1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

[google search results Hijacked?]

Discussion in 'Malware and Virus Removal Archive' started by JasPoSF, 2007/11/29.

Page 2 of 2
  1. 2007/12/10
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Here are the results of the scan

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, December 09, 2007 11:15:35 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 10/12/2007
    Kaspersky Anti-Virus database records: 478118
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 78960
    Number of viruses found: 7
    Number of infected objects: 19
    Number of suspicious objects: 2
    Duration of the scan process: 00:57:15

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\medicsp2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-09_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\Jason Porter\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\Desktop\BearShareV6.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\Documents and Settings\Jason Porter\Desktop\BearShareV6.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\Documents and Settings\Jason Porter\Desktop\BearShareV6.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\Documents and Settings\Jason Porter\Desktop\BearShareV6.exe WiseSFX: infected - 3 skipped
    C:\Documents and Settings\Jason Porter\Desktop\BearShareV6.exe WiseSFXDropper: infected - 3 skipped
    C:\Documents and Settings\Jason Porter\Desktop\BSINSTALL.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
    C:\Documents and Settings\Jason Porter\Desktop\BSINSTALL.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
    C:\Documents and Settings\Jason Porter\Desktop\BSINSTALL.exe WiseSFX: infected - 2 skipped
    C:\Documents and Settings\Jason Porter\Desktop\BSINSTALL.exe WiseSFXDropper: infected - 2 skipped
    C:\Documents and Settings\Jason Porter\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Jason Porter\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\Documents and Settings\Jason Porter\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\SupportSoft\medicsp2\Jason Porter\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\History\History.IE5\MSHist012007120920071210\index.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP603\A0147860.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe RarSFX: infected - 2 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP605\A0147990.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP606\A0148136.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP614\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    JasPoSF,
    #21
  2. 2007/12/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Having p2p file sharing apps such as Limewire, BitTorrent uTorrent etc.. is almost like inviting malware into your computer. There is absolutely no way for you to know which of the hundreds of thousands of users you are sharing files with are infected or not.
    I strongly recommend removing any P2P applications.

    Please delete these.

    These are on the desktop.
    BearShareV6.exe
    BSINSTALL.exe

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

    C:\Program Files\Morpheus

    Now delete
    smitfraud.exe

    Delete These files.
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\SYSTEM32\Process.exe
    C:\WINDOWS\SYSTEM32\SrchSTS.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe
    C:\WINDOWS\system32\tmp.reg

    Please run another Kaspersky scan and post the results.

    Thanks
    Geri
     
    Geri,
    #22


  3. to hide this advert.

  4. 2007/12/11
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, December 11, 2007 1:21:45 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/12/2007
    Kaspersky Anti-Virus database records: 480032
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 78659
    Number of viruses found: 8
    Number of infected objects: 20
    Number of suspicious objects: 2
    Duration of the scan process: 00:58:22

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1552OinUninstaller.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\medicsp2\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\Jason Porter\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Application Data\SupportSoft\medicsp2\Jason Porter\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jason Porter\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Jason Porter\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc11.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc11.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc11.exe WiseSFX: infected - 2 skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc11.exe WiseSFXDropper: infected - 2 skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc12.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc12.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc12.exe RarSFX: infected - 2 skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc8.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc8.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc8.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc8.exe WiseSFX: infected - 3 skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc8.exe WiseSFXDropper: infected - 3 skipped
    C:\RECYCLER\S-1-5-21-3937508378-647754692-3807246228-1006\Dc9\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP603\A0147860.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP604\A0147969.exe RarSFX: infected - 2 skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP605\A0147990.exe Infected: Trojan-Downloader.Win32.Agent.fjv skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP606\A0148136.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP615\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\msvctvrl.dll Infected: Trojan-Downloader.Win32.Agent.fxv skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    JasPoSF,
    #23
  5. 2007/12/11
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\SYSTEM32\msvctvrl.dll <<Make sure the file is exactly as shown, There are legit files that are close to this spelling.

    Open Spybot S/D
    Click on Recovery
    Check all the boxes listed and click "Purge selected items ".
    OK if prompted.
    Close Spybot S/D

    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Please post another Panda scan.

    Thanks
    Geri
     
    Geri,
    #24
  6. 2007/12/12
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    When I try to remove msvctvrl.dll I get an error saying that access is denied because it is in use or something to that effect.
     
