There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
acer audio backup boot bsod computer connection crash dell drive driver drivers error excel firefox freeze hard disk hard drive hardware hijackthis internet laptop linksys macro malware network outlook outlook 2003 outlook 2007 password problem ram realtek recovery redirect server slow trojan usb video virus vista windows windows 7 windows 7 64 bit windows vista windowsxp windows xp wireless youtube
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
SpyAway infection (In Progress)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
Page 1 of 2 1 2
 
Thread Tools
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
04-Jul-2009, 09:04 PM #1
Unhappy SpyAway infection
Hello, my parents bought a used PC that has SpyAway infected on it. I was trying to remove it but I'm not getting anywhere. Can someone give me some advice?

Problems:
Task Manager disabled
Cannot delete SpyAway folder, do not have rights
Background changed to warn of infection
Security pop-ups in 3 or 4 different flavors that all point to a local webpage that is an ad for SpyAway or PerfectCleaner

HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:11 PM, on 7/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\qiawpbjj.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Common Files\AOL\1157389661\ee\aolsoftware.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\qiawpbjj.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {548E1154-FA99-4B77-9FC5-02C9D8C9D24D} - (no file)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: qiawpbjj.msdn_hlp - {66E72884-4FD2-464F-A6B8-468F31C40E36} - C:\WINDOWS\system32\qiawpbjj.dll (file missing)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157389661\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://real.gamehouse.com/games/beje...pcaploader.cab
O21 - SSODL: E404Helper - {6ac876c3-287e-4ec2-82a1-014d3650f3f5} - e404d.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11066 bytes
Register for free to hide this ad!
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
10-Jul-2009, 10:24 AM #2
Any ideas on where I could find more info on this?
andyspeake's Avatar
Computer Specs
Senior Member with 1,481 posts.
  
Join Date: May 2007
Location: glasgow,scotland
Experience: Training at MRU
10-Jul-2009, 04:32 PM #3
Hello, and Welcome
I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.
As I am still on training, everything that I post to you, must be checked by a teacher or senior malware remover. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.
  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
__________________
I am in training at Malware Removal University- You too could train to help others to.

If the people from TSG have helped you, please consider making a donation Here
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
12-Jul-2009, 07:58 PM #4
Sounds good to me.

Thanks!
andyspeake's Avatar
Computer Specs
Senior Member with 1,481 posts.
  
Join Date: May 2007
Location: glasgow,scotland
Experience: Training at MRU
13-Jul-2009, 06:09 AM #5
Hi,

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found here.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
__________________
I am in training at Malware Removal University- You too could train to help others to.

If the people from TSG have helped you, please consider making a donation Here
andyspeake's Avatar
Computer Specs
Senior Member with 1,481 posts.
  
Join Date: May 2007
Location: glasgow,scotland
Experience: Training at MRU
18-Jul-2009, 05:35 PM #6
Hi,

Are you still with us?
Cookiegal's Avatar
Administrator with 65,415 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
18-Sep-2009, 08:39 PM #7
Reopening thread so you can continue at the request of the original poster.
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
18-Sep-2009, 11:15 PM #8
Hey, I'm really sorry I'm so late in responding. I was able to run Combofix and it restored the task manager. Below is the Combofix log and Hijack This log.

Can you still help?
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
18-Sep-2009, 11:17 PM #9
======PART 1======== COMBOFIX

