1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Security Toolbar 7.1

Discussion in 'Virus & Other Malware Removal' started by britdog, Apr 4, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. britdog

    britdog Thread Starter

    Joined:
    Sep 24, 2007
    Messages:
    12
    Hello,

    I have a new toolbar called "Security Toolbar 7.1". I ran Kapersky and it found and deleted severla things but no the toolbar. Based on how my PC is running, I's guessing I have other problems as well. Can you help?

    Here is my HijackThis log file.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 9:43:51 PM, on 4/3/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\PokerOffice\bin\javaw.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Chad Rankin\Desktop\Spyware Fix\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.nwmls.com
    O15 - Trusted Zone: http://*.rapmls.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.extremefax.com/ActiveX/RCAXSetup.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://wildjack.microgaming.com/wildjack/FlashAX2.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10565 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

    Post the log from ComboFix along with a new HijackThis log.
     
  3. britdog

    britdog Thread Starter

    Joined:
    Sep 24, 2007
    Messages:
    12
    Thank you so much for your help. Below is the combofix log. I have to reply with the log in two seperate replies due to the number of character restrictions. I will also reply with the new hijack this log. Let me know what is next...

    ComboFix 08-04-08.7 - Chad Rankin 2008-04-08 23:42:30.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00]
    Running from: C:\Documents and Settings\Chad Rankin\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\VirusHeat 4.3
    C:\Program Files\VirusHeat 4.3\ignored.lst
    C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
    C:\Program Files\VirusHeat 4.3\vpp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
    .

