Jump to content

Unable to access certain websites


Recommended Posts

I am unable to access certain websites with any of my web browsers. Here's my HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:58 PM, on 5/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PackethSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5724 bytes

Link to post
Share on other sites

I am unable to access certain websites I know are active. All I get is a "Page cannot be displayed" error. This happens with all browsers.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:31:58 PM, on 5/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PackethSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5724 bytes

Okay, here's the ActiveScan log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-06-04 21:58:02

PROTECTIONS: 0

MALWARE: 28

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00039204 adware/cws Adware No 0 Yes No c:\documents and settings\jerry\favorites\health

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.doubleclick.net/]

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.atdmt.com/]

00139535 Application/Processor HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-1489722723-519094362-1628391410-1006\Dc17\Process.exe

00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe

00139535 Application/Processor HackTools No 0 No No C:\RECYCLER\S-1-5-21-1489722723-519094362-1628391410-1006\Dc24.exe[sDFix\apps\Process.exe]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Mozilla\Firefox\Profiles\blotsrmd.default\cookies.txt[.com.com/]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@com[1].txt

00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@bilbo.counted[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.advertising.com/]

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.advertising.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[ads.pointroll.com/]

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[ads.pointroll.com/]

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.go.com/]

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@target[2].txt

00257529 W32/Gaobot.MJA.worm Virus/Worm No 1 Yes No C:\RECYCLER\S-1-5-21-1489722723-519094362-1628391410-1006\Dc50.exe

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[.atwola.com/]

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[ehg-dig.hitbox.com/]

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Jerrysch06\g71wh4yb.slt\cookies.txt[ehg-dig.hitbox.com/]

01185375 Application/Psexec.A HackTools No 0 Yes No C:\WINDOWS\PSEXESVC.EXE

02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\RECYCLER\S-1-5-21-1489722723-519094362-1628391410-1006\Dc17\Reboot.exe

02887531 Cookie/UltimateCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@ucleaner[2].txt

02887532 Cookie/XPAntivirusPro TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@www.safenavweb[1].txt

02907634 Adware/PurityScan Adware No 0 Yes No C:\QooBox\Quarantine\C\Documents and Settings\Jerry\Application Data\ASKS~1\сhkntfs.exe.vir

02907934 Trj/Downloader.TAV Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.99668

02907934 Trj/Downloader.TAV Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.28695

02907934 Trj/Downloader.TAV Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.70315

02908018 Cookie/WinReanimator TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@winreanimator[2].txt

02908062 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\quivivfe.dll.vir

02908063 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hyxfnpkc.dll.vir

02908066 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hktvmhgm.dll.vir

02908066 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\sqleskec.dll.vir

02908213 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dbvxlgna.dll.vir

02908213 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\lfrmqwnk.dll.vir

02908215 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qdikpbgm.dll.vir

02909975 Cookie/CookingLuck TrackingCookie No 0 Yes No C:\Documents and Settings\Jerry\Cookies\jerry@cookingluck[2].txt

02929371 Trj/Downloader.TKW Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.85339

02929371 Trj/Downloader.TKW Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.85471

02929371 Trj/Downloader.TKW Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.91777

02929371 Trj/Downloader.TKW Virus/Trojan No 0 Yes No C:\Documents and Settings\Jerry\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.69424

02984152 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\reeuwqkf.dll.vir

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location O

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description O

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Spybot found nothing

Link to post
Share on other sites

  • Root Admin

Hi Jerry - I've re-opened this post since you posted back again.

Please continue to check back often after posting so that we can help you, otherwise with no response we close the topic.

STEP 1

Please remove ComboFix from your system. Click on START - RUN and type in
ComboFix /U
and remove all of it.

STEP 2

  • Download ATF-Cleaner from
    Snapfiles.com
    to remove un-needed temporary files from your computer that may contain malware.
  • You can also download it from
    Majorgeeks.com

  • When you run ATF-Cleaner, check the items as shown below for Main.

  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox

  • NOTE:
    If you don't have FireFox or Opera installed then they will be grayed out and can be ignored

  • Then click on "Empty Selected".

atf-cleaner01.gif

.
atf-cleaner02.gif

STEP 3

Start Malwarebytes and click on the UPDATE tab and update the program. Go to the Quarantine TAB and delete the quarantined files.

Then run a new Quick Scan and have it remove anything it finds.

STEP 4

Download Deckard's System Scanner (DSS) to your Desktop.

Note: You must be logged onto an account with administrator privileges.

  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your reply

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Notes: The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to Start=>Run and copy the following "%userprofile%\desktop\dss.exe" /config in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

STEP 5

Reboot your computer again.

STEP 6

Download a NEW version of ComboFix ComboFix.exe then double-click it and run it and allow it to scan and clean your system.

STEP 7

On your next reply please post the logs from DSS, MB, and ComboFix

.

Link to post
Share on other sites

Okay, here's main.txt:

Deckard's System Scanner v20071014.68

Run by Jerry on 2008-06-09 00:01:41

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --

1: 2008-06-09 04:01:50 UTC - RP1 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).

