Security Toolbar 7.1

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

britdog

Thread Starter
Joined
Sep 24, 2007
Messages
12
Hello,

I have a new toolbar called "Security Toolbar 7.1". I ran Kapersky and it found and deleted severla things but no the toolbar. Based on how my PC is running, I's guessing I have other problems as well. Can you help?

Here is my HijackThis log file.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:43:51 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Chad Rankin\Desktop\Spyware Fix\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nwmls.com
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.extremefax.com/ActiveX/RCAXSetup.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://wildjack.microgaming.com/wildjack/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10565 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.
 

britdog

Thread Starter
Joined
Sep 24, 2007
Messages
12
Thank you so much for your help. Below is the combofix log. I have to reply with the log in two seperate replies due to the number of character restrictions. I will also reply with the new hijack this log. Let me know what is next...

ComboFix 08-04-08.7 - Chad Rankin 2008-04-08 23:42:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -7:00]
Running from: C:\Documents and Settings\Chad Rankin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\VirusHeat 4.3
C:\Program Files\VirusHeat 4.3\ignored.lst
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe
C:\Program Files\VirusHeat 4.3\vpp.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-03 20:57 . 2008-04-03 20:57 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 20:56 . 2008-04-03 20:57 <DIR> d-------- C:\WINDOWS\system32\375013
2008-04-03 20:56 . 2008-04-03 20:56 <DIR> d-------- C:\Program Files\NetProject
2008-04-01 22:13 . 2008-04-01 22:13 <DIR> d-------- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 06:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-09 06:34 666,912 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-09 06:34 63,980 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-09 06:34 200,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-09 06:34 15,628,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-04 03:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 02:52 13,312 --s-a-w C:\WINDOWS\system32\dcggain.dll
2008-03-08 07:55 --------- d-----w C:\Program Files\Full Tilt Poker
2008-03-06 04:47 --------- d-----w C:\Program Files\RingCentral
2008-02-20 06:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-19 07:34 --------- d-----w C:\Program Files\Full Tilt Poker.Net
2008-02-10 06:43 --------- d-----w C:\Program Files\Bodog Poker
2006-06-20 06:41 88 --sh--r C:\WINDOWS\system32\4DE8A6F807.sys
2006-06-20 06:41 4,182 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-24_185239.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w C:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946627\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946627\update\updspapi.dll
+ 2004-08-04 10:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 72,960 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqac.sys
+ 2004-08-04 10:00:00 138,240 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqad.dll
+ 2004-08-04 10:00:00 47,104 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqdscli.dll
+ 2004-08-04 10:00:00 16,896 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqise.dll
+ 2004-08-04 10:00:00 660,992 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqqm.dll
+ 2004-08-04 10:00:00 177,152 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqrt.dll
+ 2004-08-04 10:00:00 95,744 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqsec.dll
+ 2004-08-04 10:00:00 48,640 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqupgrd.dll
+ 2004-08-04 10:00:00 471,552 -c----w C:\WINDOWS\$NtUninstallKB937894$\mqutil.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe
+ 2005-10-12 23:12:34 371,424 -c----w C:\WINDOWS\$NtUninstallKB937894$\spuninst\updspapi.dll
+ 2007-06-15 08:12:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-15 08:12:28 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-15 08:12:28 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-15 08:12:28 205,824 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-15 08:12:28 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 10:32:36 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-15 08:12:28 251,904 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-15 08:12:28 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-15 08:12:28 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-15 08:12:29 3,064,320 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-15 08:12:29 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-15 08:12:29 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-15 08:12:29 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-15 08:12:29 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-15 08:12:30 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-15 08:12:30 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-15 08:12:30 616,960 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:35:54 665,600 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 10:08:46 350,720 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-28 00:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-28 00:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2005-01-28 18:44:28 224,768 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-08-22 12:55:28 1,022,976 -c----w C:\WINDOWS\$NtUninstallKB942615$\browseui.dll
+ 2007-08-22 12:55:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB942615$\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB942615$\danim.dll
+ 2007-08-22 12:55:30 357,888 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c----w C:\WINDOWS\$NtUninstallKB942615$\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c----w C:\WINDOWS\$NtUninstallKB942615$\extmgr.dll
+ 2007-08-21 10:19:39 18,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\iedw.exe
+ 2007-08-22 12:55:32 251,904 -c----w C:\WINDOWS\$NtUninstallKB942615$\iepeers.dll
+ 2007-08-22 12:55:32 96,256 -c----w C:\WINDOWS\$NtUninstallKB942615$\inseng.dll
+ 2007-08-22 12:55:32 16,384 -c----w C:\WINDOWS\$NtUninstallKB942615$\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtml.dll
+ 2007-08-22 12:55:37 449,024 -c----w C:\WINDOWS\$NtUninstallKB942615$\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 -c----w C:\WINDOWS\$NtUninstallKB942615$\msrating.dll
+ 2007-08-22 12:55:38 532,480 -c----w C:\WINDOWS\$NtUninstallKB942615$\mstime.dll
+ 2007-08-22 12:55:38 39,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 -c----w C:\WINDOWS\$NtUninstallKB942615$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942615$\spuninst\updspapi.dll
+ 2007-08-22 12:55:43 617,984 -c----w C:\WINDOWS\$NtUninstallKB942615$\urlmon.dll
+ 2007-08-22 12:55:44 665,600 -c----w C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2007-08-21 10:13:33 350,720 -c----w C:\WINDOWS\$NtUninstallKB943460$\xpsp3res.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-10-11 05:57:29 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-10-11 05:57:30 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-10-10 10:48:23 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-10-11 05:57:31 251,904 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-10-11 05:57:31 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-10-11 05:57:31 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-10-11 05:57:36 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-10-11 05:57:37 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-10-11 05:57:37 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-10-11 05:57:40 617,984 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-10-11 05:57:41 666,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-10-29 10:04:03 350,720 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2004-08-04 10:00:00 27,440 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 10:00:00 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB946627$\spuninst\updspapi.dll
+ 2004-12-20 20:13:32 274,432 ----a-w C:\WINDOWS\Downloaded Program Files\AnagramLib.dll
+ 2007-11-21 00:04:32 1,523,536 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
 