    JasPoSF,
    #25
  7. 2007/12/12
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    We need to make sure you have a copy of a file.

    Enable the 'Show Hidden Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Please go here.
    C:\windows\servicepackfiles\i386

    Open the i386 folder.
    Look for this file. imm32.dll

    Please right click on it and select properties.
    Please write down the file size and date.

    Then find the same file here.
    C:\windows\system32
    Check to make sure the size and date are the same.

    When we remove the bad file msvctvrl.dll it may cause an error message when you boot up your computer, because the bad file writes a code in the good imm32 file.
    If this happens we need to make sure you have a good copy of the imm32.dll we can replace it with.

    Let me know
    Thanks
    Geri
     
    Geri,
    #26
  8. 2007/12/13
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    So the imm32.dll file that is in my C:\I386 folder shows that it was installed back in 2004 when I installed windows I think. There were no modifications to that file it is reporting as 107 KB (110,080 bytes). The one in my C:\WINDOWS\SYSTEM32 folder is coming back as being modified near the end of Nov(when my problems began) and is 108 KB (110,592 bytes).

    So am I to understand that I need to delete msvctvrl.dll then overwrite the imm32.dll that is in my system32 folder with the one from the other?

    I ran the Kaspersky free virus removal trial and it did say that there was a trojandowloader .win32agent.fxv in the msvctrvl.dll file and when it was removed I got a bunch of errors just like you said saying that applications could not run because of the missing file. I then had to restore it just to get rid of the error.
     
    JasPoSF,
    #27
  9. 2007/12/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Ok, Print or save this to the desk top so you can refur to it while in safe mode

    Boot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
    Now go to C:\windows\system32\imm32.dll
    Right click on it and click rename, rename it to imm32.old OK The prompt.
    Now go up to the file msvctrvl.dll right click and click delete.

    Now go here C:\windows\servicepackfiles\i386 open the i386 folder, locate the file imm32.dll right click on it and select copy.
    Go back to the C:\windows\system32 folder and open it. At the top click on edit and click paste.

    Reboot your computer
    Click start, turn off computer, restart.
    let me know if you receive any error messages.

    Geri
     
    Geri,
    #28
  10. 2007/12/23
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Well I was able to remove that file. Had to rename it before I could delete it though because I wasnt given access to the original file with the original name.

    Anyways. No error messages. Still computer seems to be running a little slowly and Google still funky. Everytime I use HJT and delete the entries referring to Google everything is fine for a couple searches but then that darn MOnsterMarketPlace starts to pop up again in the results.
     
    JasPoSF,
    #29
  11. 2007/12/23
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Oh and another thing. Kaspersky keeps finding this

    Trojan program Trojan.Win32.Qhost.abm

    I delete it but it still comes back after a little while.
     
    JasPoSF,
    #30
  12. 2007/12/24
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    OK. Please post another new dss log.

    Please also do this.

    To get an Uninstall List from HijackThis:
    • Open HijackThis, click Config, click Misc Tools
    • Click "Open Uninstall Manager "
    • Click "Save List" (generates uninstall_list.txt)
    • Click Save, copy and paste the results in your next post.

    Please post the two logs.
    Thanks
    Geri
     
    Geri,
    #31
  13. 2007/12/24
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    eckard's System Scanner v20071014.68
    Run by Jason Porter on 2007-12-24 13:26:48
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 87% (more than 75%).
    Total Physical Memory: 511 MiB (512 MiB recommended).