-- HijackThis (run as Jerry.exe) -----------------------------------------------

logfile has no content; running clone.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-06-09 00:03:44

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM32\SMSS.EXE

C:\WINDOWS\SYSTEM32\CSRSS.EXE

C:\WINDOWS\SYSTEM32\WINLOGON.EXE

C:\WINDOWS\SYSTEM32\SERVICES.EXE

C:\WINDOWS\SYSTEM32\LSASS.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SYSTEM32\LEXBCES.EXE

C:\WINDOWS\SYSTEM32\spoolsv.exe

C:\WINDOWS\SYSTEM32\LEXPPS.EXE

C:\WINDOWS\SYSTEM32\PackethSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\SYSTEM32\SVCHOST.EXE

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\SYSTEM32\WSCNTFY.EXE

C:\WINDOWS\SYSTEM32\ALG.EXE

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\SYSTEM32\CTFMON.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

C:\Documents and Settings\Jerry\Desktop\dss.exe

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\SYSTEM32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\SYSTEM32\PackethSvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 6482 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~2\backups\) -----------

backup-20080408-215513-254 O20 - Winlogon Notify: pmnljhg - pmnljhg.dll (file missing)

backup-20080408-215513-275 O4 - HKLM\..\Run: [spyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

backup-20080408-215513-474 O20 - AppInit_DLLs: cru629.dat

backup-20080409-215646-383 O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*

.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>

R1 OADevice (OADriver) - c:\windows\system32\drivers\oadriver.sys

R1 OAmon - c:\windows\system32\drivers\oamon.sys

R1 OAnet - c:\windows\system32\drivers\oanet.sys

R1 papycpu2 - c:\windows\system32\drivers\papycpu2.sys

R1 papyjoy - c:\windows\system32\drivers\papyjoy.sys

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys

R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

S3 catchme - c:\docume~1\jerry\locals~1\temp\catchme.sys (file missing)

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 imhidusb (Immersion's HID USB Driver) - c:\windows\system32\drivers\imhidusb.sys <Not Verified; Immersion Corporation; Immersion's TouchSense Gaming Software>

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 PackethSvc (Virtual NIC Service) - c:\windows\system32\packethsvc.exe <Not Verified; America Online, Inc.; America Online>

R2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>

S2 navapsvc (Norton AntiVirus Auto-Protect Service) - "c:\program files\norton internet security\norton antivirus\navapsvc.exe" (file missing)

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-05-09 and 2008-06-09 -----------------------------

Nothing created in this timespan.

-- Find3M Report ---------------------------------------------------------------

2008-06-08 23:44:13 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-08 23:17:12 0 d-------- C:\Documents and Settings\Jerry\Application Data\OnlineArmor

2008-05-27 22:27:19 0 d-------- C:\Program Files\SUPERAntiSpyware

2008-05-15 22:09:38 0 d-------- C:\Documents and Settings\Jerry\Application Data\LimeWire

2008-05-01 00:06:13 0 d-------- C:\Program Files\Audacity

2008-04-30 00:02:28 0 d-------- C:\Program Files\NCH Swift Sound

2008-04-30 00:02:25 0 d-------- C:\Documents and Settings\Jerry\Application Data\NCH Swift Sound

2008-04-18 09:56:58 0 d-------- C:\Program Files\SpywareBlaster

2008-04-14 00:05:12 0 d-------- C:\Documents and Settings\Jerry\Application Data\OpenOffice.org2

2008-04-13 23:59:01 0 d-------- C:\Program Files\OpenOffice.org 2.4

2008-04-13 23:58:11 0 d-------- C:\Program Files\Java

2008-04-13 22:36:10 0 d-------- C:\Documents and Settings\Jerry\Application Data\SiteHound

2008-04-13 22:33:55 0 d-------- C:\Program Files\FireTrust

2008-04-13 22:24:28 0 d-------- C:\Program Files\hpHosts

2008-04-12 22:29:28 0 d-------- C:\Program Files\Tall Emu

2008-04-12 22:08:45 0 d-------- C:\Documents and Settings\Jerry\Application Data\AdobeUM

2008-04-11 22:00:54 0 d-------- C:\Program Files\Messenger

2008-04-09 22:19:44 214 --a------ C:\WINDOWS\system32\tmp.reg

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [03/23/2008 10:21 AM]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [01/17/2006 01:03 PM]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/19/2005 03:37 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 06:43 PM]

C:\Documents and Settings\Jerry\Start Menu\Programs\Startup\

DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

DESKTOP.INI [8/10/2004 2:04:12 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"HideLegacyLogonScripts"=0 (0x0)

"HideLogoffScripts"=0 (0x0)

"RunLogonScriptSync"=1 (0x1)

"RunStartupScriptSync"=1 (0x1)

"HideStartupScripts"=0 (0x0)

"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 02:55 PM 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [03/23/2008 10:21 AM 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 02:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 2000 Tray Icon.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 2000 Tray Icon.lnk

backup=C:\WINDOWS\pss\CompuServe 2000 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk

backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk

backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\883b4cfe]

rundll32.exe "C:\WINDOWS\system32\qdikpbgm.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]

