warrior Epic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 18:58 . 2008-02-15 00:54 -------- d-----w- c:\program files\DNA
2009-06-30 18:58 . 2008-02-15 00:54 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\DNA
2009-06-30 17:48 . 2006-12-05 09:21 -------- d-----w- c:\program files\Microsoft Works
2009-06-30 14:58 . 2006-12-05 09:07 -------- d-----w- c:\program files\Java
2009-06-30 13:00 . 2008-08-12 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2009-06-30 00:07 . 2007-09-28 23:03 -------- d-----w- c:\program files\StepMania
2009-06-29 22:59 . 2007-12-27 22:49 -------- d-----w- c:\program files\NoAdware5.0
2009-06-29 22:42 . 2007-01-15 14:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 22:34 . 2007-12-27 23:03 -------- d-----w- c:\program files\Spyware Doctor
2009-06-29 20:40 . 2008-12-21 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:35 . 2009-01-08 23:32 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-29 20:30 . 2007-01-14 20:20 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\IGN_DLM
2009-06-29 17:09 . 2007-01-15 15:06 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\BitTorrent
2009-06-27 21:15 . 2008-06-03 20:36 -------- d-----w- c:\program files\Steam
2009-06-25 17:17 . 2007-09-15 18:20 -------- d-----w- c:\program files\NCSoft
2009-06-25 17:16 . 2007-03-17 00:31 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\GetRightToGo
2009-06-25 17:16 . 2008-04-21 18:37 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Xfire
2009-06-25 13:30 . 2008-04-21 18:37 -------- d-----w- c:\program files\Xfire
2009-06-22 15:32 . 2008-03-26 22:42 -------- d-----w- c:\program files\Windower
2009-06-22 13:53 . 2006-12-05 09:30 73184 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 13:32 . 2009-01-26 13:56 -------- d-----w- c:\program files\Gravity
2009-06-22 13:32 . 2006-12-05 09:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 01:32 . 2008-05-23 23:04 -------- d-----w- c:\program files\Neffy
2009-06-21 01:25 . 2009-04-13 12:58 -------- d-----w- c:\program files\Bonjour
2009-06-21 01:22 . 2009-02-19 00:14 -------- d-----w- c:\program files\Pando Networks
2009-06-21 01:02 . 2009-02-16 21:11 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Move Networks
2009-06-17 15:27 . 2008-12-21 00:25 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2008-12-21 00:25 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:06 . 2007-11-12 18:29 -------- d-----w- c:\program files\AIM6
2009-06-14 14:06 . 2006-12-05 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-14 14:06 . 2006-12-05 09:16 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-05-13 00:48 . 2007-10-06 21:23 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-10 21:24 . 2009-05-10 21:24 -------- d-----w- c:\program files\Firaxis Games
2009-05-07 15:32 . 2005-08-16 09:18 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 17:33 . 2009-05-02 16:29 -------- d-----w- c:\program files\TotalMovieConverter
2009-05-02 16:29 . 2009-05-02 16:29 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\Softplicity
2009-05-02 16:18 . 2009-05-02 16:18 -------- d-----w- c:\program files\Windows Media Components
2009-05-02 16:02 . 2009-05-02 16:02 -------- d-----w- c:\documents and settings\Henry Chen\Application Data\vlc
2009-05-02 16:01 . 2009-05-02 16:01 -------- d-----w- c:\program files\VideoLAN
2009-05-02 15:21 . 2009-05-02 15:21 -------- d-----w- c:\program files\Windows Media Connect 2
2009-04-29 04:56 . 2005-08-16 09:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2005-08-16 09:18 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-08-16 09:18 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-13 12:54 . 2009-04-13 12:54 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-02 00:18 . 2007-12-29 16:54 78737 ----a-w- c:\windows\War3Unin.dat
2009-03-11 22:20 . 2009-03-11 22:20 208384 ----a-w- c:\program files\mozilla firefox\plugins\uc_rohan_launching.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-30_02.11.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-30 18:58 . 2009-06-30 18:58 16384 c:\windows\Temp\Perflib_Perfdata_1c8.dat
- 2005-08-17 02:06 . 2007-08-11 00:46 26488 c:\windows\system32\spupdsvc.exe
+ 2005-08-17 02:06 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2009-05-02 15:21 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2005-08-16 09:18 . 2009-02-03 19:59 56832 c:\windows\system32\secur32.dll
+ 2005-08-16 09:18 . 2009-02-06 10:39 35328 c:\windows\system32\sc.exe
+ 2005-08-16 09:18 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2005-08-16 09:18 . 2009-06-30 17:56 72096 c:\windows\system32\perfc009.dat
- 2005-08-16 09:18 . 2009-06-29 22:35 72096 c:\windows\system32\perfc009.dat
- 2005-08-16 09:37 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
+ 2005-08-16 09:37 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
+ 2005-08-16 09:18 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2005-08-16 09:37 . 2008-04-14 00:11 58880 c:\windows\system32\msdtclog.dll
+ 2005-08-16 09:37 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2003-09-04 18:14 . 2003-09-04 19:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe
+ 2003-09-04 18:14 . 2003-09-04 18:14 94208 c:\windows\system32\Macromed\Flash\GetFlash.exe
- 2005-08-16 09:18 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 08:26 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 08:26 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
+ 2005-08-16 09:18 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
- 2005-08-16 09:18 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2005-08-16 09:18 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 16:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