    -- HijackThis (run as Jason Porter.exe) ----------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:26:56 PM, on 12/24/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Jason Porter\Desktop\dss.exe
    C:\DOCUME~1\JASONP~1\Desktop\JASONP~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O1 - Hosts: 194.54.90.238 www.google.com
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.com.ag
    O1 - Hosts: 194.54.90.238 www.google.com.ar
    O1 - Hosts: 194.54.90.238 www.google.com.au
    O1 - Hosts: 194.54.90.238 www.google.at
    O1 - Hosts: 194.54.90.238 www.google.az
    O1 - Hosts: 194.54.90.238 www.google.be
    O1 - Hosts: 194.54.90.238 www.google.com.br
    O1 - Hosts: 194.54.90.238 www.google.vg
    O1 - Hosts: 194.54.90.238 www.google.bi
    O1 - Hosts: 194.54.90.238 www.google.ca
    O1 - Hosts: 194.54.90.238 www.google.td
    O1 - Hosts: 194.54.90.238 www.google.cl
    O1 - Hosts: 194.54.90.238 www.google.com.co
    O1 - Hosts: 194.54.90.238 www.google.co.cr
    O1 - Hosts: 194.54.90.238 www.google.dk
    O1 - Hosts: 194.54.90.238 www.google.com.do
    O1 - Hosts: 194.54.90.238 www.google.fm
    O1 - Hosts: 194.54.90.238 www.google.fi
    O1 - Hosts: 194.54.90.238 www.google.fr
    O1 - Hosts: 194.54.90.238 www.google.gm
    O1 - Hosts: 194.54.90.238 www.google.ge
    O1 - Hosts: 194.54.90.238 www.google.de
    O1 - Hosts: 194.54.90.238 www.google.com.gi
    O1 - Hosts: 194.54.90.238 www.google.com.gr
    O1 - Hosts: 194.54.90.238 www.google.gl
    O1 - Hosts: 194.54.90.238 www.google.gg
    O1 - Hosts: 194.54.90.238 www.google.co.il
    O1 - Hosts: 194.54.90.238 www.google.it
    O1 - Hosts: 194.54.90.238 www.google.co.kr
    O1 - Hosts: 194.54.90.238 www.google.lu
    O1 - Hosts: 194.54.90.238 www.google.mw
    O1 - Hosts: 194.54.90.238 www.google.ro
    O1 - Hosts: 194.54.90.238 www.google.se
    O1 - Hosts: 194.54.90.238 www.google.co.uk
    O1 - Hosts: 194.54.90.238 www.google.uz
    O1 - Hosts: 194.54.90.238 google.com
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.com.ag
    O1 - Hosts: 194.54.90.238 google.com.ar
    O1 - Hosts: 194.54.90.238 google.com.au
    O1 - Hosts: 194.54.90.238 google.at
    O1 - Hosts: 194.54.90.238 google.az
    O1 - Hosts: 194.54.90.238 google.be
    O1 - Hosts: 194.54.90.238 google.com.br
    O1 - Hosts: 194.54.90.238 google.vg
    O1 - Hosts: 194.54.90.238 google.bi
    O1 - Hosts: 194.54.90.238 google.ca
    O1 - Hosts: 194.54.90.238 google.td
    O1 - Hosts: 194.54.90.238 google.cl
    O1 - Hosts: 194.54.90.238 google.com.co
    O1 - Hosts: 194.54.90.238 google.co.cr
    O1 - Hosts: 194.54.90.238 google.dk
    O1 - Hosts: 194.54.90.238 google.com.do
    O1 - Hosts: 194.54.90.238 google.fm
    O1 - Hosts: 194.54.90.238 google.fi
    O1 - Hosts: 194.54.90.238 google.fr
    O1 - Hosts: 194.54.90.238 google.gm
    O1 - Hosts: 194.54.90.238 google.ge
    O1 - Hosts: 194.54.90.238 google.de
    O1 - Hosts: 194.54.90.238 google.com.gi
    O1 - Hosts: 194.54.90.238 google.com.gr
    O1 - Hosts: 194.54.90.238 google.gl
    O1 - Hosts: 194.54.90.238 google.gg
    O1 - Hosts: 194.54.90.238 google.co.il
    O1 - Hosts: 194.54.90.238 google.it
    O1 - Hosts: 194.54.90.238 google.co.kr
    O1 - Hosts: 194.54.90.238 google.lu
    O1 - Hosts: 194.54.90.238 google.mw
    O1 - Hosts: 194.54.90.238 google.ro
    O1 - Hosts: 194.54.90.238 google.se
    O1 - Hosts: 194.54.90.238 google.co.uk
    O1 - Hosts: 194.54.90.238 google.uz
    O1 - Hosts: 194.54.90.238 search.yahoo.com
    O1 - Hosts: 194.54.90.238 de.search.yahoo.com
    O1 - Hosts: 194.54.90.238 search.msn.com
    O1 - Hosts: 194.54.90.238 search.msn.de
    O1 - Hosts: 194.54.90.238 search.live.com
    O1 - Hosts: ðj
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Exetender] C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    --
    End of file - 14348 bytes