ComboFix 09-09-18.02 - Victoria 09/18/2005 19:45.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.605 [GMT -5:00]
Running from: c:\documents and settings\Victoria\Desktop\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\AddItConduit.dll
C:\AddItConfig.dll
C:\AddItManager.exe
C:\AddItTaskProc.exe
C:\AlarmApp.exe
C:\AlarmNotify.dll
C:\AlarmSvr.dll
C:\AnnaNotifier.dll
C:\atl71.dll
C:\AutoDetect.dll
C:\bakcn20.dll
C:\CardInst.dll
C:\CIApI.dll
C:\cmds21.dll
C:\ComConduit.dll
C:\ComDirect.dll
C:\ComStandard.dll
C:\CondMgr.dll
C:\ConduitConfig.dll
C:\cximage.dll
C:\data
C:\DefaultPlugin.dll
C:\DelDups.dll
C:\DeviceMonitor.exe
C:\DmConduit.dll
c:\documents and settings\Administrator\Application Data\alot
c:\documents and settings\Alisabeth\Application Data\alot
c:\documents and settings\All Users\Start Menu\Programs\SpyAway
c:\documents and settings\LocalService.NT AUTHORITY\Application Data\alot
c:\documents and settings\Rhonda\Application Data\alot
c:\documents and settings\Victoria\Application Data\alot
C:\Expcn20.dll
C:\ExtBase.dll
C:\Hotsync.exe
C:\HotSyncWizard.exe
C:\HSAPI.dll
C:\HsExgCn.dll
C:\hslog20.dll
C:\HSWizardNotify.dll
C:\HSWizardRes.dll
C:\i18n22.dll
C:\i18n50.dll
C:\i18nNoMFC.dll
C:\imex20.dll
C:\Imex22.dll
C:\INSCN20.DLL
C:\Instaide.dll
C:\Instapp.exe
C:\InstAppN.dll
C:\InstServ.dll
C:\InterOp.DMCONDUITLib.Dll
C:\InterOp.PDDirectLib.Dll
C:\InterOp.PDStandardLib.Dll
C:\InterOp.PSDConduitLib.Dll
C:\libprc.dll
C:\mfc71.dll
C:\MFC71CHS.DLL
C:\MFC71CHT.DLL
C:\MFC71DEU.DLL
C:\MFC71ENU.DLL
C:\MFC71ESP.DLL
C:\MFC71FRA.DLL
C:\MFC71ITA.DLL
C:\MFC71JPN.DLL
C:\MFC71KOR.DLL
C:\mfc71u.dll
C:\msvcp71.dll
C:\msvcr71.dll
C:\Netcond.dll
C:\NotePad.dll
C:\ocpCalendarCn.dll
C:\ocpCalendarHH.dll
C:\ocpCalendarOL.dll
C:\ocpConduitUI.dll
C:\ocpContactsCn.dll
C:\ocpContactsHH.dll
C:\ocpContactsOL.dll
C:\ocpHHDbWrapper.dll
C:\ocpMapInfo.dll
C:\ocpNotesCn.dll
C:\ocpNotesHH.dll
C:\ocpNotesOL.dll
C:\ocpNotifier.dll
C:\ocpPIMStoreIF.dll
C:\ocpProgressBar.dll
C:\ocpSyncClient.dll
C:\ocpTasksCn.dll
C:\ocpTasksHH.dll
C:\ocpTasksOL.dll
C:\OutlookSwitcher.exe
C:\Palm.exe
C:\Palm41.dll
C:\PalmCmn.dll
C:\PalmExtras.dll
C:\PalmShare.dll
C:\PalmUI.dll
C:\pdcmn20.dll
C:\pdcmn21.dll
C:\Pdcmn22.dll
C:\PdCmn50.dll
C:\pdn20.dll
C:\PictPreview.dll
C:\PIL.exe
C:\PqiCmdLine.exe
C:\PqiIcon.dll
C:\pqipm.exe
c:\program files\3721
c:\program files\3721\assist\asbar.dll
c:\program files\3721\helper.dll
c:\program files\Accoona
c:\program files\Accoona\ASearchAssist.dll
c:\program files\akl
c:\program files\akl\akl.dll
c:\program files\akl\akl.exe
c:\program files\akl\curlog.htm
c:\program files\akl\keylog.txt
c:\program files\akl\readme.txt
c:\program files\akl\uninstall.exe
c:\program files\akl\unsetup.dat
c:\program files\akl\unsetup.exe
c:\program files\amsys
c:\program files\amsys\awmsg.dat
c:\program files\amsys\guid.dat
c:\program files\amsys\ijl15.dll
c:\program files\amsys\mfc42.dll
c:\program files\amsys\msvcrt.dll
c:\program files\amsys\unins000.dat
c:\program files\amsys\unis000.exe
c:\program files\amsys\winam.dat
c:\program files\e-zshopper
c:\program files\e-zshopper\BarLcher.dll
c:\program files\p2pnetworks
c:\program files\p2pnetworks\amp2pl.exe
C:\PRouter.dll
C:\PSDConduit.dll
C:\PSITzLib.dll
C:\QueryDLL.dll
C:\QuickInstall.exe
C:\ReadDeviceInfo.dll
C:\register.exe
C:\RegServ.dll
C:\ScoreBATIII.dll
C:\ScoreBVAT.dll
C:\ScoreWJ.dll
C:\ScoreWJIII.dll
C:\SgCalendarCn.dll
C:\SgConflictNotifier.dll
C:\SgContactsCn.dll
C:\SgContactsCnC.dll
C:\SgControls.dll
C:\SgDateAlarm.dll
C:\SgInstallFileList.dll
C:\SgMemosCn.dll
C:\SgMemosCnC.dll
C:\SgPalmShare.dll
C:\SgPqiCn.dll
C:\SgTables.dll
C:\SgTasksCn.dll
C:\SgThemes.dll
C:\SgUI.dll
C:\shw32.dll
C:\Subs30.dll
C:\sync20.dll
C:\SyncGet.dll
C:\SyncSet.dll
C:\table20.dll
C:\table21.dll
C:\Table22.dll
C:\Table22_PSI.dll
C:\Table50.dll
C:\TableGlue.dll
C:\USBTransport.dll
C:\UserData.dll
C:\versit.dll
C:\VFSAPI.dll
c:\windows\764.exe
c:\windows\7search.dll
c:\windows\absolute key logger.lnk
c:\windows\aconti.exe
c:\windows\aconti.ini
c:\windows\aconti.log
c:\windows\aconti.sdb
c:\windows\acontidialer.txt
c:\windows\adbar.dll
c:\windows\cbinst$.exe
c:\windows\daxtime.dll
c:\windows\default.htm
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\dp0.dll
c:\windows\eventlowg.dll
c:\windows\fhfmm-Uninstaller.exe
c:\windows\fhfmm.exe
c:\windows\flt.dll
c:\windows\hcwprn.exe
c:\windows\hotporn.exe
c:\windows\ie_32.exe
c:\windows\iexplorr23.dll
c:\windows\Installer\17656e.msi
c:\windows\jd2002.dll
c:\windows\kb913800.exe
c:\windows\kkcomp$.exe
c:\windows\kkcomp.dll
c:\windows\kkcomp.exe
c:\windows\kvnab$.exe
c:\windows\kvnab.dll
c:\windows\kvnab.exe
c:\windows\liqad$.exe
c:\windows\liqad.dll
c:\windows\liqad.exe
c:\windows\liqui-Uninstaller.exe
c:\windows\liqui.dll
c:\windows\liqui.exe
c:\windows\ngd.dll
c:\windows\pbar.dll
c:\windows\pbsysie.dll
c:\windows\settn.dll
c:\windows\spredirect.dll
c:\windows\system32\ace16win.dll
c:\windows\system32\acespy
c:\windows\system32\acespy\__acelog.ndx
c:\windows\system32\acespy\systune.exe
c:\windows\system32\din.ip
c:\windows\system32\drivers\4_stars.gif
c:\windows\system32\drivers\5_stars.gif
c:\windows\system32\drivers\alert_icon.gif
c:\windows\system32\drivers\arrow.gif
c:\windows\system32\drivers\buy_btn.gif
c:\windows\system32\drivers\close_icon.gif
c:\windows\system32\drivers\detect.htm
c:\windows\system32\drivers\download_btn.gif
c:\windows\system32\drivers\features.gif
c:\windows\system32\drivers\header_bg.gif
c:\windows\system32\drivers\icon_warning.gif
c:\windows\system32\drivers\logo_bg.gif
c:\windows\system32\drivers\perfect_cleaner_box.jpg
c:\windows\system32\drivers\perfect_cleaner_box_small.jpg
c:\windows\system32\drivers\perfect_cleaner_header.gif
c:\windows\system32\drivers\perfect_cleaner_header_small.gif
c:\windows\system32\drivers\protect.gif
c:\windows\system32\drivers\s_detect.htm
c:\windows\system32\drivers\secuity_center_logo.gif
c:\windows\system32\drivers\spy_away_box.jpg
c:\windows\system32\drivers\spy_away_box_small.jpg
c:\windows\system32\drivers\spy_away_header.gif
c:\windows\system32\drivers\spy_away_header_small.gif
c:\windows\system32\drivers\users_rating.gif
c:\windows\system32\drivers\v.gif
c:\windows\system32\drivers\x.gif
c:\windows\system32\e404d.dll
c:\windows\system32\ESHOPEE.exe
c:\windows\system32\gtv_sd.bin
c:\windows\system32\jofstvyt.sbin
c:\windows\system32\msole32.exe
c:\windows\system32\prrbpgbr.sys
c:\windows\system32\rwuwin32.drv
c:\windows\system32\stfv.bin
c:\windows\system32\sznf.ascii
c:\windows\system32\vxddsk.exe
c:\windows\system32\wml.exe
c:\windows\vxddsk.exe
c:\windows\wbeCheck.exe
c:\windows\wbeInst$.exe
c:\windows\wml.exe
c:\windows\xadbrk.dll
c:\windows\xadbrk.exe
c:\windows\xadbrk_.exe
c:\windows\xxxvideo.exe
C:\WJIIINU.exe
C:\zlib.dll
.
((((((((((((((((((((((((( Files Created from 2005-08-19 to 2005-09-19 )))))))))))))))))))))))))))))))
.
2007-11-30 21:35 . 2007-11-30 21:35 304257 ----a-w- c:\windows\system32\avtmd.exe
2007-11-30 21:35 . 2007-11-30 21:35 2 ----a-w- c:\windows\system32\faxwin32.bin
2007-10-31 21:28 . 2007-10-31 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2007-10-21 15:22 . 1998-06-03 14:08 27136 ----a-w- c:\windows\system32\QTUninst.dll
2007-10-21 15:21 . 1998-03-20 18:41 596992 ----a-w- c:\windows\system32\rave.dll
2007-10-21 15:21 . 1998-03-20 18:39 969216 ----a-w- c:\windows\system32\qd3d.dll
2007-10-21 15:21 . 1998-03-20 18:38 126976 ----a-w- c:\windows\system32\3DViewer.dll
2007-10-21 15:21 . 2007-10-21 15:21 -------- d-----w- c:\program files\Blaster
2007-10-21 14:49 . 2007-10-21 14:49 -------- d-----w- C:\Barbie(TM)
2007-10-21 14:49 . 2007-10-21 14:49 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
2007-10-16 21:25 . 2007-10-16 21:25 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2007-10-16 21:25 . 2004-01-30 00:18 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2007-10-16 21:25 . 2007-10-16 21:25 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2007-10-16 21:25 . 2005-06-23 16:06 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2007-10-16 21:23 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2007-10-16 21:23 . 2004-08-10 09:13 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2007-10-16 21:21 . 2004-08-10 11:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2007-10-16 21:20 . 2004-08-10 11:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2007-10-16 21:19 . 2004-08-10 11:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2007-10-16 21:16 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2007-10-05 00:54 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2007-10-05 00:54 . 2004-08-10 11:00 24661 ------w- c:\windows\system32\spxcoins.dll
2007-10-05 00:54 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2007-10-05 00:54 . 2004-08-10 11:00 13312 ------w- c:\windows\system32\irclass.dll