- 2006-10-17 16:58 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-12-05 09:08 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-09 05:47 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 05:47 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-12-05 09:08 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-05-09 05:47 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-05-09 05:47 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2006-11-07 08:26 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-11-07 08:26 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-04-29 04:55 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2006-11-07 08:26 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-11-07 08:26 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
- 2006-12-07 21:42 . 2009-06-29 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-07 21:42 . 2009-06-29 22:04 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-07 21:42 . 2009-06-29 22:04 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-12-07 21:42 . 2009-06-30 12:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-30 17:44 . 2009-06-30 17:49 14648 c:\windows\SoftwareDistribution\EventCache\{92022046-3B1C-4576-9CAE-858E428C2630}.bin
- 2006-12-05 09:21 . 2008-12-15 02:01 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2006-12-05 09:21 . 2009-06-30 17:48 17534 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\gtngstrtd.exe
+ 2006-12-05 09:21 . 2009-06-30 17:48 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_B8B1511D9331_467C_9B1B_E8204012E95B.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-12-05 09:21 . 2009-06-30 17:48 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-12-05 09:21 . 2009-06-30 17:48 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 65536 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-30 17:44 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-30 17:44 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-30 17:44 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
+ 2006-12-05 09:21 . 2009-06-30 17:48 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\WSBico.exe
+ 2006-12-05 09:21 . 2009-06-30 17:48 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 4710 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\Win2Kico.exe
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
+ 2005-08-16 09:19 . 2008-06-18 09:03 938496 c:\windows\system32\WMNetmgr.dll
+ 2005-08-16 09:19 . 2007-10-27 21:40 222720 c:\windows\system32\wmasf.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2005-08-16 09:18 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
+ 2005-08-16 09:37 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-08-16 09:37 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-08-16 09:37 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2005-08-16 09:18 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2005-08-16 09:18 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
+ 2005-08-16 09:18 . 2009-02-09 12:10 401408 c:\windows\system32\rpcss.dll
- 2005-08-16 09:18 . 2009-06-29 22:35 443274 c:\windows\system32\perfh009.dat
+ 2005-08-16 09:18 . 2009-06-30 17:56 443274 c:\windows\system32\perfh009.dat
- 2005-08-16 09:18 . 2008-04-14 00:12 284160 c:\windows\system32\pdh.dll
+ 2005-08-16 09:18 . 2009-03-06 14:22 284160 c:\windows\system32\pdh.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
+ 2005-08-16 09:18 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
+ 2005-08-16 09:19 . 2006-12-04 20:21 414720 c:\windows\system32\msscp.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2005-08-16 09:37 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
- 2005-08-16 09:37 . 2008-04-14 00:11 161792 c:\windows\system32\msdtcuiu.dll
- 2005-08-16 09:37 . 2008-04-14 00:11 956928 c:\windows\system32\msdtctm.dll
+ 2005-08-16 09:37 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
+ 2005-08-16 09:37 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
+ 2006-12-08 00:41 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
- 2005-08-16 09:19 . 2006-10-19 00:03 100864 c:\windows\system32\logagent.exe
+ 2005-08-16 09:19 . 2008-06-18 05:09 100864 c:\windows\system32\logagent.exe
+ 2005-08-16 09:18 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2006-10-17 16:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
- 2006-10-17 16:27 . 2008-10-16 20:38 383488 c:\windows\system32\ieapfltr.dll
- 2005-08-16 09:18 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
+ 2005-08-16 09:18 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
+ 2005-08-16 09:27 . 2009-06-30 17:51 273376 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 09:27 . 2009-06-26 23:01 273376 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 09:18 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2005-08-16 09:18 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2008-06-11 07:58 . 2008-06-18 09:03 938496 c:\windows\system32\dllcache\WMNetmgr.dll
+ 2007-10-27 22:39 . 2007-10-27 21:40 222720 c:\windows\system32\dllcache\wmasf.dll
+ 2006-12-05 09:08 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-08 02:03 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 17:05 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 17:05 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
+ 2008-10-14 21:12 . 2008-12-11 10:57 333952 c:\windows\system32\dllcache\srv.sys
+ 2008-12-05 06:54 . 2008-12-05 06:54 144896 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2006-10-17 17:04 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 17:04 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2006-12-05 09:08 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-12-05 09:08 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-12-05 09:08 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2007-05-09 05:47 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2007-05-09 05:47 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
- 2008-06-11 07:47 . 2006-10-19 00:03 100864 c:\windows\system32\dllcache\logagent.exe
+ 2008-06-11 07:47 . 2008-06-18 05:09 100864 c:\windows\system32\dllcache\logagent.exe