    -- Files created between 2007-11-24 and 2007-12-24 -----------------------------

    2007-12-12 14:43:52 91492 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-12 14:43:52 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-12 14:43:21 0 d-------- C:\Program Files\Kaspersky Lab
    2007-12-12 14:43:20 48160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2007-12-12 14:43:20 3329568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-12 14:42:38 0 d-------- C:\KAV
    2007-12-09 21:54:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-09 21:54:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-09 18:18:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-12-09 18:18:14 0 d-------- C:\Program Files\twc
    2007-12-09 18:11:00 0 d-------- C:\Program Files\HERACTSTG
    2007-12-09 18:11:00 0 d-------- C:\Program Files\Common Files\SupportSoft
    2007-12-06 12:01:49 200704 --a------ C:\WINDOWS\system32\WG1v2Lib.dll <Not Verified; NETGEAR Inc.; WG1v2lib Dynamic Link Library>
    2007-12-06 12:01:49 155648 --a------ C:\WINDOWS\system32\IpLib.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
    2007-12-06 12:01:49 114688 -ra------ C:\WINDOWS\system32\EnumDev111.dll <Not Verified; NETGEAR Inc.; EnumDev111 Dynamic Link Library>
    2007-12-06 12:01:49 13532 --a------ C:\WINDOWS\system32\drivers\SjyPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 66048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
    2007-12-06 12:01:49 0 d-------- C:\WINDOWS\OPTIONS
    2007-12-06 12:01:49 0 d-------- C:\Program Files\NETGEAR
    2007-11-29 00:09:02 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
    2007-11-29 00:08:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 19:57:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-28 19:57:30 0 d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-28 19:57:30 0 d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
    2007-11-25 22:47:37 0 d-------- C:\Program Files\Enigma Software Group
    2007-11-25 22:39:11 0 d-------- C:\WINDOWS\owim
    2007-11-25 22:39:11 0 d-------- C:\Program Files\Common Files\owim


    -- Find3M Report ---------------------------------------------------------------

    2007-12-24 10:41:19 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-24 10:41:19 384 --a------ C:\WINDOWS\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-40011102}.dat
    2007-12-23 21:05:01 0 d-------- C:\Program Files\Dl_cats
    2007-12-09 18:11:00 0 d-------- C:\Program Files\Common Files
    2007-12-06 12:01:49 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-12-02 20:06:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-28 23:22:57 0 d-------- C:\Program Files\Verizon
    2007-11-28 23:14:23 0 d-------- C:\Program Files\Digital Line Detect
    2007-11-28 23:14:12 0 d-------- C:\Program Files\Dell Photo AIO Printer 962
    2007-11-28 23:12:17 0 d-------- C:\Program Files\Common Files\Motive
    2007-11-28 11:57:54 19249 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-11-25 22:34:07 0 d-------- C:\Program Files\Movie Maker
    2007-11-05 15:15:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
    2007-11-03 18:21:51 0 d-------- C:\Program Files\SystemRequirementsLab
    2007-11-03 16:45:11 0 d-------- C:\Program Files\Verizon Games on Demand Player
    2007-11-03 16:35:23 1712 --a------ C:\WINDOWS\GPlrLanc.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility "= "Logi_MwX.Exe" [05/16/2003 07:50 AM C:\WINDOWS\LOGI_MWX.EXE]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [06/29/2004 09:23 AM]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [09/14/2004 11:01 PM]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/20/2005 07:01 AM]
    "dlbxmon.exe "= "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [01/18/2005 06:57 AM]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [03/12/2005 06:25 AM]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [06/26/2005 06:27 PM]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
    "CTHelper "= "CTHELPER.EXE" [02/02/2004 06:30 PM C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [03/20/2006 05:34 PM]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
    "Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 01:37 PM]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 12:07 AM]
    "nwiz "= "nwiz.exe" [09/17/2007 12:07 AM C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 12:07 AM]
    "DLBXCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [12/07/2004 01:43 PM]
    "medicsp2 "= "C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [03/07/2007 11:53 AM]
    "AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI "= "MIDIDef.exe" [06/20/2003 02:13 AM C:\WINDOWS\MIDIDEF.EXE]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
    "Exetender "= "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe" [08/30/2007 04:47 PM]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

    C:\Documents and Settings\Jason Porter\Start Menu\Programs\Startup\
    DESKTOP.INI [8/10/2004 11:04:12 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/21/2006 7:43:41 PM]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
    DESKTOP.INI [8/10/2004 11:04:12 AM]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [12/11/2004 6:12:18 AM]
    WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [12/6/2007 12:01:50 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools "=0 (0x0)