britdog

Thread Starter
Joined
Sep 24, 2007
Messages
12
Here is the second half of the combofix log...

+ 2007-06-12 08:01:56 926,744 ----a-w C:\WINDOWS\Downloaded Program Files\LinkedInContactFinderControl.dll
+ 2005-04-21 16:59:06 131,072 ----a-w C:\WINDOWS\Downloaded Program Files\popcaploader.dll
+ 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 15:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 15:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2008-04-02 05:14:17 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 28,160 ----a-w C:\WINDOWS\NirCmd.exe
+ 2000-08-31 15:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 15:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 15:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2004-08-04 10:00:00 73,376 ----a-w C:\WINDOWS\system\MCIAVI.DRV
+ 2004-08-04 10:00:00 25,264 ----a-w C:\WINDOWS\system\MCISEQ.DRV
+ 2004-08-04 10:00:00 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV
+ 2004-08-04 10:00:00 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV
+ 2004-08-04 10:00:00 4,048 ----a-w C:\WINDOWS\system\TIMER.DRV
+ 2004-08-04 10:00:00 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV
+ 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV
- 2007-06-15 08:12:28 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-15 08:12:28 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2004-08-04 10:00:00 10,544 ----a-w C:\WINDOWS\system32\comm.drv
- 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-22 15:50:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-07 01:53:23 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-15 08:12:28 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-15 08:12:28 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 00:44:30 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-15 08:12:28 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 00:44:30 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-15 08:12:28 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 00:44:32 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-15 08:12:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 00:44:33 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 00:44:33 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 00:44:33 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 10:32:36 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 10:05:52 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-15 08:12:28 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 00:44:33 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 00:44:33 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-15 08:12:28 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 00:44:33 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-07-06 10:05:47 72,960 ------w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59 138,240 ------w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 47,104 ------w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 ------w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 660,992 ------w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 177,152 ------w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 ------w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 48,640 ------w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 ------w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-12-18 09:51:35 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-15 08:12:29 3,064,320 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 00:44:35 3,066,368 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-15 08:12:29 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 00:44:36 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-15 08:12:29 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 00:44:36 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-15 08:12:29 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 00:44:36 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-15 08:12:29 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 00:44:36 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:09:42 584,192 ------w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-15 08:12:30 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 00:44:37 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ------w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-15 08:12:30 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 00:44:38 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-15 08:12:30 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 00:44:39 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:35:54 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 00:44:39 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 18:44:28 224,768 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-09-21 07:20:43 82,061 ----a-w C:\WINDOWS\system32\drivers\klick.dat
+ 2007-12-13 05:24:08 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
- 2007-06-28 00:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-02-28 16:55:32 194,320 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-09-21 07:20:43 81,549 ----a-w C:\WINDOWS\system32\drivers\klin.dat
+ 2008-02-02 01:25:24 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
- 2004-08-04 10:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 10:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-04 10:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2007-06-15 08:12:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-07-15 20:06:54 292,480 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-04 05:49:23 311,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-15 08:12:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-04 10:00:00 221,600 ----a-w C:\WINDOWS\system32\lanman.drv
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-21 00:04:14 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
+ 2008-02-10 07:04:56 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 10:00:00 73,376 ----a-w C:\WINDOWS\system32\mciavi.drv
+ 2004-08-04 10:00:00 25,264 ----a-w C:\WINDOWS\system32\mciseq.drv
+ 2004-08-04 10:00:00 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv
- 2004-08-04 10:00:00 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 10:00:00 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 10:00:00 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 10:00:00 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 10:00:00 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 10:00:00 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 10:00:00 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 10:00:00 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-09-06 02:50:44 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2004-08-04 10:00:00 20,480 ----a-w C:\WINDOWS\system32\msacm32.drv
+ 2004-08-04 10:00:00 188,416 ----a-w C:\WINDOWS\system32\msh261.drv
+ 2004-08-04 10:00:00 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
- 2007-06-15 08:12:29 3,064,320 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-15 08:12:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2007-03-14 05:38:44 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-10 02:52:16 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-03-14 05:38:44 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-10 02:52:16 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 10:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-15 08:12:30 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-15 08:12:30 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2004-08-04 10:00:00 3,360 ----a-w C:\WINDOWS\system32\system.drv
+ 2004-08-04 10:00:00 4,048 ----a-w C:\WINDOWS\system32\timer.drv
- 2007-07-18 12:42:22 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2007-06-15 08:12:30 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2004-08-04 10:00:00 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 10:00:00 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv
- 2007-06-26 14:35:54 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2004-08-04 10:00:00 146,432 ----a-w C:\WINDOWS\system32\winspool.drv
- 2005-01-28 18:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2007-06-14 10:08:46 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 15:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 15:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= "C:\Program Files\NetProject\wamdl.dll" [2008-04-03 20:56 86016]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40}"= C:\Program Files\NetProject\wamdl.dll [2008-04-03 20:56 86016]