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-03-21 14:06 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-17 17:04 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 05:47 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 08:27 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2007-05-09 05:47 . 2008-10-16 20:38 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2007-05-09 05:47 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2006-11-07 08:25 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
- 2006-11-07 08:25 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 08:27 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:27 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 08:26 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2006-11-07 08:26 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-12-05 09:08 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-12-05 09:08 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-12-05 09:08 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-12-05 09:08 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 08:26 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 08:26 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2005-08-16 09:18 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2005-08-16 09:18 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
- 2005-08-16 09:18 . 2008-04-14 00:11 617472 c:\windows\system32\advapi32.dll
+ 2005-08-16 09:18 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
+ 2006-12-05 09:21 . 2009-06-30 17:48 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
- 2006-12-05 09:21 . 2008-12-15 02:01 184320 c:\windows\Installer\{6D52C408-B09A-4520-9B18-475B81D393F1}\_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2006-06-04 23:20 . 2006-06-04 23:20 929792 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20987_wkwpqd.dll
+ 2006-06-04 23:20 . 2006-06-04 23:20 147456 c:\windows\Installer\$PatchCache$\Managed\804C25D6A90B0254B98174B5183D391F\8.5.818\F20985_wkwpqrtf.dll
+ 2005-08-16 09:19 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-30 17:44 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-30 17:44 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-30 17:44 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-30 17:44 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-30 17:44 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2005-08-16 09:19 . 2008-06-18 09:03 2458112 c:\windows\system32\WMVCore.dll
+ 2005-08-16 09:18 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
- 2005-08-16 09:18 . 2008-04-14 00:12 8461312 c:\windows\system32\shell32.dll
+ 2005-08-16 09:18 . 2008-06-17 19:02 8461312 c:\windows\system32\shell32.dll
+ 2005-08-16 09:18 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
- 2005-08-16 09:18 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2005-08-16 09:18 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2005-08-16 09:18 . 2008-08-14 10:09 2145280 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 03:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 03:59 . 2008-08-14 09:33 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2005-08-16 09:18 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
+ 2006-11-08 02:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
- 2006-11-08 02:03 . 2008-10-16 20:38 6066176 c:\windows\system32\ieframe.dll
- 2006-09-06 04:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-09-06 04:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
+ 2005-08-16 09:19 . 2008-06-18 09:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2008-10-14 21:12 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2006-12-05 09:08 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02 . 2008-06-17 19:02 8461312 c:\windows\system32\dllcache\shell32.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-10-14 21:12 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-14 21:12 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 21:12 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-14 21:12 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 21:12 . 2008-08-14 09:33 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-14 21:12 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-14 21:12 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-05 09:08 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 05:47 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-05-09 05:47 . 2008-10-16 20:38 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 05:47 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
- 2007-05-09 05:47 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-06-30 17:44 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-30 17:44 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-30 17:44 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-30 17:44 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2008-10-14 21:12 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-14 21:12 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-14 21:12 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-14 21:12 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 21:12 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-14 21:12 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2008-10-14 21:12 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-08-16 09:19 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2006-12-08 00:31 . 2009-06-01 13:51 23635392 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"igndlm.exe"="c:\program files\IGN\Download Manager\dlm.exe" [2009-05-14 1103216]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-11 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-27 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-5 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"c:\\Program Files\\Steam\\steamapps\\christianmeno\\team fortress 2\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19824:TCP"= 19824:TCP:BitComet 19824 TCP
"19824:UDP"= 19824:UDP:BitComet 19824 UDP
"23959:TCP"= 23959:TCP:BitComet 23959 TCP
"23959:UDP"= 23959:UDP:BitComet 23959 UDP
"25331:TCP"= 25331:TCP:BitComet 25331 TCP
"25331:UDP"= 25331:UDP:BitComet 25331 UDP

