Need help with removing virus

utopian86 · October 26, 2008

Malwarebytes' Anti-Malware 1.30Database version: 1323Windows 5.1.2600 Service Pack 2
3/31/2002 1:35:44 AMmbam-log-2002-03-31 (01-35-44).txt
Scan type: Quick ScanObjects scanned: 61367Time elapsed: 5 minute(s), 17 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:C:\WINDOWS\password_viewer.exe (Spyware.Passwords) -> Delete on reboot.C:\USBDRVEN.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.

I cant install any antivirus on this pc.

everytime when i tried to install, it will pop out a shutdown timer message within 1 second

1972vet · October 26, 2008

Can we see the Panda scan log?

utopian86 · October 26, 2008

yea, sure.

I'm geting it now

utopian86 · October 26, 2008

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:32 AM, on 3/31/2002Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: Normal
Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\acer\KnobService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\mHotkey.exeC:\WINDOWS\CNYHKey.exeC:\acer\KnobMonitor.exeC:\ACER\MPS.EXEC:\Program Files\WinFast\WFTVFM\WFWIZ.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXEC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\QvodPlayer\QvodTerminal.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeC:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.8:8080O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: (no name) - {FCACB5E1-DE21-4DDB-A4F6-06DD92CEB23D} - (no file)O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [CHotkey] mHotkey.exeO4 - HKLM\..\Run: [ledpointer] CNYHKey.exeO4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exeO4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXEO4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initializeO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htmO8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5e522546d2b044399bf16da979fcbb5O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5e522546d2b044399bf16da979fcbb5O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exeO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.33/uploader2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D47E7D15-2338-439C-822C-F8D6C684F2AE}: NameServer = 202.188.0.133,202.188.1.5O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Knob Service (KNOBSERV) - Acer Inc. - c:\acer\KnobService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Qvod Terminal - Shenzhen QVOD Technology Co.,Ltd - C:\Program Files\QvodPlayer\QvodTerminal.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--End of file - 10245 bytes

utopian86 · October 26, 2008

it seems that both eset and panda online scanner is not working after i click install active x

1972vet · October 26, 2008

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***

Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please post back the following on your next reply:

C:\ComboFix.txt

New HijackThis log.

...and, I don't need you to post your logs inside a code box. Please just copy and paste like everyone else. Thanks!

utopian86 · October 27, 2008

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Monday, October 27, 2008

Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, October 26, 2008 22:32:15

Records in database: 1349188

--------------------------------------------------------------------------------

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

J:\

K:\

L:\

M:\

Scan statistics:

Files scanned: 130865

Threat name: 3

Infected objects: 3

Suspicious objects: 0

Duration of the scan: 02:05:45

File name / Threat name / Threats count

C:\WINDOWS\pc-off.bat Infected: Trojan.BAT.Shutdown.bi 1

C:\Documents and Settings\Acer Aspire\Desktop\Nero-7.8.5.0_eng_trial.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bm 1

C:\System Volume Information\_restore{B63FAD1D-5075-4D96-9440-4C76325B7D62}\RP601\A0255135.exe Infected: IM-Worm.Win32.Sohanad.hp 1

The selected area was scanned.

utopian86 · October 27, 2008

ComboFix 08-10-25.01 - Acer Aspire 2008-10-27 14:31:46.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.567 [GMT 8:00]

Running from: C:\Documents and Settings\Acer Aspire\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Acer Aspire\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\IE4 Error Log.txt

C:\WINDOWS\system32\_000006_.tmp.dll

.

((((((((((((((((((((((((( Files Created from 2008-09-27 to 2008-10-27 )))))))))))))))))))))))))))))))

.

2008-10-27 14:27 . <DIR> C:\32788R22FWJFW

2008-10-27 03:33 . 2008-10-27 03:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-27 03:27 . 2008-10-27 03:27 <DIR> d-------- C:\WINDOWS\LastGood

2008-10-27 02:58 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-10-27 02:57 . 2008-08-14 17:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-10-27 02:11 . 2008-05-01 22:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-22 08:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 08:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-10-15 16:57 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll

2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-15 11:57 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys

2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2004-12-30 10:31 41,288 ----a-w C:\Documents and Settings\Acer Aspire\Application Data\GDIPFONTCACHEV1.DAT

2002-01-20 15:08 30 --sha-r C:\WINDOWS\pc-off.bat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

"EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]

"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="NvQTwk" [X]

"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 155648]

"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 114688]

"KnobMonitor"="C:\acer\KnobMonitor.exe" [2003-06-02 248832]

"MPS"="C:\ACER\MPS.EXE" [2003-05-30 212992]

"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744]

"EPSON Stylus C43 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-12-09 75776]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 479232]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"Ulead Photo Express Calendar Checker"="C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-12 69632]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2002-03-31 1234712]

"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2002-03-31 136600]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 C:\WINDOWS\SOUNDMAN.EXE]

"CHotkey"="mHotkey.exe" [2003-06-06 C:\WINDOWS\mHotkey.exe]

"ledpointer"="CNYHKey.exe" [2003-05-27 C:\WINDOWS\CNYHKey.exe]

"nwiz"="nwiz.exe" [2002-08-30 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Acer Aspire^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]

path=C:\Documents and Settings\Acer Aspire\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk

backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk

backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk

backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PhotoDiary for Sony HDPS.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PhotoDiary for Sony HDPS.lnk

backup=C:\WINDOWS\pss\PhotoDiary for Sony HDPS.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2005-09-16 08:43 274432 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-08-02 10:16 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WWNExporter]

--a------ 2005-11-22 03:56 2266624 D:\wow\WWNExporter\WWNExporter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSER]

--a------ 2003-06-06 20:07 36864 C:\WINDOWS\SSer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopHS]

--a------ 2003-05-23 19:23 38 C:\WINDOWS\stopHS.bat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"EPSONStatusAgent2"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\MMPlayer\\PowerMPlayer.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\PPStream\\PPStream.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 NPPTNT;NPPTNT;C:\WINDOWS\System32\npptNT.sys [2003-07-21 4608]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2002-03-31 231704]

R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2002-03-31 152984]

R2 Qvod Terminal;Qvod Terminal;C:\Program Files\QvodPlayer\QvodTerminal.exe [2008-10-21 495616]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2003-01-07 6085]

S2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2002-09-17 81356]

S2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2002-06-24 39182]

S2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2002-06-24 9804]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\Auto\command - pagefile.pif

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f4965c6-329d-11d6-9986-00016c232057}]

\Shell\AutoRun\command - F:\password_viewer.exe %1

\Shell\Explore\command - F:\password_viewer.exe %1

\Shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{876335b6-420a-11db-97ed-00016c232057}]

\Shell\AutoRun\command - F:\password_viewer.exe %1

\Shell\Explore\command - F:\password_viewer.exe %1

\Shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db46ef86-52e7-11db-9804-806d6172696f}]

\Shell\AutoRun\command - F:\password_viewer.exe %1

\Shell\Explore\command - F:\password_viewer.exe %1

\Shell\Open\command - F:\password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7aec800-031b-11d6-993b-00016c232057}]

\Shell\AutoRun\command - password_viewer.exe %1

\Shell\Explore\command - password_viewer.exe %1

\Shell\Open\command - password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83baa14-004a-11d6-9934-00016c232057}]

\Shell\AutoRun\command - password_viewer.exe %1

\Shell\Explore\command - password_viewer.exe %1

\Shell\Open\command - password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed9e3abe-8a8b-11db-9855-91c1a4410abe}]

\Shell\AutoRun\command - F:\password_viewer.exe %1

\Shell\Explore\command - F:\password_viewer.exe %1

\Shell\Open\command - F:\password_viewer.exe %1

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

2008-02-15 C:\WINDOWS\Tasks\1-Click Maintenance.job

- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 16:09]

2008-02-16 C:\WINDOWS\Tasks\MP Scheduled Scan.job

- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-04-03 18:12]

2008-10-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHANS REMOVED - - - -

Toolbar-{FCACB5E1-DE21-4DDB-A4F6-06DD92CEB23D} - (no file)

WebBrowser-{FCACB5E1-DE21-4DDB-A4F6-06DD92CEB23D} - (no file)

ShellIconOverlayIdentifiers-hex(2):7b,38,41,34,32,44,46,42,46,2d,37,38,36,38,2d,34,30,32,39,2d,39,35,38,\ - (no file)

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

R1 -: HKCU-Internet Settings,ProxyServer = 10.1.1.8:8080

O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 -: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5e522546d2b044399bf16da979fcbb5

O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5e522546d2b044399bf16da979fcbb5

O17 -: HKLM\CCS\Interface\{D47E7D15-2338-439C-822C-F8D6C684F2AE}: NameServer = 202.188.0.133,202.188.1.5

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-27 14:33:16

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus C43 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"???????? ?????????*???????8????????????????a?wx??????????????? ?T???T??????????????b?w??T? ?T?????????D???????????h??w??T? ?T?????z??w ?T???T?????)??|???????