[HKEY_CLASSES_ROOT\clsid\{db9fba9d-ab1b-4cc6-9745-f3b549d64e40}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48 32881]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 09:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 09:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 19:35 397312 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 16:56 761947]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 12:43 45056]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-26 09:39 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2006-10-11 16:38 3335944]
"ShowLOMControl"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 12:25 634880]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"POEngine"="C:\Program Files\PokerOffice\POEngine.exe" [2007-02-22 08:17 475136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}"= C:\WINDOWS\system32\dcggain.dll [2008-03-09 19:52 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\PokerOffice\\bin\\javaw.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=

R2 icservice;icservice;"C:\Program Files\Ontrack\Internet Cleanup\icserv.exe" [2001-05-17 15:38]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 23:44:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-08 23:45:50
ComboFix-quarantined-files.txt 2008-04-09 06:45:47
ComboFix2.txt 2007-09-25 01:54:34
Pre-Run: 57,794,510,848 bytes free
Post-Run: 57,776,361,472 bytes free
.
2008-03-12 12:01:27 --- E O F ---
 

britdog

Thread Starter
Joined
Sep 24, 2007
Messages
12
And finally... Here is my new hijack this log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:48:46 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Chad Rankin\Desktop\Spyware Fix\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.1\masqform.exe /RegServer -UpdateCurrentUser
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.nwmls.com
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {EE85A9FD-6E52-4227-BB82-D46A660690EA} (RCSetup Class) - http://service.extremefax.com/ActiveX/RCAXSetup.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://wildjack.microgaming.com/wildjack/FlashAX2.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: icservice - ONTRACK Data International, Inc. - C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10596 bytes
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Please download (save) SmitfraudFix (by S!Ri) to your desktop. SmitfraudFix runs under W2K, XP only.

Extract the content (a folder named SmitfraudFix) to your Desktop. Select all of the contents and Extract them
to a new folder called SmitfraudFix.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

britdog

Thread Starter
Joined
Sep 24, 2007
Messages
12
Here is the SmitFraud log...

SmitFraudFix v2.311

Scan done at 23:25:23.73, Wed 04/09/2008
Run from C:\Documents and Settings\Chad Rankin\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Ontrack\Internet Cleanup\icserv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\375013\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chad Rankin


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chad Rankin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHADRA~1\FAVORI~1

C:\DOCUME~1\CHADRA~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\NetProject\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}"="important"

[HKEY_CLASSES_ROOT\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32]
@="C:\WINDOWS\system32\dcggain.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32]
@="C:\WINDOWS\system32\dcggain.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.69.146
DNS Server Search Order: 68.87.85.98

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=192.168.254.6
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B94C5D95-6156-4D28-AE87-49FCBD109C9C}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.


Please post the C:\rapport.txt in your next reply.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Select Files to Delete choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.



Download (save and select your desktop to save it to) SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive and all other fixed drives..
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.


Please perform a scan with Kaspersky Webscan Online Virus Scanner
  • Read the Requirements and Privacy statement, then select "Accept".
  • A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?".
  • Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run.
  • When the download is complete it will say ready, click "Next".
  • Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard).
  • Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases".
  • Click "OK".
  • Under "Select a target to scan", click on "My Computer".
  • When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.


Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top