C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b087f62]

Rundll32.exe "C:\WINDOWS\system32\hyxfnpkc.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]

braviax.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crmfqr]

"C:\Documents and Settings\Jerry\Application Data\?asks\?hkntfs.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]

C:\Program Files\kernel\kernel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

"C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

"C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ouwovetu]

C:\WINDOWS\system32\cdkrkxcj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozcorujz]

C:\WINDOWS\system32\tgrabupy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]

"C:\DOCUME~1\Jerry\APPLIC~1\SSTEM~1\dllhost.exe" -vt ndrv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]

C:\Documents and Settings\Jerry\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]

"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]

C:\Documents and Settings\Jerry\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yby]

"C:\Documents and Settings\Jerry\Application Data\?icrosoft\?ttrib.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SPBBCSvc"=2 (0x2)

"SymWSC"=2 (0x2)

"SBService"=2 (0x2)

"SAVScan"=3 (0x3)

"ISSVC"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"SNDSrvc"=3 (0x3)

"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\Autorun.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 localhost

127.0.0.1 005.free-counter.co.uk

127.0.0.1 006.free-counter.co.uk

127.0.0.1 007.free-counter.co.uk

127.0.0.1 007guard.com

127.0.0.1 008.free-counter.co.uk

127.0.0.1 00fun.com

127.0.0.1 00hq.com

127.0.0.1 00inkjets.com

127.0.0.1 00pro.com

52623 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-06-09 00:07:08 ------------

... and extra.txt:

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz

Percentage of Memory in Use: 88%

Physical Memory (total/avail): 253.98 MiB / 29.59 MiB

Pagefile Memory (total/avail): 623.77 MiB / 316.13 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1922.33 MiB

A: is Removable (No Media)

C: is Fixed (NTFS) - 70.87 GiB total, 28.54 GiB free.

D: is CDROM (CDFS)

E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75JHC0 - 74.5 GiB - 3 partitions

\PARTITION0 - Unknown - 39.19 MiB

\PARTITION1 (bootable) - Installable File System - 70.87 GiB - C:

\PARTITION2 - Unknown - 3.59 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Online Armor Firewall v2.1.0.119 (Tall Emu)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Jerry\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=DELL-DF5XDK71

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Jerry

LOGONSERVER=\\DELL-DF5XDK71

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Jerry\LOCALS~1\Temp

TMP=C:\DOCUME~1\Jerry\LOCALS~1\Temp

USERDOMAIN=DELL-DF5XDK71

USERNAME=Jerry

USERPROFILE=C:\Documents and Settings\Jerry

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jerry (admin)

Administrator (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}

--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL

--> C:\WINDOWS\UNNMP.exe /UNINSTALL

--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}

AOL Instant Messenger --> C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=

Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"

Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}

CompuServe 2000 --> C:\Program Files\Common Files\csshare\csunins_us.exe

CwGet V1.60 --> "C:\Program Files\CWGET\unins000.exe"

Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s

Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720

Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe

Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}

DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log

Dual Mode Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5168221A-732B-42E7-85E8-201D7A0CB954}\Setup.exe" -l0x9

EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe

First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL

FLV Player --> "C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"

Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}

Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly

Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"

HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

hpHosts --> "C:\Program Files\hpHosts\unins000.exe"

ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL

Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"

Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572

Intel® PRO Network Adapters and Drivers --> Prounstl.exe

Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}

Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}

Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}

Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}

Java 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

LimeWire 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Money 2004 --> MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}

Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}

Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF

Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9

Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText

Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Musicmatch

Link to post
Share on other sites

  • Root Admin

Hi Jerry,

#1 - Please return and post the items requested in a timely manner or a least post back that you're busy and will return later. We all do this on a voluntary basis and it really wastes a lot of my free time that I could help others or do other things when you don't follow directions or you don't post back the requested information.

Yes, your system shows that you are infected still. I am currently not going to provide any further information unless I hear back from you and you're ready to follow the steps and provide the information as requested.

Thank you.

Link to post
Share on other sites

Oops, sorry about that! I forgot to post the MB & combofix logs! Here they are:

combofix:

ComboFix 08-06-08.7 - Jerry 2008-06-09 0:49:42.5 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.59 [GMT -4:00]

Running from: C:\Documents and Settings\Jerry\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\MSINET.oca

C:\WINDOWS\system32\oqnkdamp.ini

.

((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))

.