2007-10-04 19:43 . 2007-10-04 19:43 -------- d-----w- c:\windows\dell
2007-08-26 17:00 . 2005-04-01 03:45 -------- d-----w- c:\documents and settings\Rhonda\Application Data\U3
2007-08-13 23:26 . 2007-08-13 23:26 -------- d-s---w- c:\documents and settings\Rhonda\UserData
2007-08-13 02:06 . 2007-08-13 02:06 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Identities
2007-08-12 17:54 . 2007-08-12 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2007-08-12 17:54 . 2007-08-12 18:56 -------- d-----w- c:\program files\WildGames
2007-08-11 16:42 . 2007-08-11 16:45 -------- d-----w- c:\documents and settings\Victoria\Application Data\ScamGuard
2007-08-11 15:23 . 2007-08-11 15:23 -------- d-----w- c:\program files\DellSupport
2007-08-11 14:54 . 2007-08-11 14:54 -------- d-----w- c:\documents and settings\Rhonda\Application Data\ScamGuard
2007-08-11 00:41 . 2007-08-12 20:26 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\ScamGuard
2007-08-11 00:06 . 2006-03-22 17:07 10752 ------w- c:\windows\system32\PopWait.exe
2007-08-11 00:06 . 2006-03-22 00:43 63488 ------w- c:\windows\system32\unPPC6000.exe
2007-08-11 00:06 . 2005-07-25 17:15 67584 ------w- c:\windows\system32\unPPC.exe
2007-08-11 00:06 . 2005-07-25 17:15 45056 ------w- c:\windows\system32\ppcwebi.dll
2007-08-11 00:06 . 2005-07-25 17:15 28672 ------w- c:\windows\system32\RegHero.exe
2007-08-11 00:06 . 2005-07-25 17:15 18432 ------w- c:\windows\system32\PPCInfo.exe
2007-06-30 21:57 . 2007-06-30 21:57 -------- d-----w- c:\documents and settings\Rhonda\WINDOWS
2007-05-27 23:32 . 2007-05-27 23:32 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Adobe
2007-05-27 23:32 . 2007-05-27 23:32 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\AdobeUM
2007-05-13 21:43 . 2007-05-13 21:43 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Viewpoint
2007-05-08 20:03 . 2007-05-08 20:03 1275392 ------w- c:\windows\system32\msxml4.dll
2007-02-28 09:55 . 2007-02-28 09:55 2182144 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2007-02-28 09:53 . 2007-02-28 09:53 2137600 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2007-02-28 09:15 . 2007-02-28 09:15 2017280 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-02-28 09:15 . 2007-02-28 09:15 2059392 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2007-02-25 17:16 . 2005-09-15 05:38 56 --sh--r- c:\windows\system32\7111FADAF0.sys
2007-02-25 17:10 . 2007-02-25 17:10 5376 --s-a-w- c:\windows\system32\drivers\dsunidrv.sys
2007-02-11 00:58 . 1998-06-18 11:58 94208 ------w- c:\windows\system32\msstkprp.dll
2007-02-11 00:57 . 2007-02-11 00:57 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\InstallShield
2007-01-22 23:10 . 2007-01-22 23:10 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Viewpoint
2007-01-20 19:53 . 2007-01-20 19:53 -------- d-----w- c:\documents and settings\Victoria\Application Data\Viewpoint
2007-01-04 22:40 . 2007-01-04 22:40 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Adobe
2007-01-04 22:40 . 2007-01-04 22:40 -------- d-----w- c:\documents and settings\Victoria\Application Data\AdobeUM
2006-12-30 22:15 . 2006-12-30 22:15 -------- d-----w- c:\documents and settings\Victoria\Application Data\Corel Photo Album
2006-12-30 22:15 . 2006-12-30 22:15 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Corel Photo Album
2006-12-30 22:14 . 2005-09-18 18:25 5018 ----a-w- c:\windows\system32\KGyGaAvL.sys
2006-12-30 22:14 . 2005-09-18 18:25 88 --sh--r- c:\windows\system32\F0DAFA1171.sys
2006-12-20 19:30 . 2006-12-20 19:30 -------- d-----w- c:\documents and settings\Rhonda\Application Data\FUJIFILM
2006-12-20 19:27 . 2004-07-24 18:28 155648 ------w- c:\windows\system32\FFRAFLIB.DLL
2006-12-20 19:27 . 2003-09-04 07:45 274432 ------w- c:\windows\system32\FFTIFF16.dll
2006-12-20 19:25 . 2001-11-25 11:11 81924 ----a-w- c:\windows\system32\drivers\VC4CB104.SYS
2006-12-20 19:25 . 2006-12-20 19:25 -------- d-----w- c:\program files\REGSHAVE
2006-12-20 19:25 . 2002-06-25 16:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2006-12-20 19:25 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2006-12-20 19:25 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2006-12-20 19:25 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2006-11-18 00:42 . 2006-11-18 00:42 -------- d-----w- c:\program files\MSXML 4.0
2006-11-18 00:42 . 2006-11-18 00:42 -------- d-----w- C:\d8b74c6c2e7d409c8f
2006-11-16 16:44 . 2006-11-16 16:44 33592 ----a-w- c:\windows\system32\drivers\atwpkt264.sys
2006-11-16 16:44 . 2006-11-16 16:44 25136 ----a-w- c:\windows\system32\drivers\atwpkt2.sys
2006-11-04 22:29 . 2006-11-04 22:29 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Help
2006-11-02 15:48 . 2006-11-02 15:48 -------- d-----w- c:\documents and settings\Rhonda\Application Data\AdobeUM
2006-11-02 15:47 . 2006-11-02 15:47 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\Adobe
2006-11-02 15:46 . 2004-08-23 01:47 -------- d-----w- c:\program files\Common Files\Adobe
2006-10-22 23:52 . 2005-06-13 19:33 40176 ----a-w- c:\documents and settings\Victoria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-10-20 23:04 . 2006-10-20 23:04 -------- d-----w- c:\windows\Sun
2006-10-18 00:29 . 2006-10-18 00:29 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Help
2006-10-15 02:05 . 2004-08-04 05:56 159232 ------w- c:\windows\system32\ptpusd.dll
2006-10-15 02:05 . 2001-08-18 03:36 5632 ------w- c:\windows\system32\ptpusb.dll
2006-10-15 01:59 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2006-10-07 19:20 . 2006-10-07 19:20 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Identities
2006-10-07 17:49 . 2006-10-07 17:49 -------- d-----w- c:\program files\directx
2006-10-07 17:48 . 2007-02-11 00:58 -------- d-----w- c:\program files\Disney Interactive
2006-09-23 01:18 . 2005-09-15 05:38 -------- d-----w- c:\documents and settings\Victoria\Application Data\Corel
2006-09-22 22:38 . 2006-09-22 22:38 -------- d-s---w- c:\documents and settings\Victoria\UserData
2006-09-10 21:29 . 2004-08-23 01:49 40176 ----a-w- c:\documents and settings\Rhonda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-09-10 19:56 . 2007-07-27 17:31 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Corel
2006-09-09 18:15 . 2006-09-09 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2006-09-09 18:07 . 1997-04-29 08:33 1394688 ----a-w- C:\IHMATH.EXE
2006-09-09 18:07 . 1997-04-24 11:45 2993 ----a-w- C:\CHALL.DAT
2006-09-09 18:07 . 1997-04-04 17:39 15300 ----a-w- C:\AZTSHAPE.DAT
2006-09-09 18:07 . 1997-03-14 18:57 26144 ----a-w- C:\LAUNCH16.DLL
2006-09-09 18:07 . 1997-03-07 15:05 10880 ----a-w- C:\UNINST16.DLL
2006-09-09 18:07 . 1997-02-26 19:03 29184 ----a-w- C:\UNINST.DLL
2006-09-09 18:07 . 1996-12-16 15:41 15872 ----a-w- C:\DKRES32.DLL
2006-09-09 18:07 . 1996-12-12 15:32 4876 ----a-w- C:\DKRES16.DLL
2006-09-09 17:54 . 2005-03-04 02:03 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Corel
2006-09-09 17:53 . 2006-09-09 17:53 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\AOL
2006-09-09 14:59 . 2006-12-18 01:03 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\AOL
2006-09-09 13:35 . 2006-09-09 13:35 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Jasc Software Inc
2006-09-09 13:34 . 2006-09-09 13:34 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2006-09-09 13:33 . 2006-09-09 13:35 -------- d-----w- c:\program files\Jasc Software Inc
2006-09-09 13:32 . 2006-09-09 13:33 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2006-09-09 13:31 . 2005-09-10 06:19 -------- d-----w- c:\program files\Dl_cats
2006-09-09 13:29 . 2006-09-09 13:53 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2006-09-09 13:29 . 2006-09-09 13:29 -------- d-----w- C:\Temp
2006-09-09 13:27 . 2006-09-09 13:27 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\AOL
2006-09-09 13:22 . 2006-09-09 13:22 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\Identities
2006-09-09 13:21 . 2006-09-09 13:53 -------- d-----w- c:\program files\Dell Photo AIO Printer 924
2006-09-09 13:21 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2006-09-09 13:21 . 2001-08-18 03:36 87040 ------w- c:\windows\system32\wiafbdrv.dll
2006-09-09 13:19 . 2004-08-04 04:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2006-09-04 19:42 . 2006-09-04 19:42 10920 ----a-w- C:\aolconnfix.exe
2006-09-04 17:23 . 2006-09-04 17:23 -------- d-----w- c:\program files\Common Files\aolback
2006-09-04 17:09 . 2006-09-04 17:09 -------- d-----w- c:\documents and settings\Rhonda\Application Data\You've Got Pictures Screensaver
2006-09-04 17:08 . 2001-11-21 15:15 102400 ------w- c:\windows\system32\SimpleRegistry.dll
2006-09-04 17:08 . 1999-04-17 07:06 10752 ------w- c:\windows\system32\aamd532.dll
2006-09-04 16:43 . 2004-03-24 15:12 4272 ----a-w- c:\windows\system32\drivers\bvrp_pci.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 22:42 . 2005-08-30 21:47 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2008-11-26 22:42 . 2005-08-30 21:47 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2008-11-26 22:39 . 2005-08-30 21:47 1195384 ----a-w- c:\windows\system32\drivers\VsapiNT.sys
2008-10-16 19:13 . 2005-08-16 09:40 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:13 . 2005-08-16 09:40 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2005-08-16 09:40 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2005-08-16 09:40 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:09 . 2005-08-16 09:40 51224 ----a-w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2005-05-26 09:16 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 19:09 . 2004-08-10 11:00 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2005-08-16 09:40 34328 ----a-w- c:\windows\system32\wups.dll
2008-05-30 19:19 . 2005-09-11 23:00 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 19:18 . 2005-09-11 23:00 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 19:17 . 2005-09-11 23:00 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 19:17 . 2005-09-11 23:00 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 19:11 . 2005-09-11 23:00 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 19:11 . 2005-09-11 23:00 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-05-30 19:11 . 2005-09-11 23:00 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2008-03-05 21:03 . 2005-09-11 23:00 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2008-03-05 21:03 . 2005-09-11 23:00 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2008-03-05 21:00 . 2005-09-11 23:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2008-03-05 20:56 . 2005-09-11 23:00 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2008-03-05 20:56 . 2005-09-11 23:00 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2008-02-06 04:07 . 2005-09-11 23:00 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2007-10-22 08:39 . 2005-09-11 23:00 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2007-10-22 08:37 . 2005-09-11 23:00 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2007-10-21 15:22 . 2006-08-17 03:32 -------- d-----w- c:\program files\QuickTime
2007-10-16 21:14 . 2005-08-16 09:38 34380 ------w- c:\windows\system32\emptyregdb.dat
2007-10-12 20:14 . 2005-09-11 23:00 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2007-10-12 20:14 . 2005-09-11 23:00 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2007-10-02 14:56 . 2005-09-11 23:00 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2007-08-22 13:12 . 2006-03-04 03:33 658944 ----a-w- c:\windows\system32\wininet.dll
2007-08-21 06:15 . 2005-08-16 09:40 683520 ------w- c:\windows\system32\inetcomm.dll
2007-08-16 00:10 . 2006-08-23 23:28 -------- d--h--w- c:\documents and settings\Victoria\Application Data\Gtek
2007-08-13 18:00 . 2006-08-22 22:54 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Gtek
2007-08-12 16:42 . 2006-08-22 22:56 -------- d--h--w- c:\documents and settings\Rhonda\Application Data\Gtek
2007-07-20 05:57 . 2005-09-11 23:00 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2007-07-19 23:14 . 2005-09-11 23:00 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2007-07-19 23:14 . 2005-09-11 23:00 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2007-07-19 23:14 . 2005-09-11 23:00 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2007-07-09 13:09 . 2004-08-10 11:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-06-26 06:08 . 2004-08-10 11:00 1104896 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 01:46 . 2005-09-11 23:00 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2007-06-19 13:31 . 2004-08-10 11:00 282112 ----a-w- c:\windows\system32\gdi32.dll
2007-06-13 10:23 . 2004-08-10 11:00 1033216 ----a-w- c:\windows\explorer.exe
2007-05-17 11:28 . 2004-08-10 11:00 549376 ------w- c:\windows\system32\oleaut32.dll
2007-05-16 21:45 . 2005-09-11 23:00 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2007-05-16 21:45 . 2005-09-11 23:00 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2007-05-16 21:45 . 2005-09-11 23:00 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2007-05-02 03:41 . 2007-05-02 03:41 251 ----a-w- c:\program files\wt3d.ini
2007-04-25 14:21 . 2004-08-10 11:00 144896 ------w- c:\windows\system32\schannel.dll
2007-04-23 10:32 . 2004-08-10 11:00 364160 ----a-w- c:\windows\system32\drivers\update.sys
2007-04-04 23:55 . 2005-09-11 23:00 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2007-04-04 23:53 . 2005-09-11 23:00 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2007-03-17 13:43 . 2004-08-10 11:00 292864 ----a-w- c:\windows\system32\winsrv.dll
2007-03-15 21:57 . 2005-09-11 23:00 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2007-03-12 21:42 . 2005-09-11 23:00 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2007-03-12 21:42 . 2005-09-11 23:00 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2007-03-08 15:36 . 2004-08-10 11:00 577536 ----a-w- c:\windows\system32\user32.dll
2007-03-08 15:36 . 2004-08-10 11:00 40960 ------w- c:\windows\system32\mf3216.dll
2007-03-08 13:47 . 2004-08-10 11:00 1843584 ------w- c:\windows\system32\win32k.sys
2007-03-05 17:42 . 2005-09-11 23:00 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2007-02-28 09:53 . 2005-03-30 01:21 2137600 ------w- c:\windows\system32\ntoskrnl.exe
2007-02-28 09:15 . 2005-03-30 01:01 2017280 ------w- c:\windows\system32\ntkrnlpa.exe
2007-02-09 11:10 . 2004-08-10 11:00 574464 ----a-w- c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:17 . 2004-08-10 11:00 185344 ------w- c:\windows\system32\upnphost.dll
2007-01-24 20:27 . 2005-09-11 23:00 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2007-01-20 19:53 . 2006-08-17 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2007-01-18 16:24 . 2005-02-16 02:59 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2006-12-30 22:14 . 2006-08-23 23:28 131 ----a-w- c:\documents and settings\Victoria\Local Settings\Application Data\fusioncache.dat
2006-12-08 17:02 . 2005-09-11 23:00 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2006-11-29 18:06 . 2005-09-11 23:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2006-11-01 19:17 . 2004-08-10 11:00 927504 ------w- c:\windows\system32\mfc40u.dll
2006-10-19 13:56 . 2004-08-10 11:00 713216 ----a-w- c:\windows\system32\sxs.dll
2006-10-16 16:15 . 2004-08-10 11:00 122880 ------w- c:\windows\system32\oledlg.dll
2006-10-14 08:13 . 2004-08-10 11:00 981760 ------w- c:\windows\system32\mfc42u.dll
2006-10-13 12:35 . 2004-08-10 11:00 65536 ------w- c:\windows\system32\nwwks.dll
2006-10-13 12:35 . 2004-08-10 11:00 64000 ------w- c:\windows\system32\nwapi32.dll
2006-10-13 12:35 . 2004-08-10 11:00 142336 ------w- c:\windows\system32\nwprovau.dll
2006-10-13 10:23 . 2004-08-10 11:00 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys
2006-09-28 21:05 . 2005-09-11 23:00 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2006-09-28 21:05 . 2005-09-11 23:00 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2006-09-07 00:43 . 2006-08-23 23:28 -------- d-----w- c:\documents and settings\Victoria\Application Data\AOL
2006-09-04 16:43 . 2006-08-17 03:30 -------- d-----w- c:\program files\Modem Helper
2006-09-02 15:29 . 2006-09-02 15:27 32472 ----a-w- c:\program files\Uninst.isu
2006-08-29 21:49 . 2006-08-22 22:56 129 ----a-w- c:\documents and settings\Rhonda\Local Settings\Application Data\fusioncache.dat
2006-08-25 15:45 . 2004-08-10 11:00 617472 ------w- c:\windows\system32\comctl32.dll
2006-08-23 23:33 . 2006-08-17 03:33 -------- d-----w- c:\program files\WildTangent
2006-08-23 23:26 . 2006-08-22 22:54 132 ----a-w- c:\documents and settings\Alisabeth\Local Settings\Application Data\fusioncache.dat
2006-08-22 10:05 . 2004-08-10 11:00 498742 ------w- c:\windows\system32\dxmasf.dll
2006-08-21 15:52 . 2004-08-10 11:00 246814 ------w- c:\windows\system32\strmdll.dll
2006-08-21 12:21 . 2005-08-16 09:40 16896 ----a-w- c:\windows\system32\fltlib.dll
2006-08-21 09:14 . 2005-08-16 09:40 23040 ----a-w- c:\windows\system32\fltmc.exe
2006-08-21 09:14 . 2005-08-16 09:40 128896 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2006-08-17 12:28 . 2004-08-10 11:00 721920 ------w- c:\windows\system32\lsasrv.dll
2006-08-17 12:28 . 2004-08-10 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\SearchAssist
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\BAE
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\Sonic
2006-08-17 03:38 . 2006-08-17 03:30 -------- d-----w- c:\program files\Common Files\Sonic Shared
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Last edited by agriffith96 : 18-Sep-2009 11:19 PM. Reason: added Page and Title
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
18-Sep-2009, 11:18 PM #10
==========PART 2========= COMBOFIX

*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-17 98304]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
c:\documents and settings\Victoria\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2005-8-23 256000]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 4:47 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 4:47 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 4:47 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 4:47 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 4:47 PM 262215]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mwii.net/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
BHO-{c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
BHO-{d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
BHO-{e9306072-417e-43e3-81d5-369490beef7c} - (no file)
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe
SSODL-E404Helper-{6ac876c3-287e-4ec2-82a1-014d3650f3f5} - e404d.dll
AddRemove-HelloKitty - c:\documents and settings\Rhonda\Desktop\HelloKitty\uninstall.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-09-18 19:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2005-09-19 19:58
ComboFix-quarantined-files.txt 2005-09-19 00:58
Pre-Run: 211,788,124,160 bytes free
Post-Run: 212,900,216,832 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
603 --- E O F --- 2005-07-05 02:13
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
18-Sep-2009, 11:18 PM #11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:47 PM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mwii.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 7562 bytes
Cookiegal's Avatar
Administrator with 65,415 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
19-Sep-2009, 09:09 PM #12
I will be continuing this with you but won't be able to get to it until tomorrow.
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
19-Sep-2009, 09:12 PM #13
Thank you.
Cookiegal's Avatar
Administrator with 65,415 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
20-Sep-2009, 09:56 AM #14
First, do you have a program called I Hate Math?

Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
c:\windows\system32\avtmd.exe
c:\windows\system32\faxwin32.bin
c:\windows\system32\SimpleRegistry.dll
c:\windows\system32\aamd532.dll
c:\documents and settings\Victoria\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.
__________________
Microsoft MVP - Consumer Security
agriffith96's Avatar
Junior Member with 16 posts.
  
Join Date: Jul 2009
Experience: Intermediate
28-Sep-2009, 07:26 PM #15
There is a program called I Love Math! in the Add\Remove Programs. It's an odd looking program cause it shows 0.00MB as a size.

ComboFix 09-09-27.05 - Victoria 09/28/2005 19:05.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.647 [GMT -5:00]
Running from: c:\documents and settings\Victoria\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Victoria\Desktop\CFScript.txt
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Resident AV is active

FILE ::
"c:\documents and settings\Victoria\Start Menu\Programs\Startup\PowerReg Scheduler.exe"
"c:\windows\system32\aamd532.dll"
"c:\windows\system32\avtmd.exe"
"c:\windows\system32\faxwin32.bin"
"c:\windows\system32\SimpleRegistry.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Victoria\Start Menu\Programs\Startup\PowerReg Scheduler.exe
c:\windows\system32\aamd532.dll
c:\windows\system32\avtmd.exe
c:\windows\system32\faxwin32.bin
c:\windows\system32\SimpleRegistry.dll
.
((((((((((((((((((((((((( Files Created from 2005-08-28 to 2005-09-29 )))))))))))))))))))))))))))))))
.
2007-10-31 21:28 . 2007-10-31 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2007-10-21 15:22 . 1998-06-03 14:08 27136 ----a-w- c:\windows\system32\QTUninst.dll
2007-10-21 15:21 . 1998-03-20 18:41 596992 ----a-w- c:\windows\system32\rave.dll
2007-10-21 15:21 . 1998-03-20 18:39 969216 ----a-w- c:\windows\system32\qd3d.dll
2007-10-21 15:21 . 1998-03-20 18:38 126976 ----a-w- c:\windows\system32\3DViewer.dll
2007-10-21 15:21 . 2007-10-21 15:21 -------- d-----w- c:\program files\Blaster
2007-10-21 14:49 . 2007-10-21 14:49 -------- d-----w- C:\Barbie(TM)
2007-10-21 14:49 . 2007-10-21 14:49 -------- d-----w- c:\program files\Common Files\Knowledge Adventure
2007-10-16 21:25 . 2007-10-16 21:25 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2007-10-16 21:25 . 2004-01-30 00:18 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2007-10-16 21:25 . 2007-10-16 21:25 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft
2007-10-16 21:25 . 2005-06-23 16:06 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2007-10-16 21:23 . 2004-08-10 09:13 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2007-10-16 21:23 . 2004-08-10 09:13 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2007-10-16 21:23 . 2004-08-10 09:13 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2007-10-16 21:21 . 2004-08-10 11:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2007-10-16 21:20 . 2004-08-10 11:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2007-10-16 21:19 . 2004-08-10 11:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2007-10-16 21:16 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2007-10-05 00:54 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2007-10-05 00:54 . 2004-08-10 11:00 24661 ------w- c:\windows\system32\spxcoins.dll
2007-10-05 00:54 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2007-10-05 00:54 . 2004-08-10 11:00 13312 ------w- c:\windows\system32\irclass.dll
2007-10-04 19:43 . 2007-10-04 19:43 -------- d-----w- c:\windows\dell
2007-08-26 17:00 . 2005-04-01 03:45 -------- d-----w- c:\documents and settings\Rhonda\Application Data\U3
2007-08-13 23:26 . 2007-08-13 23:26 -------- d-s---w- c:\documents and settings\Rhonda\UserData
2007-08-13 02:06 . 2007-08-13 02:06 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Identities
2007-08-12 17:54 . 2007-08-12 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2007-08-12 17:54 . 2007-08-12 18:56 -------- d-----w- c:\program files\WildGames
2007-08-11 16:42 . 2007-08-11 16:45 -------- d-----w- c:\documents and settings\Victoria\Application Data\ScamGuard
2007-08-11 15:23 . 2007-08-11 15:23 -------- d-----w- c:\program files\DellSupport
2007-08-11 14:54 . 2007-08-11 14:54 -------- d-----w- c:\documents and settings\Rhonda\Application Data\ScamGuard
2007-08-11 00:41 . 2007-08-12 20:26 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\ScamGuard
2007-08-11 00:06 . 2006-03-22 17:07 10752 ------w- c:\windows\system32\PopWait.exe
2007-08-11 00:06 . 2006-03-22 00:43 63488 ------w- c:\windows\system32\unPPC6000.exe
2007-08-11 00:06 . 2005-07-25 17:15 67584 ------w- c:\windows\system32\unPPC.exe
2007-08-11 00:06 . 2005-07-25 17:15 45056 ------w- c:\windows\system32\ppcwebi.dll
2007-08-11 00:06 . 2005-07-25 17:15 28672 ------w- c:\windows\system32\RegHero.exe
2007-08-11 00:06 . 2005-07-25 17:15 18432 ------w- c:\windows\system32\PPCInfo.exe
2007-06-30 21:57 . 2007-06-30 21:57 -------- d-----w- c:\documents and settings\Rhonda\WINDOWS
2007-05-27 23:32 . 2007-05-27 23:32 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Adobe
2007-05-27 23:32 . 2007-05-27 23:32 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\AdobeUM
2007-05-13 21:43 . 2007-05-13 21:43 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Viewpoint
2007-05-08 20:03 . 2007-05-08 20:03 1275392 ------w- c:\windows\system32\msxml4.dll
2007-02-28 09:55 . 2007-02-28 09:55 2182144 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2007-02-28 09:53 . 2007-02-28 09:53 2137600 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2007-02-28 09:15 . 2007-02-28 09:15 2017280 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2007-02-28 09:15 . 2007-02-28 09:15 2059392 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2007-02-25 17:16 . 2005-09-15 05:38 56 --sh--r- c:\windows\system32\7111FADAF0.sys
2007-02-25 17:10 . 2007-02-25 17:10 5376 --s-a-w- c:\windows\system32\drivers\dsunidrv.sys
2007-02-11 00:58 . 1998-06-18 11:58 94208 ------w- c:\windows\system32\msstkprp.dll
2007-02-11 00:57 . 2007-02-11 00:57 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\InstallShield
2007-01-22 23:10 . 2007-01-22 23:10 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Viewpoint
2007-01-20 19:53 . 2007-01-20 19:53 -------- d-----w- c:\documents and settings\Victoria\Application Data\Viewpoint
2007-01-04 22:40 . 2007-01-04 22:40 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Adobe
2007-01-04 22:40 . 2007-01-04 22:40 -------- d-----w- c:\documents and settings\Victoria\Application Data\AdobeUM
2006-12-30 22:15 . 2006-12-30 22:15 -------- d-----w- c:\documents and settings\Victoria\Application Data\Corel Photo Album
2006-12-30 22:15 . 2006-12-30 22:15 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Corel Photo Album
2006-12-30 22:14 . 2005-09-18 18:25 5018 ----a-w- c:\windows\system32\KGyGaAvL.sys
2006-12-30 22:14 . 2005-09-18 18:25 88 --sh--r- c:\windows\system32\F0DAFA1171.sys
2006-12-20 19:30 . 2006-12-20 19:30 -------- d-----w- c:\documents and settings\Rhonda\Application Data\FUJIFILM
2006-12-20 19:27 . 2004-07-24 18:28 155648 ------w- c:\windows\system32\FFRAFLIB.DLL
2006-12-20 19:27 . 2003-09-04 07:45 274432 ------w- c:\windows\system32\FFTIFF16.dll
2006-12-20 19:25 . 2001-11-25 11:11 81924 ----a-w- c:\windows\system32\drivers\VC4CB104.SYS
2006-12-20 19:25 . 2006-12-20 19:25 -------- d-----w- c:\program files\REGSHAVE
2006-12-20 19:25 . 2002-06-25 16:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2006-12-20 19:25 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2006-12-20 19:25 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2006-12-20 19:25 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2006-11-18 00:42 . 2006-11-18 00:42 -------- d-----w- c:\program files\MSXML 4.0
2006-11-18 00:42 . 2006-11-18 00:42 -------- d-----w- C:\d8b74c6c2e7d409c8f
2006-11-16 16:44 . 2006-11-16 16:44 33592 ----a-w- c:\windows\system32\drivers\atwpkt264.sys
2006-11-16 16:44 . 2006-11-16 16:44 25136 ----a-w- c:\windows\system32\drivers\atwpkt2.sys
2006-11-04 22:29 . 2006-11-04 22:29 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Help
2006-11-02 15:48 . 2006-11-02 15:48 -------- d-----w- c:\documents and settings\Rhonda\Application Data\AdobeUM
2006-11-02 15:47 . 2006-11-02 15:47 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\Adobe
2006-11-02 15:46 . 2004-08-23 01:47 -------- d-----w- c:\program files\Common Files\Adobe
2006-10-22 23:52 . 2005-06-13 19:33 40176 ----a-w- c:\documents and settings\Victoria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-10-20 23:04 . 2006-10-20 23:04 -------- d-----w- c:\windows\Sun
2006-10-18 00:29 . 2006-10-18 00:29 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\Help
2006-10-15 02:05 . 2004-08-04 05:56 159232 ------w- c:\windows\system32\ptpusd.dll
2006-10-15 02:05 . 2001-08-18 03:36 5632 ------w- c:\windows\system32\ptpusb.dll
2006-10-15 01:59 . 2001-08-17 18:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2006-10-07 19:20 . 2006-10-07 19:20 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\Identities
2006-10-07 17:49 . 2006-10-07 17:49 -------- d-----w- c:\program files\directx
2006-10-07 17:48 . 2007-02-11 00:58 -------- d-----w- c:\program files\Disney Interactive
2006-09-23 01:18 . 2005-09-15 05:38 -------- d-----w- c:\documents and settings\Victoria\Application Data\Corel
2006-09-22 22:38 . 2006-09-22 22:38 -------- d-s---w- c:\documents and settings\Victoria\UserData
2006-09-10 21:29 . 2004-08-23 01:49 40176 ----a-w- c:\documents and settings\Rhonda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-09-10 19:56 . 2007-07-27 17:31 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Corel
2006-09-09 18:15 . 2006-09-09 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2006-09-09 18:07 . 1997-04-29 08:33 1394688 ----a-w- C:\IHMATH.EXE
2006-09-09 18:07 . 1997-04-24 11:45 2993 ----a-w- C:\CHALL.DAT
2006-09-09 18:07 . 1997-04-04 17:39 15300 ----a-w- C:\AZTSHAPE.DAT
2006-09-09 18:07 . 1997-03-14 18:57 26144 ----a-w- C:\LAUNCH16.DLL
2006-09-09 18:07 . 1997-03-07 15:05 10880 ----a-w- C:\UNINST16.DLL
2006-09-09 18:07 . 1997-02-26 19:03 29184 ----a-w- C:\UNINST.DLL
2006-09-09 18:07 . 1996-12-16 15:41 15872 ----a-w- C:\DKRES32.DLL
2006-09-09 18:07 . 1996-12-12 15:32 4876 ----a-w- C:\DKRES16.DLL
2006-09-09 17:54 . 2005-03-04 02:03 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Corel
2006-09-09 17:53 . 2006-09-09 17:53 -------- d-----w- c:\documents and settings\Alisabeth\Local Settings\Application Data\AOL
2006-09-09 14:59 . 2006-12-18 01:03 -------- d-----w- c:\documents and settings\Victoria\Local Settings\Application Data\AOL
2006-09-09 13:35 . 2006-09-09 13:35 -------- d-----w- c:\documents and settings\Rhonda\Application Data\Jasc Software Inc
2006-09-09 13:34 . 2006-09-09 13:34 -------- d-----w- c:\program files\Common Files\Jasc Software Inc
2006-09-09 13:33 . 2006-09-09 13:35 -------- d-----w- c:\program files\Jasc Software Inc
2006-09-09 13:32 . 2006-09-09 13:33 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2006-09-09 13:31 . 2005-09-10 06:19 -------- d-----w- c:\program files\Dl_cats
2006-09-09 13:29 . 2006-09-09 13:53 -------- d-----w- c:\temp\{9F5FBC24-EFE2-4f90-B498-EC0FB7D47D15}
2006-09-09 13:29 . 2006-09-09 13:29 -------- d-----w- C:\Temp
2006-09-09 13:27 . 2006-09-09 13:27 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\AOL
2006-09-09 13:22 . 2006-09-09 13:22 -------- d-----w- c:\documents and settings\Rhonda\Local Settings\Application Data\Identities
2006-09-09 13:21 . 2006-09-09 13:53 -------- d-----w- c:\program files\Dell Photo AIO Printer 924
2006-09-09 13:21 . 2004-08-04 03:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2006-09-09 13:21 . 2001-08-18 03:36 87040 ------w- c:\windows\system32\wiafbdrv.dll
2006-09-09 13:19 . 2004-08-04 04:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2006-09-04 19:42 . 2006-09-04 19:42 10920 ----a-w- C:\aolconnfix.exe
2006-09-04 17:23 . 2006-09-04 17:23 -------- d-----w- c:\program files\Common Files\aolback
2006-09-04 17:09 . 2006-09-04 17:09 -------- d-----w- c:\documents and settings\Rhonda\Application Data\You've Got Pictures Screensaver
2006-09-04 16:43 . 2004-03-24 15:12 4272 ----a-w- c:\windows\system32\drivers\bvrp_pci.sys
2006-09-04 16:26 . 2006-09-04 16:26 -------- d-----w- c:\program files\America Online 9.0a
2006-09-02 16:30 . 1994-09-21 01:00 12800 ------w- c:\windows\system32\WING32.DLL
2006-09-02 16:30 . 2007-06-30 21:57 -------- d-----w- C:\KA
2006-09-02 15:52 . 2006-09-02 15:52 -------- d-----w- c:\windows\Favorites
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 22:42 . 2005-08-30 21:47 205328 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2008-11-26 22:42 . 2005-08-30 21:47 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2008-11-26 22:39 . 2005-08-30 21:47 1195384 ----a-w- c:\windows\system32\drivers\VsapiNT.sys
2008-10-16 19:13 . 2005-08-16 09:40 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 19:13 . 2005-08-16 09:40 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2005-08-16 09:40 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2005-08-16 09:40 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 19:09 . 2005-08-16 09:40 51224 ------w- c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2005-05-26 09:16 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 19:09 . 2004-08-10 11:00 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2005-08-16 09:40 34328 ----a-w- c:\windows\system32\wups.dll
2008-05-30 19:19 . 2005-09-11 23:00 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2008-05-30 19:18 . 2005-09-11 23:00 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2008-05-30 19:17 . 2005-09-11 23:00 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2008-05-30 19:17 . 2005-09-11 23:00 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2008-05-30 19:11 . 2005-09-11 23:00 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2008-05-30 19:11 . 2005-09-11 23:00 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2008-05-30 19:11 . 2005-09-11 23:00 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2008-03-05 21:03 . 2005-09-11 23:00 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2008-03-05 21:03 . 2005-09-11 23:00 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2008-03-05 21:00 . 2005-09-11 23:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2008-03-05 20:56 . 2005-09-11 23:00 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2008-03-05 20:56 . 2005-09-11 23:00 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2008-02-06 04:07 . 2005-09-11 23:00 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2007-10-22 08:39 . 2005-09-11 23:00 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2007-10-22 08:37 . 2005-09-11 23:00 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2007-10-21 15:22 . 2006-08-17 03:32 -------- d-----w- c:\program files\QuickTime
2007-10-16 21:14 . 2005-08-16 09:38 34380 ------w- c:\windows\system32\emptyregdb.dat
2007-10-12 20:14 . 2005-09-11 23:00 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2007-10-12 20:14 . 2005-09-11 23:00 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2007-10-02 14:56 . 2005-09-11 23:00 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2007-08-22 13:12 . 2006-03-04 03:33 658944 ------w- c:\windows\system32\wininet.dll
2007-08-21 06:15 . 2005-08-16 09:40 683520 ------w- c:\windows\system32\inetcomm.dll
2007-08-16 00:10 . 2006-08-23 23:28 -------- d--h--w- c:\documents and settings\Victoria\Application Data\Gtek
2007-08-13 18:00 . 2006-08-22 22:54 -------- d-----w- c:\documents and settings\Alisabeth\Application Data\Gtek
2007-08-12 16:42 . 2006-08-22 22:56 -------- d--h--w- c:\documents and settings\Rhonda\Application Data\Gtek
2007-07-20 05:57 . 2005-09-11 23:00 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2007-07-19 23:14 . 2005-09-11 23:00 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2007-07-19 23:14 . 2005-09-11 23:00 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2007-07-19 23:14 . 2005-09-11 23:00 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2007-07-09 13:09 . 2004-08-10 11:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-06-26 06:08 . 2004-08-10 11:00 1104896 ----a-w- c:\windows\system32\msxml3.dll
2007-06-21 01:46 . 2005-09-11 23:00 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2007-06-19 13:31 . 2004-08-10 11:00 282112 ----a-w- c:\windows\system32\gdi32.dll
2007-06-13 10:23 . 2004-08-10 11:00 1033216 ------w- c:\windows\explorer.exe
2007-05-17 11:28 . 2004-08-10 11:00 549376 ------w- c:\windows\system32\oleaut32.dll
2007-05-16 21:45 . 2005-09-11 23:00 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
2007-05-16 21:45 . 2005-09-11 23:00 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2007-05-16 21:45 . 2005-09-11 23:00 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
2007-05-02 03:41 . 2007-05-02 03:41 251 ----a-w- c:\program files\wt3d.ini
2007-04-25 14:21 . 2004-08-10 11:00 144896 ------w- c:\windows\system32\schannel.dll
2007-04-23 10:32 . 2004-08-10 11:00 364160 ----a-w- c:\windows\system32\drivers\update.sys
2007-04-04 23:55 . 2005-09-11 23:00 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2007-04-04 23:53 . 2005-09-11 23:00 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2007-03-17 13:43 . 2004-08-10 11:00 292864 ----a-w- c:\windows\system32\winsrv.dll
2007-03-15 21:57 . 2005-09-11 23:00 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2007-03-12 21:42 . 2005-09-11 23:00 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2007-03-12 21:42 . 2005-09-11 23:00 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2007-03-08 15:36 . 2004-08-10 11:00 577536 ------w- c:\windows\system32\user32.dll
2007-03-08 15:36 . 2004-08-10 11:00 40960 ------w- c:\windows\system32\mf3216.dll
2007-03-08 13:47 . 2004-08-10 11:00 1843584 ------w- c:\windows\system32\win32k.sys
2007-03-05 17:42 . 2005-09-11 23:00 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2007-02-28 09:53 . 2005-03-30 01:21 2137600 ------w- c:\windows\system32\ntoskrnl.exe
2007-02-28 09:15 . 2005-03-30 01:01 2017280 ------w- c:\windows\system32\ntkrnlpa.exe
2007-02-09 11:10 . 2004-08-10 11:00 574464 ------w- c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:17 . 2004-08-10 11:00 185344 ------w- c:\windows\system32\upnphost.dll
2007-01-24 20:27 . 2005-09-11 23:00 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2007-01-20 19:53 . 2006-08-17 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2007-01-18 16:24 . 2005-02-16 02:59 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2006-12-30 22:14 . 2006-08-23 23:28 131 ----a-w- c:\documents and settings\Victoria\Local Settings\Application Data\fusioncache.dat
2006-12-08 17:02 . 2005-09-11 23:00 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2006-11-29 18:06 . 2005-09-11 23:00 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2006-11-01 19:17 . 2004-08-10 11:00 927504 ------w- c:\windows\system32\mfc40u.dll
2006-10-19 13:56 . 2004-08-10 11:00 713216 ----a-w- c:\windows\system32\sxs.dll
2006-10-16 16:15 . 2004-08-10 11:00 122880 ------w- c:\windows\system32\oledlg.dll
2006-10-14 08:13 . 2004-08-10 11:00 981760 ------w- c:\windows\system32\mfc42u.dll
2006-10-13 12:35 . 2004-08-10 11:00 65536 ------w- c:\windows\system32\nwwks.dll
2006-10-13 12:35 . 2004-08-10 11:00 64000 ------w- c:\windows\system32\nwapi32.dll
2006-10-13 12:35 . 2004-08-10 11:00 142336 ------w- c:\windows\system32\nwprovau.dll
2006-10-13 10:23 . 2004-08-10 11:00 163584 ----a-w- c:\windows\system32\drivers\nwrdr.sys
2006-09-28 21:05 . 2005-09-11 23:00 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2006-09-28 21:05 . 2005-09-11 23:00 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2006-09-07 00:43 . 2006-08-23 23:28 -------- d-----w- c:\documents and settings\Victoria\Application Data\AOL
2006-09-04 16:43 . 2006-08-17 03:30 -------- d-----w- c:\program files\Modem Helper
2006-09-02 15:29 . 2006-09-02 15:27 32472 ----a-w- c:\program files\Uninst.isu
2006-08-29 21:49 . 2006-08-22 22:56 129 ----a-w- c:\documents and settings\Rhonda\Local Settings\Application Data\fusioncache.dat
2006-08-25 15:45 . 2004-08-10 11:00 617472 ------w- c:\windows\system32\comctl32.dll
2006-08-23 23:33 . 2006-08-17 03:33 -------- d-----w- c:\program files\WildTangent
2006-08-23 23:26 . 2006-08-22 22:54 132 ----a-w- c:\documents and settings\Alisabeth\Local Settings\Application Data\fusioncache.dat
2006-08-22 10:05 . 2004-08-10 11:00 498742 ------w- c:\windows\system32\dxmasf.dll
2006-08-21 15:52 . 2004-08-10 11:00 246814 ------w- c:\windows\system32\strmdll.dll
2006-08-21 12:21 . 2005-08-16 09:40 16896 ----a-w- c:\windows\system32\fltlib.dll
2006-08-21 09:14 . 2005-08-16 09:40 23040 ----a-w- c:\windows\system32\fltmc.exe
2006-08-21 09:14 . 2005-08-16 09:40 128896 ----a-w- c:\windows\system32\drivers\fltmgr.sys
2006-08-17 12:28 . 2004-08-10 11:00 721920 ------w- c:\windows\system32\lsasrv.dll
2006-08-17 12:28 . 2004-08-10 11:00 132096 ------w- c:\windows\system32\wkssvc.dll
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\SearchAssist
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\BAE
2006-08-17 03:38 . 2006-08-17 03:38 -------- d-----w- c:\program files\Sonic
2006-08-17 03:38 . 2006-08-17 03:30 -------- d-----w- c:\program files\Common Files\Sonic Shared
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-12 176201]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 823362]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-17 98304]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-14 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-28 68856]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-16 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [8/30/2005 4:47 PM 205328]
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [8/30/2005 4:47 PM 290889]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [8/30/2005 4:47 PM 585792]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [8/30/2005 4:47 PM 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [8/30/2005 4:47 PM 262215]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mwii.net/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:8080
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: musicmatch.com\online
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - hxxps://disneyblast.go.com/v3/setup/activex/DIGHardwareControl.cab
.
- - - - ORPHANS REMOVED - - - -
AddRemove-Math Blaster 2nd Grade - D:\setup.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2005-09-28 19:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???? ??????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????????????????????????????????? ?????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2005-09-29 19:14
ComboFix-quarantined-files.txt 2005-09-29 00:14
ComboFix2.txt 2005-09-19 00:58
Pre-Run: 213,023,551,488 bytes free
Post-Run: 212,980,932,608 bytes free
332 --- E O F --- 2005-07-05 02:13
Closed Thread Bookmark and Share   techguy.org/840566
Page 1 of 2 1 2

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 09:20 AM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
 Powered by Cermak Technologies, Inc.