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp




    -- End of Deckard's System Scanner: finished at 2007-12-24 13:28:05 ------------

    Act of War - Direct Action
    Cribbage Quest
    Fastlane Pinball
    Google Earth
    HijackThis 2.0.2
    Hoyle Slots and Video Poker
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Kaspersky Anti-Virus 7.0
    Kaspersky Anti-Virus 7.0
    Kaspersky Online Scanner
    LiveUpdate 3.2 (Symantec Corporation)
    MSXML 4.0 SP2 (KB936181)
    NVIDIA Drivers
    Panda ActiveScan
    Road Runner Install
    Road Runner Medic 6.1
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB944653)
    Spybot - Search & Destroy
    System Requirements Lab
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Verizon Games on Demand Player
    WG111v2 Configuration Utility
    Windows Internet Explorer 7
     
    JasPoSF,
    #32
  14. 2007/12/24
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the log.

    Thanks
    Geri
     
    Geri,
    #33
  15. 2007/12/28
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\Downloaded Program Files\Quarantine
    C:\WINDOWS\system32\ldr1.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
    .

    2007-12-13 21:00 . 2004-08-04 03:00 110,080 --a------ C:\WINDOWS\SYSTEM32\IMM32.DLL
    2007-12-12 14:43 . 2007-12-12 14:43 <DIR> d-------- C:\Program Files\Kaspersky Lab
    2007-12-12 14:43 . 2007-12-26 11:44 3,541,024 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
    2007-12-12 14:43 . 2007-12-22 21:30 91,492 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
    2007-12-12 14:43 . 2007-12-12 14:51 85,860 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
    2007-12-12 14:43 . 2007-12-26 11:44 56,608 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
    2007-12-12 14:43 . 2007-12-26 11:43 48,212 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
    2007-12-12 14:43 . 2007-12-26 11:43 6,308 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
    2007-12-12 14:42 . 2007-12-12 14:42 <DIR> d-------- C:\KAV
    2007-12-09 21:54 . 2007-12-09 21:54 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
    2007-12-09 21:54 . 2007-12-26 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-09 18:18 . 2007-12-09 18:18 <DIR> d-------- C:\Program Files\twc
    2007-12-09 18:18 . 2007-12-09 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
    2007-12-09 18:11 . 2007-12-09 18:11 <DIR> d-------- C:\Program Files\HERACTSTG
    2007-12-09 18:11 . 2007-12-09 18:18 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
    2007-12-06 12:01 . 2007-12-06 12:01 <DIR> d-------- C:\WINDOWS\OPTIONS
    2007-12-06 12:01 . 2007-12-06 12:01 <DIR> d-------- C:\Program Files\NETGEAR
    2007-12-06 12:01 . 2006-04-10 18:41 200,704 --a------ C:\WINDOWS\SYSTEM32\WG1v2Lib.dll
    2007-12-06 12:01 . 2006-03-27 17:53 167,808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wg111v2.sys
    2007-12-06 12:01 . 2003-11-18 09:27 155,648 --a------ C:\WINDOWS\SYSTEM32\IpLib.dll
    2007-12-06 12:01 . 2005-12-29 00:16 114,688 -ra------ C:\WINDOWS\SYSTEM32\EnumDev111.dll
    2007-12-06 12:01 . 2005-04-01 11:43 66,048 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\EAPPkt.sys
    2007-12-06 12:01 . 2002-10-02 08:57 13,532 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SjyPkt.sys
    2007-11-29 00:48 . 2007-11-29 00:48 <DIR> d-------- C:\Deckard
    2007-11-29 00:09 . 2007-11-29 00:09 <DIR> d-------- C:\Documents and Settings\Jason Porter\Application Data\Grisoft
    2007-11-29 00:08 . 2007-11-29 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-28 19:57 . 2007-12-02 20:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-28 19:57 . 2007-12-02 20:06 <DIR> d-------- C:\Documents and Settings\Jason Porter\Application Data\SUPERAntiSpyware.com
    2007-11-28 19:57 . 2007-11-28 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-24 05:05 --------- d-----w C:\Program Files\Dl_cats
    2007-12-12 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-06 20:01 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-03 04:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-29 07:22 --------- d-----w C:\Program Files\Verizon
    2007-11-29 07:14 --------- d-----w C:\Program Files\Digital Line Detect
    2007-11-29 07:14 --------- d-----w C:\Program Files\Dell Photo AIO Printer 962
    2007-11-29 07:12 --------- d-----w C:\Program Files\Common Files\Motive
    2007-11-26 06:56 --------- d-----w C:\Program Files\Common Files\owim
    2007-11-26 06:48 --------- d-----w C:\Program Files\Enigma Software Group
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-04 02:21 --------- d-----w C:\Program Files\SystemRequirementsLab
    2007-11-04 00:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Exetender
    2007-06-26 16:58 439,296 ----a-w C:\Documents and Settings\Jason Porter\GoToAssist_phone__317_en.exe
    2006-06-25 07:26 49,498 ----a-w C:\Program Files\popcorn Terms.html
    2005-06-17 03:32 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .
    C:\WINDOWS\system32\svchost.exe ... disinfected