2008-06-08 23:56 . 2008-06-08 23:56 <DIR> d-------- C:\Deckard

2008-06-08 23:44 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamcatchme.sys

2008-06-08 23:44 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-09 04:41 --------- d-----w C:\Documents and Settings\Jerry\Application Data\OnlineArmor

2008-06-09 03:44 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware

2008-05-28 02:27 --------- d-----w C:\Program Files\SUPERAntiSpyware

2008-05-26 03:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-16 02:09 --------- d-----w C:\Documents and Settings\Jerry\Application Data\LimeWire

2008-05-01 04:06 --------- d-----w C:\Program Files\Audacity

2008-04-30 04:02 --------- d-----w C:\Program Files\NCH Swift Sound

2008-04-30 04:02 --------- d-----w C:\Documents and Settings\Jerry\Application Data\NCH Swift Sound

2008-04-29 04:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound

2008-04-18 13:56 --------- d-----w C:\Program Files\SpywareBlaster

2008-04-14 04:05 --------- d-----w C:\Documents and Settings\Jerry\Application Data\OpenOffice.org2

2008-04-14 03:59 --------- d-----w C:\Program Files\OpenOffice.org 2.4

2008-04-14 03:58 --------- d-----w C:\Program Files\Java

2008-04-14 02:36 --------- d-----w C:\Documents and Settings\Jerry\Application Data\SiteHound

2008-04-14 02:33 --------- d-----w C:\Program Files\FireTrust

2008-04-14 02:24 --------- d-----w C:\Program Files\hpHosts

2008-04-13 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\OnlineArmor

2008-04-13 02:29 --------- d-----w C:\Program Files\Tall Emu

2008-04-13 02:08 --------- d-----w C:\Documents and Settings\Jerry\Application Data\AdobeUM

2008-04-09 01:47 --------- d-----w C:\Program Files\RogueRemover FREE

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\SYSTEM32\msjint40.dll

2008-03-27 08:12 151,583 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys

2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys

2007-10-16 02:56 1,664 ----a-w C:\Documents and Settings\Jerry\Application Data\ViewerApp.dat

2007-05-15 04:24 25,990,392 ----a-w C:\Program Files\FLV PlayerRCSetup.exe

.

((((((((((((((((((((((((((((( snapshot_2008-03-23_23.20.44.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-03-19 09:40:27 1,845,888 ----a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll

+ 2008-02-20 05:19:35 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll

+ 2008-02-20 18:49:36 45,568 ----a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll

+ 2008-03-01 13:03:00 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll

+ 2008-03-01 13:03:00 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll

+ 2008-03-01 13:03:00 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll

+ 2008-03-01 13:03:00 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll

+ 2008-03-01 13:03:00 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll

+ 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe

+ 2008-03-01 13:03:00 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll

+ 2008-03-01 13:03:00 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll

+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat

+ 2008-03-01 13:03:00 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll

+ 2008-03-01 13:03:00 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll

+ 2008-03-01 13:03:01 6,067,712 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll

+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll

+ 2008-03-01 13:03:01 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll

+ 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe

+ 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe

+ 2008-03-01 13:03:01 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll

+ 2008-03-01 13:03:01 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll

+ 2008-03-01 13:03:01 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll

+ 2008-03-01 13:03:01 3,593,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll

+ 2008-03-01 13:03:01 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll

+ 2008-03-01 13:03:01 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll

+ 2008-03-01 13:03:01 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll

+ 2008-03-01 13:03:01 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll

+ 2008-03-01 13:03:01 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll

+ 2008-03-01 13:03:02 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll

+ 2008-03-01 13:03:02 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll

+ 2008-03-01 13:03:02 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll

+ 2008-03-01 13:03:02 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll

+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll

+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe

+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll

+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll

+ 2008-02-20 06:52:43 282,624 ----a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll

+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll

+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe

+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll

+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe

+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll

+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll

+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll

+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll

+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll

+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll

+ 2008-03-27 07:39:13 151,583 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll

+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll

+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll

+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll

+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll

+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll

+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll

+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll

+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll

+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll

+ 2007-12-10 12:41:14 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll

+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941693$\spuninst\updspapi.dll

+ 2007-03-08 13:47:48 1,843,584 -c----w C:\WINDOWS\$NtUninstallKB941693$\win32k.sys

+ 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsapi.dll

+ 2004-08-04 10:00:00 45,568 -c----w C:\WINDOWS\$NtUninstallKB945553$\dnsrslvr.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB945553$\spuninst\updspapi.dll

+ 2007-06-19 13:31:19 282,112 -c----w C:\WINDOWS\$NtUninstallKB948590$\gdi32.dll

+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB948590$\spuninst\updspapi.dll

+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe

+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB948881$\spuninst\updspapi.dll

+ 2008-04-14 03:59:25 12,288 ----a-w C:\WINDOWS\ASSEMBLY\GAC\cli_basetypes\1.0.9.0__ce2cb7e279207b9e\cli_basetypes.dll

+ 2008-04-14 03:59:25 32,256 ----a-w C:\WINDOWS\ASSEMBLY\GAC\cli_cppuhelper\1.0.12.0__ce2cb7e279207b9e\cli_cppuhelper.dll

+ 2008-04-14 03:59:25 847,872 ----a-w C:\WINDOWS\ASSEMBLY\GAC\cli_types\1.1.12.0__ce2cb7e279207b9e\cli_types.dll

+ 2008-04-14 03:59:25 8,192 ----a-w C:\WINDOWS\ASSEMBLY\GAC\cli_ure\1.0.12.0__ce2cb7e279207b9e\cli_ure.dll

+ 2008-04-14 03:58:47 3,072 ----a-w C:\WINDOWS\ASSEMBLY\GAC\policy.1.0.cli_basetypes\9.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_basetypes.dll

+ 2008-04-14 03:58:48 3,072 ----a-w C:\WINDOWS\ASSEMBLY\GAC\policy.1.0.cli_cppuhelper\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_cppuhelper.dll

+ 2008-04-14 03:58:48 3,072 ----a-w C:\WINDOWS\ASSEMBLY\GAC\policy.1.0.cli_ure\12.0.0.0__ce2cb7e279207b9e\policy.1.0.cli_ure.dll

+ 2008-04-14 03:59:35 3,072 ----a-w C:\WINDOWS\ASSEMBLY\GAC\policy.1.1.cli_types\12.0.0.0__ce2cb7e279207b9e\policy.1.1.cli_types.dll

+ 2008-06-09 04:39:46 2,048 --s-a-w C:\WINDOWS\BOOTSTAT.DAT

- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE

+ 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE

+ 2008-04-12 01:54:27 5,316,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-04-12 01:54:28 495,616 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-04-11 08:14:18 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-04-12 01:54:14 5,316,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-04-12 01:54:14 495,616 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe

+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe

+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll

+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll

+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll

+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll

+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll

+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe

+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll

+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll

+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll

+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll

+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll

+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll

+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll

+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe

+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe

+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll

+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll

+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll

+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll

+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll

+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll

+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll

+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll

+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll

+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll

+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll

+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll

+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll

+ 2008-04-14 04:02:01 2,363,392 ----a-r C:\WINDOWS\Installer\{F87A8E11-02A4-4875-A3A5-5961081B0E4E}\soffice.exe

+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe

+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe

+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe

+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe

+ 2004-08-04 10:00:00 2,000 -c--a-w C:\WINDOWS\SYSTEM\KEYBOARD.DRV

+ 2004-08-04 10:00:00 2,032 -c--a-w C:\WINDOWS\SYSTEM\MOUSE.DRV

+ 2004-08-04 10:00:00 1,744 -c--a-w C:\WINDOWS\SYSTEM\SOUND.DRV

+ 2004-08-04 10:00:00 2,176 -c--a-w C:\WINDOWS\SYSTEM\VGA.DRV

- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll

+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll

- 2005-05-27 23:49:35 16,384 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

+ 2008-03-27 02:41:16 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat

- 2005-05-27 23:49:35 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2008-03-27 02:41:16 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat

- 2005-05-27 23:49:35 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-03-27 02:41:16 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2004-08-04 10:00:00 1,788 ----a-w C:\WINDOWS\SYSTEM32\Dcache.bin

+ 2004-12-06 06:05:00 2,239 ----a-w C:\WINDOWS\SYSTEM32\dla\tfsndres.sys

- 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll

+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll

+ 2004-08-04 10:00:00 4,224 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\beep.sys

- 2004-08-04 10:00:00 561,179 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll

+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dao360.dll

- 2006-06-26 17:37:10 148,480 -c----w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll

+ 2008-02-20 05:32:43 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll

+ 2008-02-20 05:32:43 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll

+ 2004-08-04 04:07:58 2,944 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmkaud.sys

- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll

+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll

- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll

+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll

- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll

+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll

- 2007-06-19 13:31:19 282,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll

+ 2008-02-20 06:51:05 282,624 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll

- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll

+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll

- 2007-12-06 11:00:57 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe

- 2007-12-07 02:21:45 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll

+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll

- 2007-12-07 02:21:45 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll

+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll

- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll

+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll

- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll

+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll

- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll

+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll

- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll

+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll

- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll

+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll

- 2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe

- 2007-12-06 11:01:25 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

+ 2008-02-29 08:55:46 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe

- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2004-08-04 10:00:00 2,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\keyboard.drv

+ 2004-08-04 10:00:00 2,032 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mouse.drv

+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msctf.dll

+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msexch40.dll

+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msexcl40.dll

- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll

+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll

- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll

+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll

- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll

- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjet40.dll

+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjetol1.dll

+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjter40.dll

+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msjtes40.dll

+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msltus40.dll

+ 2008-03-25 04:50:45 355,104 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mspbde40.dll

- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll

+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll

+ 2008-03-25 04:50:47 432,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd2x40.dll

+ 2008-03-25 04:50:49 322,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrd3x40.dll

+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrepl40.dll

+ 2008-03-25 04:50:55 264,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstext40.dll

- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll

+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll

+ 2008-03-25 04:50:57 838,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswdat10.dll

+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mswstr10.dll

+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msxbde40.dll

- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll

+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll

- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll

+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll

+ 2004-08-04 10:00:00 1,744 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\sound.drv

- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll

+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll

- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll

+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll

+ 2004-08-04 10:00:00 2,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vga.drv

- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll

+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll

- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll

- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll

+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll

- 2004-08-04 10:00:00 45,568 ----a-w C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL

+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll

+ 2004-08-04 04:07:58 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys

+ 2004-08-04 10:00:00 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS

+ 2008-03-23 14:21:12 80,072 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys

+ 2008-03-23 14:21:22 32,456 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys

+ 2008-03-23 14:21:16 28,872 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\oanet.sys

+ 2001-01-31 09:18:42 2,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\papycpu2.sys

+ 2001-01-31 09:18:42 1,888 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\papyjoy.sys

- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll

+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll

- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll

+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll

- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll

+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll

- 2007-04-30 07:08:14 189,000 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT

+ 2008-04-15 01:35:08 206,512 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT

- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll

- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll

+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll

- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe

+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe

- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll

+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll

- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll

+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll

- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll

+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll

- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll

+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll

- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll

+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll

- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll

+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll

- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll

+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll

- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll

+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe

+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe

- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll

+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll

+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll

+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe

+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll

+ 2004-08-04 10:00:00 2,000 ----a-w C:\WINDOWS\SYSTEM32\KEYBOARD.DRV

+ 2004-08-04 10:00:00 2,560 ----a-w C:\WINDOWS\SYSTEM32\LZ32.DLL

+ 2004-08-04 10:00:00 2,032 ----a-w C:\WINDOWS\SYSTEM32\MOUSE.DRV

- 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe

+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe

- 2004-08-04 10:00:00 294,400 ----a-w C:\WINDOWS\SYSTEM32\MSCTF.DLL

+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\SYSTEM32\msctf.dll

- 2004-08-04 10:00:00 512,029 ----a-w C:\WINDOWS\SYSTEM32\MSEXCH40.DLL

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\SYSTEM32\msexch40.dll

- 2004-08-04 10:00:00 319,517 ----a-w C:\WINDOWS\SYSTEM32\MSEXCL40.DLL

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\SYSTEM32\msexcl40.dll

- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll

+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll

- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll

+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll

- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll

+ 2008-03-01 22:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll

- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll

+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll

- 2004-08-04 10:00:00 1,507,356 ----a-w C:\WINDOWS\SYSTEM32\MSJET40.DLL

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\SYSTEM32\msjet40.dll

- 2004-08-04 10:00:00 358,976 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\SYSTEM32\msjetoledb40.dll

- 2004-08-04 10:00:00 53,279 ----a-w C:\WINDOWS\SYSTEM32\MSJTER40.DLL

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\SYSTEM32\msjter40.dll

- 2004-08-04 10:00:00 241,693 ----a-w C:\WINDOWS\SYSTEM32\MSJTES40.DLL

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\SYSTEM32\msjtes40.dll

- 2004-08-04 10:00:00 213,023 ----a-w C:\WINDOWS\SYSTEM32\MSLTUS40.DLL

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\SYSTEM32\msltus40.dll

- 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\MSPBDE40.DLL

+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\SYSTEM32\mspbde40.dll

- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll

+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll

- 2004-08-04 10:00:00 421,919 ----a-w C:\WINDOWS\SYSTEM32\MSRD2X40.DLL

+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\SYSTEM32\msrd2x40.dll

- 2004-08-04 10:00:00 315,423 ----a-w C:\WINDOWS\SYSTEM32\MSRD3X40.DLL

+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\SYSTEM32\msrd3x40.dll

- 2004-08-04 10:00:00 552,989 ----a-w C:\WINDOWS\SYSTEM32\MSREPL40.DLL

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\SYSTEM32\msrepl40.dll

+ 2005-08-25 22:18:16 118,784 ----a-w C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL

- 2004-08-04 10:00:00 258,077 ----a-w C:\WINDOWS\SYSTEM32\MSTEXT40.DLL

+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\SYSTEM32\mstext40.dll

- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll

+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll

- 2004-08-04 10:00:00 831,519 ----a-w C:\WINDOWS\SYSTEM32\MSWDAT10.DLL

+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\SYSTEM32\mswdat10.dll

- 2004-08-04 10:00:00 614,429 ----a-w C:\WINDOWS\SYSTEM32\MSWSTR10.DLL

+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\SYSTEM32\mswstr10.dll

- 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\SYSTEM32\MSXBDE40.DLL

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\SYSTEM32\msxbde40.dll

- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll

+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll

- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll

+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll

+ 2004-08-04 10:00:00 1,744 ----a-w C:\WINDOWS\SYSTEM32\SOUND.DRV

- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll

+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll

- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll

+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll

+ 2004-08-04 10:00:00 2,176 ----a-w C:\WINDOWS\SYSTEM32\VGA.DRV

- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll

+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll

- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll

+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll

+ 2004-08-04 10:00:00 2,864 ----a-w C:\WINDOWS\SYSTEM32\WINSOCK.DLL

+ 2004-08-04 10:00:00 2,112 ----a-w C:\WINDOWS\SYSTEM32\WINSPOOL.EXE

+ 2004-08-04 10:00:00 2,736 ----a-w C:\WINDOWS\SYSTEM32\WOWDEB.EXE

+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe

+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 10:21 5519424]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 13:03 135168]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-19 03:37 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"RunStartupScriptSync"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-03-23 10:21 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 2000 Tray Icon.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 2000 Tray Icon.lnk

backup=C:\WINDOWS\pss\CompuServe 2000 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk

backup=C:\WINDOWS\pss\dlbcserv.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk

backup=C:\WINDOWS\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\883b4cfe]