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/12/2007 2:31 PM 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [4/13/2009 9:33 AM 28672]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/20/2008 4:20 PM 356920]
.
- - - - ORPHANS REMOVED - - - -

BHO-{9c2d1c4a-53d1-4103-b456-0288cba15861} - (no file)
BHO-{BBABDA67-BBC5-410F-A157-0C2E7D926D16} - (no file)


.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.worldofwarcraft.com/index.xml
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}\plugins\NPNeffyPlugin.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\flashplugin@idm\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\documents and settings\Henry Chen\Application Data\Mozilla\Firefox\Profiles\kgrp1qbr.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 14:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3730782852-1421294670-1690706563-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-3730782852-1421294670-1690706563-1006\Software\SecuROM\License information*]
"datasecu"=hex:83,ae,34,3a,6a,d7,f4,5f,b7,92,18,22,7f,dc,19,9b,b4,e4,ad,b0,4d,
92,e3,16,7f,70,97,06,6f,ae,e4,26,75,10,45,7a,c7,00,a3,48,24,84,9c,2a,57,00,\
"rkeysecu"=hex:7a,d3,fc,53,88,2d,a3,82,d5,fc,59,3b,58,a8,f3,d1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-30 15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-30 19:05
ComboFix2.txt 2009-06-30 17:26
ComboFix3.txt 2009-06-30 02:15

Pre-Run: 27,478,601,728 bytes free
Post-Run: 27,489,415,168 bytes free

534 --- E O F --- 2009-06-30 17:49

The Kaspersky log is attached.

Attached Files



#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 01 July 2009 - 03:05 AM

Hi,

all antivirus programs are off, for the purpose of the scanning.

OK, just checking.

You can delete these files:
C:\WINDOWS\system32\dmserver(2).dll (make sure the (2) is present here)
C:\WINDOWS\system32\k9261108.exe

How are things running?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#11 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 01 July 2009 - 08:39 AM

So I ran a google search on various things, and clicked on about 20 links, and everything seems to be working fine. Thank you very much for helping me solve this problem. I really appreciate everything you have done. If the issue somehow comes up again, I will make another post. Thank you, and have a nice day. :thumbup2:

#12 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 01 July 2009 - 08:46 AM

Hi,

Glad to hear things are running better :thumbup:

Click Start >> Run, and then type ComboFix /u and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.
  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    Download Spybot Search and Destroy 1.5 from here
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#13 Kamioni

Kamioni
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 01 July 2009 - 11:12 AM

I downloaded both SpywareBlaster and Spybot Search and Destroy. Thank you for all the help, you can mark this problem as solved.

#14 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:02 PM

Posted 01 July 2009 - 11:20 AM

Glad I could help :thumbup2:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users