    2008-04-03 20:57 . 2008-04-03 20:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-03 20:56 . 2008-04-03 20:57 <DIR> d-------- C:\WINDOWS\system32\375013
    2008-04-03 20:56 . 2008-04-03 20:56 <DIR> d-------- C:\Program Files\NetProject
    2008-04-01 22:13 . 2008-04-01 22:13 <DIR> d-------- C:\Program Files\MSECache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-09 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-09 06:34 666,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-09 06:34 63,980 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-09 06:34 200,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-09 06:34 15,628,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-04 03:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-03-10 02:52 13,312 --s-a-w C:\WINDOWS\system32\dcggain.dll
    2008-03-08 07:55 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-03-06 04:47 --------- d-----w C:\Program Files\RingCentral
    2008-02-20 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-19 07:34 --------- d-----w C:\Program Files\Full Tilt Poker.Net
    2008-02-10 06:43 --------- d-----w C:\Program Files\Bodog Poker
    2006-06-20 06:41 88 --sh--r C:\WINDOWS\system32\4DE8A6F807.sys
    2006-06-20 06:41 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot_2007-09-24_185239.82 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
    + 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
    + 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
    + 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
    + 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
    + 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
    + 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
    + 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
    + 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
    + 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
    + 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
    + 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
    + 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
    + 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
    + 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
    + 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
    + 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
    + 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
    + 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
    + 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
    + 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
    + 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
    + 2004-08-04 10:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
    + 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
    + 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
    + 2004-08-04 10:00:00 72,960 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
    + 2004-08-04 10:00:00 138,240 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
    + 2004-08-04 10:00:00 47,104 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
    + 2004-08-04 10:00:00 16,896 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
    + 2004-08-04 10:00:00 660,992 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
    + 2004-08-04 10:00:00 177,152 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
    + 2004-08-04 10:00:00 95,744 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
    + 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
    + 2004-08-04 10:00:00 471,552 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
    + 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
    + 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
    + 2007-06-15 08:12:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
    + 2007-06-15 08:12:28 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
    + 2007-06-15 08:12:28 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
    + 2007-06-15 08:12:28 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
    + 2007-06-15 08:12:28 205,824 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
    + 2007-06-15 08:12:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
    + 2007-06-14 10:32:36 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
    + 2007-06-15 08:12:28 251,904 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
    + 2007-06-15 08:12:28 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
    + 2007-06-15 08:12:28 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
    + 2007-06-15 08:12:29 3,064,320 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
    + 2007-06-15 08:12:29 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
    + 2007-06-15 08:12:29 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
    + 2007-06-15 08:12:29 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
    + 2007-06-15 08:12:29 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
    + 2007-06-15 08:12:30 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
    + 2007-06-15 08:12:30 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
    + 2007-06-15 08:12:30 616,960 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
    + 2007-06-26 14:35:54 665,600 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    + 2007-06-14 10:08:46 350,720 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
    + 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
    + 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
    + 2007-10-28 00:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
    + 2007-10-28 00:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
    + 2005-01-28 18:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
    + 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
    + 2007-08-22 12:55:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
    + 2007-08-22 12:55:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
    + 2007-08-22 12:55:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
    + 2007-08-22 12:55:30 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
    + 2007-08-22 12:55:31 205,824 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
    + 2007-08-22 12:55:31 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
    + 2007-08-21 10:19:39 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
    + 2007-08-22 12:55:32 251,904 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
    + 2007-08-22 12:55:32 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
    + 2007-08-22 12:55:32 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
    + 2007-08-22 12:55:36 3,064,832 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
    + 2007-08-22 12:55:37 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
    + 2007-08-22 12:55:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
    + 2007-08-22 12:55:38 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
    + 2007-08-22 12:55:38 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
    + 2007-08-22 12:55:40 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
    + 2007-08-22 12:55:41 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
    + 2007-08-22 12:55:43 617,984 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
    + 2007-08-22 12:55:44 665,600 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
    + 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
    + 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
    + 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
    + 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
    + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
    + 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
    + 2007-08-21 10:13:33 350,720 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
    + 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
    + 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
    + 2007-10-11 05:57:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
    + 2007-10-11 05:57:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
    + 2007-10-11 05:57:30 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
    + 2007-10-11 05:57:30 205,824 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
    + 2007-10-11 05:57:30 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
    + 2007-10-10 10:48:23 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
    + 2007-10-11 05:57:31 251,904 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
    + 2007-10-11 05:57:31 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
    + 2007-10-11 05:57:31 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
    + 2007-10-30 09:55:21 3,065,856 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
    + 2007-10-11 05:57:36 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
    + 2007-10-11 05:57:36 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
    + 2007-10-11 05:57:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
    + 2007-10-11 05:57:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
    + 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
    + 2007-10-11 05:57:40 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
    + 2007-10-11 05:57:40 617,984 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
    + 2007-10-11 05:57:41 666,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
    + 2007-10-29 10:04:03 350,720 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
    + 2004-08-04 10:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
    + 2004-08-04 10:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
    + 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
    + 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
    + 2004-12-20 20:13:32 274,432 ----a-w C:\WINDOWS\Downloaded Program Files\AnagramLib.dll
    + 2007-11-21 00:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
     
  4. britdog

    britdog Thread Starter

    Joined:
    Sep 24, 2007
    Messages:
    12
    Here is the second half of the combofix log...