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-10-27 14:33:56

ComboFix-quarantined-files.txt 2008-10-27 06:33:54

Pre-Run: 3,921,641,472 bytes free

Post-Run: 5,125,308,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

207 --- E O F --- 2008-10-26 19:12:24

utopian86 · October 27, 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:36:38 PM, on 10/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

c:\acer\KnobService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\mHotkey.exe

C:\WINDOWS\CNYHKey.exe

C:\ACER\MPS.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\QvodPlayer\QvodTerminal.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.8:8080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [CHotkey] mHotkey.exe

O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe

O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe

O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?5e522546d2b044399bf16da979fcbb5

O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?5e522546d2b044399bf16da979fcbb5

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/

O15 - Trusted Zone: http://www.pandasecurity.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.33/uploader2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D47E7D15-2338-439C-822C-F8D6C684F2AE}: NameServer = 202.188.0.133,202.188.1.5

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Knob Service (KNOBSERV) - Acer Inc. - c:\acer\KnobService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Qvod Terminal - Shenzhen QVOD Technology Co.,Ltd - C:\Program Files\QvodPlayer\QvodTerminal.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 10213 bytes

utopian86 · October 27, 2008

i'm able to install avg now.

Does this pc still have anything to clean up?

1972vet · October 27, 2008

You have a couple startup entries disabled in your msconfig utility.

Please click start-->run

type:

msconfig

...then click "ok". When the System Configuration Utility opens, click the "Startup" tab. Please check the box next to SSER and StopHS. Reboot the system and check the box "Do not show this again" that pops up on reboot.

Please open a blank Notepad by clicking start-->run

Then, in the run box type Notepad.exe and click "OK".

Copy the text in the quote box below and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!

http://www.malwarebytes.org/forums/index.p...amp;#entry32382
Collect::
C:\WINDOWS\pc-off.bat

utopian86 · October 28, 2008

The pc is currently not with me at the moment. I will reply as soon as possile on friday.

Is what alright with you?

Regards

utopian86 · October 28, 2008

that*

not sure why i cant find the edit button to edit the post

1972vet · October 28, 2008

That's fine...Friday it is.

utopian86 · November 2, 2008

ComboFix 08-11-01.05 - Acer Aspire 2008-11-02 21:00:42.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.635 [GMT 8:00]

Running from: C:\Documents and Settings\Acer Aspire\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Acer Aspire\Desktop\CFScript.txt

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\pc-off.bat

.

((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))

.

2008-11-02 20:48 . 2008-11-02 20:48 <DIR> d--hs---- C:\Documents and Settings\Acer Aspire\UserData

2008-10-27 14:41 . 2008-10-27 14:41 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-10-27 14:41 . 2008-10-27 14:41 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-10-27 14:41 . 2008-10-27 14:41 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-10-27 03:33 . 2008-10-27 03:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-10-27 02:58 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-10-27 02:57 . 2008-08-14 17:51 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

2008-10-27 02:11 . 2008-05-01 22:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-22 08:10 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-10-22 08:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys

2008-10-15 16:57 332,800 ------w C:\WINDOWS\system32\dllcache\netapi32.dll

2008-10-03 17:41 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-15 11:57 1,846,016 ------w C:\WINDOWS\system32\dllcache\win32k.sys

2008-08-28 10:04 333,056 ------w C:\WINDOWS\system32\dllcache\srv.sys

2008-08-27 08:24 3,593,216 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-08-25 08:38 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ------w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-08-14 10:00 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 09:58 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe

2008-08-14 09:22 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 09:22 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe

2004-12-30 10:31 41,288 ----a-w C:\Documents and Settings\Acer Aspire\Application Data\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-10-27_14.33.34.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-12-07 02:21:46 124,928 ------w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll

+ 2007-12-19 23:01:06 347,136 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll

+ 2007-12-07 02:21:46 214,528 ------w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll

+ 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll

+ 2007-12-07 02:21:46 63,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll

+ 2007-12-06 11:00:58 70,656 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe

+ 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll

+ 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll

+ 2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll

+ 2007-12-07 02:21:46 383,488 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll

+ 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll

+ 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll

+ 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll

+ 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll

+ 2007-12-06 11:00:58 13,824 ------w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe

+ 2007-12-06 11:01:26 625,664 ------w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe

+ 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll

+ 2007-12-07 02:21:48 459,264 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll

+ 2007-12-07 02:21:48 52,224 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll

+ 2007-12-08 05:21:48 3,592,192 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll

+ 2007-12-07 02:21:48 478,208 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll

+ 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll

+ 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll

+ 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll

+ 2008-01-11 05:53:32 44,544 ------w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll

+ 2007-03-06 01:22:42 213,216 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe

+ 2007-03-06 01:23:52 371,424 ------w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll

+ 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll

+ 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll

+ 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll

+ 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll

+ 2007-09-14 13:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\MSO.DLL

+ 2007-09-06 10:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12CNV.DLL

+ 2007-08-28 16:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\WRD12EXE.EXE

+ 2007-10-02 12:00:06 14,708,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6215\XL12CNV.EXE

+ 2007-05-31 05:41:06 10,352,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE

+ 2007-04-19 06:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL

+ 2007-06-18 09:16:32 12,259,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\MSO.DLL

+ 2007-05-31 05:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE

- 2008-10-26 19:10:40 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2008-10-27 07:52:44 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe

- 2008-10-26 19:10:40 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2008-10-27 07:52:44 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2008-10-26 19:10:40 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2008-10-27 07:52:46 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2008-10-26 19:10:40 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2008-10-27 07:52:44 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2008-10-26 19:10:40 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2008-10-27 07:52:46 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2008-10-26 19:10:40 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2008-10-27 07:52:46 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2008-10-26 19:10:40 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2008-10-27 07:52:46 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2008-10-26 19:10:40 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2008-10-27 07:52:46 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2008-10-26 19:10:40 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2008-10-27 07:52:44 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2008-10-26 19:10:40 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2008-10-27 07:52:44 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2008-10-26 19:10:40 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2008-10-27 07:52:46 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2008-10-26 19:10:40 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2008-10-27 07:52:44 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2008-10-26 19:10:38 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2008-10-27 07:52:44 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2008-10-26 19:11:10 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2008-10-27 07:45:08 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

- 2007-12-07 02:21:46 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll

- 2007-12-07 02:21:46 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-08-26 07:24:28 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll

+ 2008-03-25 04:50:26 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll

- 2006-06-26 17:37:10 148,480 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

- 2007-12-07 02:21:46 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-08-26 07:24:28 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll

+ 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll

- 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

+ 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll

- 2007-12-07 02:21:46 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

+ 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

- 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll

- 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll

- 2007-12-07 02:21:46 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

+ 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

- 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

+ 2008-08-26 07:24:30 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll

- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

+ 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll

- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

+ 2008-08-26 07:24:30 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

- 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-08-26 07:24:30 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll

+ 2008-06-24 16:23:06 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll

+ 2008-02-26 11:59:50 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll

+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll

+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll

- 2007-12-07 02:21:48 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

+ 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

- 2007-12-07 02:21:48 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

+ 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

- 2007-12-07 02:21:48 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-08-26 07:24:30 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll

+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll

- 2004-03-01 03:52:16 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll

+ 2008-03-27 08:12:54 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll

+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll

+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll

+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll

+ 2008-03-25 04:50:46 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll

- 2007-12-07 02:21:48 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-08-26 07:24:30 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll

+ 2008-03-25 04:50:48 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll

+ 2008-03-25 04:50:50 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll

+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll

+ 2008-03-25 04:50:56 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll

- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll

+ 2008-03-25 04:50:58 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll

+ 2008-06-20 17:41:10 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll

+ 2008-03-25 04:50:58 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll

+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll

- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll

+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll

- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

- 2007-10-29 22:43:04 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

+ 2008-05-07 05:18:48 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

- 2007-10-30 17:20:56 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

+ 2008-06-20 10:45:14 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

- 2006-08-16 09:37:30 225,664 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

+ 2008-08-26 07:24:30 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll

- 2007-12-07 02:21:48 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

+ 2008-08-26 07:24:32 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll

- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

+ 2008-08-26 07:24:32 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll

- 2007-12-07 02:21:48 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll

+ 2008-08-26 07:24:32 826,368 ------w C:\WINDOWS\system32\dllcache\wininet.dll

- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll

+ 2008-10-27 06:41:32 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys

- 2007-10-30 17:20:56 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

+ 2008-06-20 10:45:14 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

+ 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll

- 2007-12-07 02:21:46 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll

- 2005-07-26 04:39:46 243,200 ----a-w C:\WINDOWS\system32\es.dll

+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll

- 2007-12-07 02:21:46 133,120 ------w C:\WINDOWS\system32\extmgr.dll

+ 2008-08-26 07:24:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll

- 2007-12-07 02:21:46 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll

- 2007-12-06 11:00:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

+ 2008-08-25 08:38:00 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe

- 2007-12-07 02:21:46 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

+ 2008-08-26 07:24:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll

- 2007-12-07 02:21:46 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

+ 2008-08-26 07:24:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll

- 2007-12-06 04:59:52 161,792 ------w C:\WINDOWS\system32\ieakui.dll

+ 2008-08-23 05:54:52 161,792 ------w C:\WINDOWS\system32\ieakui.dll

- 2007-12-07 02:21:46 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll

- 2007-12-07 02:21:46 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

+ 2008-08-26 07:24:30 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll

- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

+ 2008-10-03 17:41:16 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll

- 2007-12-07 02:21:46 44,544 ------w C:\WINDOWS\system32\iernonce.dll

+ 2008-08-26 07:24:30 44,544 ------w C:\WINDOWS\system32\iernonce.dll

- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

+ 2008-08-26 07:24:30 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll

- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe

- 2007-12-07 02:21:48 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

+ 2008-08-26 07:24:30 27,648 ------w C:\WINDOWS\system32\jsproxy.dll

- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

+ 2008-06-24 16:23:06 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

- 2004-08-03 16:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf.dll

+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll

- 2004-08-03 16:56:44 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll

+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll

- 2004-08-03 16:56:44 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll

+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll

- 2007-12-07 02:21:48 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll

- 2007-12-07 02:21:48 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll

- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll

+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll

- 2007-12-07 02:21:48 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll

+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll

- 2004-08-03 16:56:44 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll

+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll

- 2004-03-01 03:52:16 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll

- 2004-08-03 16:56:44 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

+ 2008-03-27 08:12:54 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

- 2004-08-03 16:56:44 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll

+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll

- 2004-08-03 16:56:44 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll

+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll

- 2004-08-03 16:56:44 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll

+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll

- 2004-08-03 16:56:44 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll

+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll

- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll

- 2004-08-03 16:56:44 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll

+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll

- 2004-08-03 16:56:44 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll

+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll

- 2004-08-03 16:56:44 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll

+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll

- 2004-08-03 16:56:44 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll

+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll

- 2007-12-07 02:21:48 671,232 ------w C:\WINDOWS\system32\mstime.dll

+ 2008-08-26 07:24:30 671,232 ------w C:\WINDOWS\system32\mstime.dll

- 2004-08-03 16:56:44 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll

+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll

- 2004-08-03 16:56:44 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll

- 2004-08-03 16:56:44 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll

+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

- 2004-08-03 16:56:44 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll

+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll

- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\system32\occache.dll

+ 2008-08-26 07:24:30 102,912 ------w C:\WINDOWS\system32\occache.dll

- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll

- 2007-10-29 22:43:04 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

+ 2008-05-07 05:18:48 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

- 2007-11-30 11:18:52 17,272 ------w C:\WINDOWS\system32\spmsg.dll

+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll

- 2007-11-13 11:31:12 60,416 ------w C:\WINDOWS\system32\tzchange.exe

+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe

- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll

+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll

- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

+ 2008-08-26 07:24:32 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll

- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

+ 2008-08-26 07:24:32 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll

- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-08-26 07:24:32 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

+ 2008-11-02 12:55:16 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_440.dat

+ 2008-04-15 17:54:20 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

.

-- Snapshot reset to current date --