    ((((((((((((((((((((((((((((( snapshot@2007-11-28_ 0.36.32.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-01-31 23:11:00 685,120 ----a-w C:\WINDOWS\Downloaded Program Files\ppctl.dll
    + 2007-02-28 02:07:54 71,208 ----a-w C:\WINDOWS\Downloaded Program Files\sprthelper.exe
    - 2005-06-10 21:58:42 241,664 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
    + 2007-02-28 02:08:20 280,200 ----a-w C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
    + 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
    + 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
    + 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
    + 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
    + 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
    + 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
    + 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
    + 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
    + 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
    + 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
    + 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
    + 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
    + 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
    + 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
    + 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
    + 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
    + 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
    + 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
    + 2007-08-20 23:34:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
    + 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
    + 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
    + 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
    + 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
    + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
    + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
    + 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
    + 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
    + 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
    + 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    + 2004-12-29 06:31:04 102,400 ----a-w C:\WINDOWS\OPTIONS\CABS\RTWUWZC.exe
    + 2005-04-01 22:03:46 41,228 ----a-w C:\WINDOWS\OPTIONS\CABS\set8187.exe
    + 2006-03-28 01:53:28 167,808 ----a-w C:\WINDOWS\OPTIONS\CABS\WG111V2.SYS
    - 2007-01-24 22:46:18 110,592 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\as.dll
    + 2007-03-29 17:20:50 110,592 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\as.dll
    - 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\asmdat.dll
    + 2005-06-03 22:03:18 96,256 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\asmdat.dll
    - 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\instlsp.dll
    + 2005-05-20 21:42:44 86,016 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\instlsp.dll
    - 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\memvfile.dll
    + 2006-02-17 02:20:20 4,608 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\memvfile.dll
    - 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\msvcr71.dll
    + 2005-10-26 02:08:32 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\msvcr71.dll
    - 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavaleas.dll
    + 2004-05-04 23:01:02 139,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavaleas.dll
    - 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe
    + 2006-07-14 21:04:10 45,056 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe
    - 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavexcom.dll
    + 2006-04-10 18:50:02 159,832 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavexcom.dll
    - 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavoe.dll
    + 2006-02-17 02:35:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavoe.dll
    - 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavpz.dll
    + 2006-10-06 00:15:38 122,880 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavpz.dll
    - 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pfdnnt.exe
    + 2006-06-30 22:13:38 8,704 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pfdnnt.exe
    - 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\port32.dll
    + 2004-02-04 22:08:42 49,152 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\port32.dll
    - 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pscpu.dll
    + 2006-08-01 21:23:10 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pscpu.dll
    - 2007-03-09 22:00:26 36,864 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskahk.dll
    + 2006-08-23 21:06:08 1,388,544 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskahk.dll
    - 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskalloc.dll
    + 2006-08-17 19:38:14 10,752 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskalloc.dll
    - 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskas.dll
    + 2006-09-04 19:49:54 61,440 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskas.dll
    - 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
    + 2006-08-18 16:46:18 779,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
    - 2006-08-30 17:15:04 417,792 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskcmp.dll
    + 2007-03-26 22:25:34 417,792 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskcmp.dll
    - 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskfss.dll
    + 2006-08-09 18:42:24 90,112 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskfss.dll
    - 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskhtml.dll
    + 2006-07-19 18:55:58 208,896 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskhtml.dll
    - 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmas.dll
    + 2006-01-21 00:57:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmas.dll
    - 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmdfs.dll
    + 2006-05-17 17:50:12 14,336 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmdfs.dll
    - 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskpack.dll
    + 2006-08-16 18:58:12 33,280 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskpack.dll
    - 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskscs.dll
    + 2006-06-30 22:42:36 266,240 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskscs.dll
    - 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskutil.dll
    + 2006-08-17 22:33:14 62,976 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskutil.dll
    - 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfile.dll
    + 2006-08-08 21:13:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfile.dll
    - 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfs.dll
    + 2006-08-18 16:53:08 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfs.dll
    - 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvm.dll
    + 2006-08-18 16:49:50 167,936 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvm.dll
    - 2006-10-17 16:13:20 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\psscan.dll
    + 2007-04-19 01:16:04 353,840 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\psscan.dll
    - 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\rawvfile.dll
    + 2007-01-22 22:42:48 35,328 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\rawvfile.dll
    - 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\sporder.dll
    + 1997-09-18 14:12:32 9,488 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\sporder.dll
    - 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\tcpvfile.dll
    + 2006-03-01 01:23:40 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\tcpvfile.dll
    - 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
    + 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
    - 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\SYSTEM32\asuninst.exe
    + 2006-08-02 20:39:06 73,728 ----a-w C:\WINDOWS\SYSTEM32\asuninst.exe
    - 2007-04-14 21:38:31 16,384 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    + 2007-12-25 04:09:49 16,384 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    - 2007-04-14 21:38:31 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-12-25 04:09:49 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2007-12-25 04:09:49 32,768 --sha-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2007-08-20 10:04:34 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    + 2007-10-10 23:55:51 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
    - 2007-08-20 10:04:34 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
    - 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
    - 2007-08-20 10:04:34 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    + 2007-10-10 23:55:51 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
    - 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    + 2007-10-10 23:55:52 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    + 2007-10-10 23:55:54 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    + 2007-10-10 23:55:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
    - 2007-08-17 10:21:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    + 2007-10-10 10:59:52 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
    - 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
    - 2007-08-20 10:04:39 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    + 2007-10-10 23:55:56 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    + 2007-10-10 23:55:56 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
    - 2007-08-20 23:34:42 3,584,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    + 2007-10-30 23:42:28 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
    - 2007-08-20 10:04:41 477,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
    - 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    + 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
    - 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    + 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
    - 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    + 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
    - 2007-08-20 10:04:42 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    + 2007-10-10 23:55:59 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
    - 2007-08-20 10:04:42 1,152,000 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
    - 2007-08-20 10:04:42 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    + 2007-10-10 23:56:00 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
    - 2007-08-20 10:04:43 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    + 2007-10-10 23:56:00 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
    - 2005-01-28 21:44:28 224,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
    + 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
    + 2007-04-29 00:51:02 110,360 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys
    + 2007-12-23 05:30:58 194,320 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys
    + 2007-04-04 22:58:26 24,344 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys
    + 2007-06-28 20:50:52 22,457 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\klop.dat
    - 2007-08-20 10:04:34 214,528 ------w C:\WINDOWS\SYSTEM32\dxtrans.dll
    + 2007-10-10 23:55:51 214,528 ------w C:\WINDOWS\SYSTEM32\dxtrans.dll
    - 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
    + 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\SYSTEM32\extmgr.dll
    - 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
    + 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
    - 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
    + 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\SYSTEM32\ie4uinit.exe
    - 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
    + 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\SYSTEM32\ieakeng.dll
    - 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
    + 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\SYSTEM32\ieaksie.dll
    - 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
    + 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\SYSTEM32\ieakui.dll
    - 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
    + 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
    - 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
    + 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\SYSTEM32\iedkcs32.dll
    - 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
    + 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
    - 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
    + 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\SYSTEM32\iernonce.dll
    - 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
    + 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
    - 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
    + 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
    - 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
    + 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\SYSTEM32\jsproxy.dll
    + 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
    + 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
    + 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\SYSTEM32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
    + 2007-06-28 20:51:48 206,088 ----a-w C:\WINDOWS\SYSTEM32\klogon.dll
    - 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
    + 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
    - 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
    + 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
    - 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
    + 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
    - 2007-08-20 23:34:42 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
    + 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
    - 2007-08-20 10:04:41 477,696 ------w C:\WINDOWS\SYSTEM32\mshtmled.dll
    + 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
    - 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\SYSTEM32\msrating.dll
    + 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\SYSTEM32\msrating.dll
    - 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
    + 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\SYSTEM32\mstime.dll
    - 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\SYSTEM32\occache.dll
    + 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\SYSTEM32\occache.dll
    - 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    + 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
    - 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    + 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
    - 2007-07-18 12:42:22 60,416 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
    + 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\SYSTEM32\tzchange.exe
    - 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
    + 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
    - 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
    + 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
    - 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
    + 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
    - 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
    + 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
    - 2005-01-28 21:44:28 224,768 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    + 2007-10-28 01:40:06 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
    - 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\SYSTEM32\ZPORT4AS.dll
    + 2003-03-26 02:53:50 11,776 ----a-w C:\WINDOWS\SYSTEM32\ZPORT4AS.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI "= "MIDIDef.exe" [2003-06-20 02:13 C:\WINDOWS\MIDIDEF.EXE]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
    "updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility "= "Logi_MwX.Exe" [2003-05-16 07:50 C:\WINDOWS\LOGI_MWX.EXE]
    "IAAnotif "= "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 09:23]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-14 23:01]
    "TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-20 07:01]
    "dlbxmon.exe "= "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 06:57]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-03-12 06:25]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2005-06-26 18:27]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "CTHelper "= "CTHELPER.EXE" [2004-02-02 18:30 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "ISUSPM "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
    "Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
    "Verizon_McciTrayApp "= "C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 13:37]
    "NvCplDaemon "= "RUNDLL32.exe" [2004-08-04 03:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
    "nwiz "= "nwiz.exe" [2007-09-17 00:07 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "NvMediaCenter "= "RUNDLL32.exe" [2004-08-04 03:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
    "DLBXCATS "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 13:43]
    "medicsp2 "= "C:\Program Files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 11:53]
    "AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-21 19:43:41]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-12-11 06:12:18]
    WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-12-06 12:01:50]

    R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 11:43]
    R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe [2001-08-06 12:41]
    R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);C:\Program Files\twc\medicsp2\bin\sprtsvc.exe /service /p medicsp2 []
    R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs []
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
    R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 14:18]
    R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 17:53]
    S3 dump_wmimmc;dump_wmimmc;C:\WINDOWS\system32\drivers\dump_wmimmc.sys []
    S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver;C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-03 22:08]
    S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 13:02]
    S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 14:06]
    S3 jfdcd;jfdcd;C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\jfdcd.sys []
    S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 08:57]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-12-15 01:17:03 C:\WINDOWS\Tasks\1-Click Maintenance.job "
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-26 11:44:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-26 11:46:01 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-04-14 16:50
    C:\ComboFix2.txt ... 2007-11-28 00:37
    C:\ComboFix3.txt ... 2007-04-14 16:50
    .
    2007-12-12 21:55:49 --- E O F ---
     
    JasPoSF,
    #34
  16. 2007/12/28
    JasPoSF

    JasPoSF Inactive Thread Starter

    Joined:
    2007/11/29
    Messages:
    19
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:38:34 PM, on 12/28/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jason Porter\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    N3 - Netscape 7: user_pref( "browser.startup.homepage ", "http://dsl.sbc.yahoo.com/ "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\JASON PORTER\Application Data\Mozilla\Profiles\default\nlw5o6h2.slt\prefs.js)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe "
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
    O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
    O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
    O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
    O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
    O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
    O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust.com/Extern/RoadRunner/PestScan/pestscan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://supportcenter.verizon.net/euserv/jsp/VOLAWeb.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {9E58D78E-C5D3-DCF5-F38E-D1FBF76F5CBA} - http://projects.synacor.com/musicnet/download/rcn/PerformerSetup-sa.exe
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
    O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

    --
    End of file - 10932 bytes
     
    JasPoSF,
    #35
  17. 2007/12/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi JasPoSF
    OK, Looks like Combofix may have killed it.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Code:
    Driver::
C:\DOCUME~1\JASONP~1\LOCALS~1\Temp\jfdcd.sys

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    [​IMG]
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


    How is the search results now?

    Please run ATF Cleaner and do a Kaspersky scan to see if it still shows Trojan.Win32.Qhost.abm

    Let me know.

    Thanks
    Geri
     
    Geri,
    #36
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...