    + 2007-06-12 08:01:56 926,744 ----a-w C:\WINDOWS\Downloaded Program Files\LinkedInContactFinderControl.dll
    + 2005-04-21 16:59:06 131,072 ----a-w C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    + 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
    + 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
    + 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
    + 2008-04-02 05:14:17 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
    - 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
    + 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
    + 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
    + 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
    + 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
    + 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
    + 2004-08-04 10:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
    + 2004-08-04 10:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
    + 2004-08-04 10:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
    + 2004-08-04 10:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
    + 2004-08-04 10:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
    + 2004-08-04 10:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
    + 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
    - 2007-06-15 08:12:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
    + 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
    - 2007-06-15 08:12:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
    + 2004-08-04 10:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
    - 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-06-15 08:12:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
    + 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
    - 2007-06-15 08:12:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    + 2007-12-07 00:44:30 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    - 2007-06-15 08:12:28 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    + 2007-12-07 00:44:30 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    - 2007-06-15 08:12:28 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    + 2007-12-07 00:44:32 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    - 2007-06-15 08:12:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    + 2007-12-07 00:44:33 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    - 2007-06-15 08:12:28 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    + 2007-12-07 00:44:33 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    - 2007-06-15 08:12:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    + 2007-12-07 00:44:33 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    - 2007-06-14 10:32:36 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    + 2007-12-06 10:05:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    - 2007-06-15 08:12:28 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    + 2007-12-07 00:44:33 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    - 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    + 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    - 2007-06-15 08:12:28 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    + 2007-12-07 00:44:33 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    - 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    + 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
    - 2007-06-15 08:12:28 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    + 2007-12-07 00:44:33 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    - 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    + 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    + 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\dllcache\mqac.sys
    + 2007-07-06 12:46:59 138,240 ------w C:\WINDOWS\system32\dllcache\mqad.dll
    + 2007-07-06 12:46:59 47,104 ------w C:\WINDOWS\system32\dllcache\mqdscli.dll
    + 2007-07-06 12:46:59 16,896 ------w C:\WINDOWS\system32\dllcache\mqise.dll
    + 2007-07-06 12:46:59 660,992 ------w C:\WINDOWS\system32\dllcache\mqqm.dll
    + 2007-07-06 12:46:59 177,152 ------w C:\WINDOWS\system32\dllcache\mqrt.dll
    + 2007-07-06 12:46:59 95,744 ------w C:\WINDOWS\system32\dllcache\mqsec.dll
    + 2007-07-06 12:46:59 48,640 ------w C:\WINDOWS\system32\dllcache\mqupgrd.dll
    + 2007-07-06 12:46:59 471,552 ------w C:\WINDOWS\system32\dllcache\mqutil.dll
    + 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    - 2007-06-15 08:12:29 3,064,320 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    + 2007-12-07 00:44:35 3,066,368 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    - 2007-06-15 08:12:29 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    + 2007-12-07 00:44:36 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    - 2007-06-15 08:12:29 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    + 2007-12-07 00:44:36 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    - 2007-06-15 08:12:29 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    + 2007-12-07 00:44:36 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    - 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    + 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
    - 2007-06-15 08:12:29 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-12-07 00:44:36 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    + 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
    + 2007-07-09 13:09:42 584,192 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
    - 2007-06-15 08:12:30 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    + 2007-12-07 00:44:37 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    - 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    - 2007-06-15 08:12:30 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    + 2007-12-07 00:44:38 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    - 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    + 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
    - 2007-06-15 08:12:30 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    + 2007-12-07 00:44:39 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    - 2007-06-26 14:35:54 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    + 2007-12-07 00:44:39 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    - 2005-01-28 18:44:28 224,768 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    + 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    - 2007-09-21 07:20:43 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    + 2007-12-13 05:24:08 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
    - 2007-06-28 00:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    + 2008-02-28 16:55:32 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
    - 2007-09-21 07:20:43 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    + 2008-02-02 01:25:24 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
    - 2004-08-04 10:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    + 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
    - 2004-08-04 10:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
    - 2004-08-04 10:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    + 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    - 2007-06-15 08:12:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    + 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
    - 2007-06-15 08:12:28 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
    + 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
    - 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    + 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
    - 2007-07-15 20:06:54 292,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    + 2008-04-04 05:49:23 311,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
    - 2007-06-15 08:12:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    + 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
    - 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    + 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    - 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    + 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
    - 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    + 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
    - 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
    + 2004-08-04 10:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
    - 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    + 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    + 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
    + 2008-02-10 07:04:56 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    + 2004-08-04 10:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
    + 2004-08-04 10:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
    + 2004-08-04 10:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
    - 2004-08-04 10:00:00 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    + 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
    - 2004-08-04 10:00:00 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    + 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
    - 2004-08-04 10:00:00 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    + 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
    - 2004-08-04 10:00:00 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
    + 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
    - 2004-08-04 10:00:00 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
    + 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
    - 2004-08-04 10:00:00 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    + 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
    - 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    + 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
    - 2004-08-04 10:00:00 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
    + 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
    - 2007-09-06 02:50:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
    + 2004-08-04 10:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
    + 2004-08-04 10:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
    + 2004-08-04 10:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
    - 2007-06-15 08:12:29 3,064,320 ----a-w C:\WINDOWS\system32\mshtml.dll
    + 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\system32\mshtml.dll
    - 2007-06-15 08:12:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    + 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
    - 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    + 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
    - 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    + 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
    - 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
    + 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    - 2007-03-14 05:38:44 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-10 02:52:16 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2007-03-14 05:38:44 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-10 02:52:16 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
    - 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    + 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
    + 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
    - 2004-08-04 10:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    + 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
    - 2007-06-15 08:12:30 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
    + 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
    - 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
    + 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
    - 2007-06-15 08:12:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
    + 2004-08-04 10:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
    + 2004-08-04 10:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
    - 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
    - 2007-06-15 08:12:30 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
    + 2004-08-04 10:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
    + 2004-08-04 10:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
    - 2007-06-26 14:35:54 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
    + 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
    - 2005-01-28 18:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
    + 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
    - 2007-06-14 10:08:46 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
    + 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
    + 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-04-03 20:56 86016]