C:\WINDOWS\system32\qdikpbgm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

--a------ 2006-08-01 15:35 67112 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]

C:\Program Files\antiviirus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b087f62]

C:\WINDOWS\system32\hyxfnpkc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crmfqr]

C:\Documents and Settings\Jerry\Application Data\?asks\?hkntfs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a------ 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]

--------- 2004-09-03 04:58 65536 C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

--a------ 2005-09-20 09:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

--a------ 2005-09-20 09:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

--a------ 2005-09-20 09:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

--a------ 2003-09-03 21:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]

C:\Program Files\kernel\kernel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]

C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

--a------ 2006-01-17 13:03 53248 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

--a------ 2006-01-17 13:03 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ouwovetu]

C:\WINDOWS\system32\cdkrkxcj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozcorujz]

C:\WINDOWS\system32\tgrabupy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2005-10-28 14:08 335872 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2005-05-19 03:37 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

--a------ 2007-03-30 22:26 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]

C:\DOCUME~1\Jerry\APPLIC~1\SSTEM~1\dllhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]

C:\Documents and Settings\Jerry\Application Data\Microsoft\Windows\rayiou.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]

C:\Program Files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

--a------ 2004-10-14 15:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]

C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

--a------ 2007-06-21 15:06 1318912 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

--a------ 2007-03-14 12:16 100048 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]

--a------ 2004-01-07 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]

C:\WINDOWS\winshow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]

C:\Documents and Settings\Jerry\Application Data\WinTouch\WinTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yby]

C:\Documents and Settings\Jerry\Application Data\?icrosoft\?ttrib.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

--a------ 2007-03-28 18:10 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SPBBCSvc"=2 (0x2)

"SymWSC"=2 (0x2)

"SBService"=2 (0x2)

"SAVScan"=3 (0x3)

"ISSVC"=2 (0x2)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"SNDSrvc"=3 (0x3)

"Automatic LiveUpdate Scheduler"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"C:\\Program Files\\AIM95\\aim.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Soulseek\\slsk.exe"=

R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-03-23 10:21]

R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-03-23 10:21]

R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-03-23 10:21]

R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\system32\PackethSvc.exe [2001-08-09 16:46]

R2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-03-23 10:21]

S3 imhidusb;Immersion's HID USB Driver;C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2001-04-27 04:36]

S3 SNDP610;Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\sndp610.sys [2005-10-11 15:19]

S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]

S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 06:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\Autorun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-09 00:58:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

.

Completion time: 2008-06-09 1:03:36

ComboFix-quarantined-files.txt 2008-06-09 05:03:29

ComboFix2.txt 2008-04-09 02:06:07

ComboFix3.txt 2008-03-24 03:21:06

ComboFix4.txt 2008-03-22 03:33:35

ComboFix5.txt 2008-01-08 05:08:42

Pre-Run: 30,594,691,072 bytes free

Post-Run: 30,634,151,936 bytes free

582 --- E O F --- 2008-05-28 03:45:48

...and MB:

Malwarebytes' Anti-Malware 1.15

Database version: 841

11:54:53 PM 6/8/2008

mbam-log-6-8-2008 (23-54-53).txt

Scan type: Quick Scan

Objects scanned: 37295

Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\SYSTEM32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\system32\drivers (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\SYSTEM32\system32\drivers\etc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\SYSTEM32\system32\drivers\etc\hosts_Win_Original (Trojan.Agent) -> Quarantined and deleted successfully.

... and thanks!!! :lol:

Link to post
Share on other sites

  • Root Admin
Great! Thanks! BTW- Which of your programs are better to purchase? MB Antimalware or RogueRemover?

MB would be the better product for Malware prevention and removal.

Sorry about the late reply but I'll have to do some more research on this as you have some hidden process running that keeps it infected.

Will get back to you again tomorrow on this.

Link to post
Share on other sites

  • Root Admin

Please follow the direction is this order

First - disable the Spybot Search & Destroy Tea Timer it shows that it is running and it will interfere with some fixes.

Disable Spybot Search & Destroys' TEA TIMER:


    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

STEP1

Download and run VundoFix or from here VundoFix

STEP2

Download SmitfraudFix (by S!Ri) to your Desktop

SmitFraudFix

Double Click SmitfraudFix.exe on your Desktop. A folder named SmitfraudFix will be created on your Desktop.

Do not run the fix yet.

You might want to print out these instructions, as you will be in Safe Mode and unable to refer to them here.

Start your computer in Safe Mode.

Open the folder on your desktop, SmitFraudFix:

Folder.png

Double-click SmitFraudFix.cmd (Marked in Red in the picture above) to start the fix.

Choose Option #2 -- Clean by typing 2 and pressing [Enter]. Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit [Enter].

Your screen will show .Fix02b.png

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit [Enter].

A reboot may be needed to finish the cleaning process. If your computer does not restart automatically when the tool indicates a restart is to occur, please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: .

When finished, Reboot your computer back to Normal Mode.

Note: This utility contains a helper file called Process.exe that is often identified by antivirus programs as bad. Please do not let your Antivirus software delete this file. It is perfectly safe.

STEP3

Click on Start - Run and type in ComboFix /U and remove your current version.

Download a new version to your Desktop but don't run it yet ComboFix.exe or from here ComboFix.exe

Using your mouse, Highlight and then Right-click and Copy the entire contents of the Code box below, including blank lines but do not include the word CODE at the top

KILLALL::


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\antiviirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\883b4cfe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b087f62]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\braviax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crmfqr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ouwovetu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozcorujz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6w]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTouch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yby]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

File::
C:\WINDOWS\system32\qdikpbgm.dll
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\qdikpbgm.dll
C:\Program Files\antiviirus.exe
C:\WINDOWS\system32\hyxfnpkc.dll
C:\Documents and Settings\Jerry\Application Data\?asks\?hkntfs.exe
C:\Program Files\kernel\kernel.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\cdkrkxcj.exe
C:\WINDOWS\system32\tgrabupy.exe
C:\DOCUME~1\Jerry\APPLIC~1\SSTEM~1\dllhost.exe
C:\Documents and Settings\Jerry\Application Data\Microsoft\Windows\rayiou.exe
C:\WINDOWS\winshow.exe
C:\Documents and Settings\Jerry\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Jerry\Application Data\?icrosoft\?ttrib.exe
C:\WINDOWS\TEMP\mc21.tmp

Folder::
C:\WINDOWS\privacy_danger
C:\Program Files\kernel
C:\Documents and Settings\Jerry\Application Data\?asks
C:\Documents and Settings\Jerry\Application Data\?icrosoft

Open NOTEPAD, on the menu click Format and be certain that Word Wrap is not enabled.

Highlight the text in the box below then Right-click and Copy/Paste the Code box contents from above into Notepad.

Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:

CFScript.gif

A window may open with a warning. Type "1" (and Enter) to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

Make sure all other applications are not running and do not touch the keyboard or mouse while it runs.

STEP4

Run Malwarebytes and click on the UPDATE tab and update the program and run a FULL SCAN and repair any items found

STEP5

Run HijackThis again, System scan only, and save the log file.

Post back to the Forum:

The contents of C:\Rapport.txt;

The contents of C:\Combofix.txt;

The Malwarebytes log;

Your new HijackThis log.

.

Link to post
Share on other sites

Okay, TeaTimer was already unchecked.

VundoFix found nothing.

Mbam log:

Malwarebytes' Anti-Malware 1.17

Database version: 856

9:07:07 PM 6/14/2008

mbam-log-6-14-2008 (21-07-07).txt

Scan type: Quick Scan

Objects scanned: 37505

Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

rapport.txt:

SmitFraudFix v2.324

Scan done at 1:28:50.26, Sat 06/14/2008

Run from C:\Documents and Settings\Jerry\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

Link to post
Share on other sites

And lastly:

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:15:56, on 6/14/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\PackethSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 5914 bytes

Wow! I feel like I just ran a marathon! :P

Thanks again! :P

Link to post
Share on other sites

  • Root Admin

Hi Jerry,

I have to apologize - we didn't need all those host file entries. Those are put there on purpose by hphosts to prevent your system from reaching known bad sites that could or would attack your system.

I'll give you credit though for perseverance and posting all of that information.

The logs look much better now. I would have to assume that your computer must be running better by now.

Please run the following command.

Click on Start - Run and type in ComboFix /U and follow the directions and allow it to remove itself.

Update Malwarebytes one more time and do a Full Scan - then run another HJT Scan Only and post back both of those logs.

How is the computer running now? Is there still an issue with Websites or with any other indication that your system may be infected?

.

Link to post
Share on other sites

I'm running much better now! I'm now able to access the websites I wasn't able to access before! :P

Here's the mbam log:

Malwarebytes' Anti-Malware 1.17

Database version: 856

10:14:01 PM 6/15/2008

mbam-log-6-15-2008 (22-14-01).txt

Scan type: Quick Scan

Objects scanned: 40516

Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

...and the HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:15:37, on 6/15/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\WINDOWS\system32\PackethSvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 6051 bytes

Thanks again! I'm gonna purchase your product to support you!

Link to post
Share on other sites

  • Root Admin

You need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep Spybot Search & Destroy and always immunize when you update. You will also need at least one other scanning program Avira is good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I recommend
Online Armor Free

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.