    [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-04-03 20:56 86016]

    [HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56 602182]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 19:35 397312 C:\WINDOWS\stsystra.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 16:56 761947]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 12:43 45056]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29 49152]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-26 09:39 98304]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
    "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2006-10-11 16:38 3335944]
    "ShowLOMControl"="" []
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
    "masqform.exe"="C:\Program Files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 12:25 634880]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
    "POEngine"="C:\Program Files\PokerOffice\POEngine.exe" [2007-02-22 08:17 475136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}"= C:\WINDOWS\system32\dcggain.dll [2008-03-09 19:52 13312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
    "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
    "C:\\Program Files\\PokerOffice\\bin\\javaw.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

    R2 icservice;icservice;"C:\Program Files\Ontrack\Internet Cleanup\icserv.exe" [2001-05-17 15:38]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\LaunchU3.exe -a

    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-08 23:44:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-04-08 23:45:50
    ComboFix-quarantined-files.txt 2008-04-09 06:45:47
    ComboFix2.txt 2007-09-25 01:54:34
    Pre-Run: 57,794,510,848 bytes free
    Post-Run: 57,776,361,472 bytes free
    .
    2008-03-12 12:01:27 --- E O F ---
     
  5. britdog

    britdog Thread Starter

    Joined:
    Sep 24, 2007
    Messages:
    12
    And finally... Here is my new hijack this log.

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 11:48:46 PM, on 4/8/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\PokerOffice\bin\javaw.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Chad Rankin\Desktop\Spyware Fix\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.nwmls.com
    O15 - Trusted Zone: http://*.rapmls.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.extremefax.com/ActiveX/RCAXSetup.cab
    O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://wildjack.microgaming.com/wildjack/FlashAX2.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10596 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please download (save) SmitfraudFix (by S!Ri) to your desktop. SmitfraudFix runs under W2K, XP only.

    Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
    to a new folder called SmitfraudFix.
    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  7. britdog

    britdog Thread Starter

    Joined:
    Sep 24, 2007
    Messages:
    12
    Here is the SmitFraud log...

    SmitFraudFix v2.311

    Scan done at 23:25:23.73, Wed 04/09/2008
    Run from C:\Documents and Settings\Chad Rankin\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\PokerOffice\bin\javaw.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\375013\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chad Rankin


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chad Rankin\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHADRA~1\FAVORI~1

    C:\DOCUME~1\CHADRA~1\FAVORI~1\Online Security Test.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\NetProject\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, following keys are not inevitably infected!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, following keys are not inevitably infected!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}"="important"

    [HKEY_CLASSES_ROOT\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32]
    @="C:\WINDOWS\system32\dcggain.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32]
    @="C:\WINDOWS\system32\dcggain.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
    DNS Server Search Order: 68.87.69.146
    DNS Server Search Order: 68.87.85.98

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=192.168.254.6
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.


    Please post the C:\rapport.txt in your next reply.


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Select Files to Delete choose: Select All
    • Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.


    Please perform a scan with Kaspersky Webscan Online Virus Scanner
    • Read the Requirements and Privacy statement, then select "Accept".
    • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
    • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
    • When the download is complete it will say ready, click "Next".
    • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
    • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
    • Click "OK".
    • Under "Select a target to scan", click on "My Computer".
    • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


    Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/700171

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice