Solved Another Virus Ridden Computer.

[Resolved]Another Virus Ridden Computer.

Well folks here we go again. I am working on another Dell. When I got it it Had Norton anti-virus 2008 and Norton system works 2006, and Postini something or other; I know it is from the local ISP. Anyway I ended up Re-installing the Dell/XP software, 2002 (no service packs). And then I downloaded and ran AVGFREE and almost immediately it found a virus, and when the scan was complete it found a few more. That was Sun. And every day that I turn on this computer it almost immediately finds a virus I DID go to MS's website and got SP2 and whatever other updates it needed. I find it rather odd that with a fresh install that included a full format that I get a virus immediately. But, I will now include a HijackThis and a Deckard's System Scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:07 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ACC7A192-C6C2-401A-8F88-1C915A4BECE8} - C:\WINDOWS\System32\jkkjjkki.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BMf7fd50e4] Rundll32.exe "C:\WINDOWS\System32\uquvqwpm.dll ",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1207592645124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207592524889
O20 - Winlogon Notify: ljjigeba - ljjigeba.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3070 bytes

The DSS will be on the next post.

Pepse.

 

Okay and now for the DSS:

Deckard's System Scanner v20071014.68
Run by Kimm Sykes on 2008-04-09 13:10:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
10: 2008-04-09 18:10:30 UTC - RP10 - Deckard's System Scanner Restore Point
9: 2008-04-09 16:59:41 UTC - RP9 - System Checkpoint
8: 2008-04-07 19:21:07 UTC - RP8 - Installed Windows XP Service Pack 2.
7: 2008-04-07 19:09:36 UTC - RP7 - Software Distribution Service 3.0
6: 2008-04-07 18:34:11 UTC - RP6 - Installed Windows XP KB892130.


-- First Restore Point --
1: 2008-04-07 04:39:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Kimm Sykes.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:42 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kimm Sykes\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kimm Sykes.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ACC7A192-C6C2-401A-8F88-1C915A4BECE8} - C:\WINDOWS\System32\jkkjjkki.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BMf7fd50e4] Rundll32.exe "C:\WINDOWS\System32\uquvqwpm.dll ",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1207592645124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207592524889
O20 - Winlogon Notify: ljjigeba - ljjigeba.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3068 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-09 and 2008-04-09 -----------------------------

2008-04-09 12:01:19 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-09 12:01:18 0 d-------- C:\WINDOWS\LastGood
2008-04-09 11:30:18 0 d-------- C:\Program Files\Trend Micro
2008-04-08 11:17:17 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-04-08 11:16:26 0 d-------- C:\WINDOWS\Prefetch
2008-04-08 11:16:25 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 14:27:48 0 d-------- C:\WINDOWS\peernet
2008-04-07 14:27:47 0 d-------- C:\WINDOWS\provisioning
2008-04-07 14:25:02 0 d-------- C:\WINDOWS\ServicePackFiles
2008-04-07 14:21:01 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-07 14:18:00 0 d-------- C:\WINDOWS\EHome
2008-04-07 13:44:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-07 13:40:34 0 --a------ C:\WINDOWS\system32\wmsoft61550.exe
2008-04-07 13:40:33 80 --a------ C:\WINDOWS\system32\i
2008-04-07 13:33:13 0 d-------- C:\WINDOWS\system32\bits
2008-04-07 13:23:56 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-07 13:21:28 0 d---s---- C:\Documents and Settings\Kimm Sykes\UserData
2008-04-07 13:04:26 0 d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Thunderbird
2008-04-07 13:04:10 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 13:00:42 0 d-------- C:\Downloads
2008-04-07 12:17:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 00:19:46 0 dr-h----- C:\$VAULT$.AVG
2008-04-07 00:16:13 0 d-------- C:\Documents and Settings\Kimm Sykes\Application Data\AVG7
2008-04-07 00:13:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-07 00:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 00:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-06 23:45:03 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-06 23:44:56 0 d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Mozilla
2008-04-06 23:39:37 350850 --ahs---- C:\WINDOWS\system32\ikkjjkkj.ini2
2008-04-06 23:35:02 120 --a------ C:\WINDOWS\system32\vvkxjqb.bat
2008-04-06 23:34:39 0 d--hs---- C:\WINDOWS\Installer
2008-04-06 23:34:34 0 d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Identities
2008-04-06 23:34:16 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:16 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:15 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:15 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2008-04-06 23:34:15 6550 --a------ C:\WINDOWS\jautoexp.dat
2008-04-06 23:34:08 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-04-06 23:34:08 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-04-06 23:34:08 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:08 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:08 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:07 945424 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:07 154896 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:07 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:07 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:06 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:06 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:05 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:34:04 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-04-06 23:33:58 0 dr------- C:\Documents and Settings\Kimm Sykes\My Documents
2008-04-06 23:33:58 0 d--h----- C:\Documents and Settings\Kimm Sykes\Local Settings
2008-04-06 23:33:58 0 dr------- C:\Documents and Settings\Kimm Sykes\Favorites
2008-04-06 23:33:58 0 d-------- C:\Documents and Settings\Kimm Sykes\Desktop
2008-04-06 23:33:58 0 d---s---- C:\Documents and Settings\Kimm Sykes\Cookies
2008-04-06 23:33:58 0 dr-h----- C:\Documents and Settings\Kimm Sykes\Application Data
2008-04-06 23:33:57 0 d--h----- C:\Documents and Settings\Kimm Sykes\Templates
2008-04-06 23:33:57 0 dr------- C:\Documents and Settings\Kimm Sykes\Start Menu
2008-04-06 23:33:57 0 dr-h----- C:\Documents and Settings\Kimm Sykes\SendTo
2008-04-06 23:33:57 0 dr-h----- C:\Documents and Settings\Kimm Sykes\Recent
2008-04-06 23:33:57 0 d--h----- C:\Documents and Settings\Kimm Sykes\PrintHood
2008-04-06 23:33:57 786432 --ah----- C:\Documents and Settings\Kimm Sykes\NTUSER.DAT
2008-04-06 23:33:57 0 d--h----- C:\Documents and Settings\Kimm Sykes\NetHood
2008-04-06 23:31:07 0 d--hs---- C:\System Volume Information
2008-04-06 23:30:58 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-06 23:30:58 241664 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-06 23:30:58 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-06 23:30:58 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-04-06 23:30:58 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-06 23:30:58 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-06 23:30:57 241664 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-06 23:30:57 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-06 23:30:57 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-04-06 23:30:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-06 23:14:28 0 d-------- C:\WINDOWS\system32\xircom
2008-04-06 23:14:28 0 d-------- C:\Program Files\microsoft frontpage
2008-04-06 23:14:25 241664 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-06 23:14:22 0 d-------- C:\DELL
2008-04-06 23:14:15 0 -rahs---- C:\MSDOS.SYS
2008-04-06 23:14:15 0 -rahs---- C:\IO.SYS
2008-04-06 23:14:15 0 --a------ C:\CONFIG.SYS
2008-04-06 23:14:15 0 --a------ C:\AUTOEXEC.BAT
2008-04-06 23:13:10 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-06 23:12:59 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-06 23:12:59 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-06 23:12:34 0 d-------- C:\WINDOWS\srchasst
2008-04-06 23:12:28 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-06 23:12:28 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-06 23:12:18 0 d-------- C:\Program Files\Movie Maker
2008-04-06 23:11:57 0 d-------- C:\WINDOWS\system32\Restore
2008-04-06 23:11:53 0 d-------- C:\WINDOWS\PCHEALTH
2008-04-06 23:11:49 0 d---s---- C:\WINDOWS\Tasks
2008-04-06 23:11:46 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-06 23:11:35 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-06 23:11:20 0 d-------- C:\WINDOWS\Registration
2008-04-06 23:10:49 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-06 23:10:49 0 d-------- C:\Program Files\Online Services
2008-04-06 23:10:44 0 d-------- C:\Program Files\Messenger
2008-04-06 23:10:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-06 23:10:28 0 d-------- C:\Program Files\Windows NT
2008-04-06 23:10:19 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-06 23:10:17 0 d-------- C:\WINDOWS\system32\Com
2008-04-06 17:56:46 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-06 17:56:43 0 dr------- C:\Program Files
2008-04-06 17:56:43 0 d-------- C:\Program Files\Common Files
2008-04-06 17:56:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-06 17:56:24 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-06 17:56:24 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-06 17:56:24 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-06 17:56:24 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-06 17:56:24 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-06 17:56:24 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-06 17:56:24 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-06 17:56:24 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-06 17:56:24 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-06 17:56:24 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-06 17:56:24 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-06 17:56:24 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-06 17:56:24 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-06 17:56:24 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-06 17:56:24 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-06 17:56:24 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-06 17:56:12 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-06 17:56:12 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-06 17:56:06 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-06 17:56:06 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-06 17:56:06 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-06 17:56:06 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-06 17:55:54 0 d-------- C:\Documents and Settings
2008-04-06 17:51:58 0 d-------- C:\WINDOWS
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\WinSxS
2008-04-06 17:51:58 0 dr------- C:\WINDOWS\Web
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\twain_32
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\wins
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\wbem
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\usmt
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\spool
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\Setup
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\ras
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\oobe
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\npp
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\mui
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\IME
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\ias
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\export
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\drivers
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-06 17:51:58 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\config
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\3076
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\2052
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1054
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1042
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1041
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1037
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1033
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1031
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1028
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system32\1025
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\system
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\security
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Resources
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\repair
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\mui
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\msapps
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\msagent
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Media
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\java
2008-04-06 17:51:58 0 d--h----- C:\WINDOWS\inf
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\ime
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Help
2008-04-06 17:51:58 0 dr--s---- C:\WINDOWS\Fonts
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Driver Cache
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Debug
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Cursors
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\Config
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\AppPatch
2008-04-06 17:51:58 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-04-06 17:56:24 62 --ahs---- C:\Documents and Settings\Kimm Sykes\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC7A192-C6C2-401A-8F88-1C915A4BECE8}]
C:\WINDOWS\System32\jkkjjkki.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/07/2008 12:13 AM]
"BMf7fd50e4 "= "C:\WINDOWS\System32\uquvqwpm.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 02:56 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9292C2AD-D36E-4051-AF6D-0C6D2AEE0C10} "= C:\WINDOWS\System32\ljjigeba.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjigeba]
ljjigeba.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\System32\jkkjjkki

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- End of Deckard's System Scanner: finished at 2008-04-09 13:12:04 ------------

Later. Pepse.

 

Hi Pepse

Please do this.

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


Please post the log.

Thanks
Geri

 

ComboFix 08-04-09.8 - Kimm Sykes 2008-04-10 2:08:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.101 [GMT -5:00]
Running from: C:\Documents and Settings\Kimm Sykes\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7fd50e4.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ikkjjkkj.ini
C:\WINDOWS\system32\ikkjjkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-09 13:10 . 2008-04-09 13:10 <DIR> d-------- C:\Deckard
2008-04-09 12:01 . 2008-04-10 01:07 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-09 11:30 . 2008-04-09 11:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 11:16 . 2008-04-08 11:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 14:29 . 2008-04-08 11:17 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\peernet
2008-04-07 14:25 . 2008-04-07 14:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-07 14:20 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-07 14:18 . 2008-04-07 14:18 <DIR> d-------- C:\WINDOWS\EHome
2008-04-07 14:07 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-07 14:07 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-07 14:07 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-07 13:40 . 2008-04-07 13:40 80 --a------ C:\WINDOWS\system32\i
2008-04-07 13:40 . 2008-04-07 13:40 0 --a------ C:\WINDOWS\system32\wmsoft61550.exe
2008-04-07 13:33 . 2008-04-07 13:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-07 13:31 . 2004-08-04 02:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-04-07 13:31 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-07 13:31 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-07 13:31 . 2004-08-04 02:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-07 13:31 . 2004-08-04 02:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-07 13:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 13:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-07 13:25 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-07 13:25 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-07 13:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-07 13:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-07 13:21 . 2008-04-07 13:21 <DIR> d---s---- C:\Documents and Settings\Kimm Sykes\UserData
2008-04-07 13:04 . 2008-04-07 13:15 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 13:04 . 2008-04-07 13:04 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Thunderbird
2008-04-07 13:00 . 2008-04-08 12:47 <DIR> d-------- C:\Downloads
2008-04-07 12:52 . 2008-04-07 12:53 153 --a------ C:\WINDOWS\wininit.ini
2008-04-07 12:17 . 2008-04-07 12:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 12:17 . 2008-04-10 02:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 00:16 . 2008-04-09 10:54 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-07 00:13 . 2008-04-07 00:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-07 00:12 . 2008-04-07 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 00:12 . 2008-04-07 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 04:34 155,995 ----a-w C:\WINDOWS\java\Packages\1BFBNFDN.ZIP
2008-04-07 04:14 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC7A192-C6C2-401A-8F88-1C915A4BECE8}]
C:\WINDOWS\System32\jkkjjkki.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:56 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-07 00:13 579072]
"BMf7fd50e4 "= "C:\WINDOWS\System32\uquvqwpm.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-07 00:13 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjigeba]
ljjigeba.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=


.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 02:10:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
.
**************************************************************************
.
Completion time: 2008-04-10 2:11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 07:11:22
Pre-Run: 35,764,654,080 bytes free
Post-Run: 35,724,468,224 bytes free
.
2008-04-09 18:15:37 --- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:16:56 AM, on 4/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ACC7A192-C6C2-401A-8F88-1C915A4BECE8} - C:\WINDOWS\System32\jkkjjkki.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BMf7fd50e4] Rundll32.exe "C:\WINDOWS\System32\uquvqwpm.dll ",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1207592645124
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207592524889
O20 - Winlogon Notify: ljjigeba - ljjigeba.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

--
End of file - 3306 bytes

 

Hi Pepse

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\wmsoft61550.exe

Folder::
C:\WINDOWS\system32\i
C:\WINDOWS\java\Packages\1BFBNFDN.ZIP

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC7A192-C6C2-401A-8F88-1C915A4BECE8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "BMf7fd50e4 "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjigeba] 

Please post the CFScript log.

Thanks
Geri

 

ComboFix 08-04-09.8 - Kimm Sykes 2008-04-11 1:40:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.109 [GMT -5:00]
Running from: C:\Documents and Settings\Kimm Sykes\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kimm Sykes\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\java\Packages\1BFBNFDN.ZIP\
C:\WINDOWS\system32\i\
C:\WINDOWS\system32\wmsoft61550.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))
.

2008-04-10 01:00 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-10 00:56 . 2007-12-18 04:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-04-10 00:55 . 2007-08-21 01:15 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-04-10 00:53 . 2007-12-04 13:38 550,912 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-04-09 13:10 . 2008-04-09 13:10 <DIR> d-------- C:\Deckard
2008-04-09 12:01 . 2008-04-10 11:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-09 12:01 . 2006-05-05 04:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-09 12:01 . 2006-10-12 06:09 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
2008-04-09 12:01 . 2006-05-05 04:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-04-09 12:01 . 2007-03-09 08:46 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-04-09 12:01 . 2006-10-12 09:02 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
2008-04-09 11:30 . 2008-04-09 11:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 11:56 . 2006-03-16 19:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-04-08 11:16 . 2008-04-08 11:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 14:29 . 2008-04-08 11:17 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\peernet
2008-04-07 14:25 . 2008-04-07 14:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-07 14:20 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-07 14:18 . 2008-04-07 14:18 <DIR> d-------- C:\WINDOWS\EHome
2008-04-07 14:07 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-07 14:07 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-07 14:07 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-07 13:40 . 2008-04-07 13:40 80 --a------ C:\WINDOWS\system32\i
2008-04-07 13:33 . 2008-04-07 13:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-07 13:31 . 2004-08-04 02:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-04-07 13:31 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-07 13:31 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-07 13:31 . 2004-08-04 02:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-07 13:31 . 2004-08-04 02:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-07 13:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 13:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-07 13:25 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-07 13:25 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-07 13:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-07 13:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-07 13:21 . 2008-04-07 13:21 <DIR> d---s---- C:\Documents and Settings\Kimm Sykes\UserData
2008-04-07 13:04 . 2008-04-07 13:15 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 13:04 . 2008-04-07 13:04 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Thunderbird
2008-04-07 13:00 . 2008-04-08 12:47 <DIR> d-------- C:\Downloads
2008-04-07 12:52 . 2008-04-07 12:53 153 --a------ C:\WINDOWS\wininit.ini
2008-04-07 12:17 . 2008-04-07 12:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 12:17 . 2008-04-10 02:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 00:16 . 2008-04-10 10:36 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-07 00:13 . 2008-04-07 00:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-07 00:12 . 2008-04-07 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 00:12 . 2008-04-07 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 04:34 155,995 ----a-w C:\WINDOWS\java\Packages\1BFBNFDN.ZIP
2008-04-07 04:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 04:34 155,995 ----a-w C:\WINDOWS\java\Packages\1BFBNFDN.ZIP
2008-04-07 04:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-10_ 2.11.03.65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-12-07 19:29:19 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
+ 2004-11-30 19:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
+ 2004-12-01 01:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
+ 2004-12-01 01:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
+ 2004-11-30 19:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-04 07:56:49 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-04 07:56:50 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-04 07:56:41 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 07:56:41 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 07:56:47 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2008-04-10 07:09:11 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-11 06:41:51 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2004-08-04 07:56:41 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 07:56:41 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 07:56:41 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 08:59:34 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 07:56:41 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-04 07:56:41 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 07:56:41 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 08:59:35 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 07:56:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-04 07:56:41 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-04 07:56:41 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 07:56:41 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 07:56:41 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 07:56:41 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-04 07:56:41 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2001-08-18 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-04 07:56:41 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 07:56:41 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2004-08-04 07:56:41 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 08:59:35 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 07:56:42 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-08-16 11:58:05 100,352 -c----w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2008-02-16 08:59:34 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 08:59:35 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2006-06-22 05:06:29 69,120 -c----w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-08-25 15:45:58 617,472 -c----w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2001-08-18 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2008-02-16 08:59:35 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2006-05-19 12:59:41 111,616 -c----w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2007-05-16 15:12:00 86,528 -c----w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2006-08-22 09:05:26 498,742 -c----w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2008-02-16 08:59:35 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 08:59:35 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-06-13 10:23:07 1,033,216 -c----w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2008-02-16 08:59:35 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-08-21 12:21:06 16,896 -c----w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 09:14:58 23,040 -c----w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 128,896 -c----w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2001-08-18 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2008-02-20 06:51:05 282,624 -c----w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2001-08-18 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-16 08:59:35 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 08:59:35 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2006-05-19 12:59:41 94,720 -c----w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2001-08-18 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:47:07 163,840 -c--a-w C:\WINDOWS\system32\dllcache\jgdw400.dll
- 2001-08-18 12:00:00 42,496 -c--a-w C:\WINDOWS\system32\dllcache\jgpl400.dll
+ 2006-06-01 18:47:07 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jgpl400.dll
+ 2007-12-18 14:40:58 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-02-16 08:59:35 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-04-16 15:52:53 984,576 -c----w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\system32\dllcache\kmixer.sys
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-03-08 15:36:28 40,960 -c----w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2001-08-18 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-10-14 08:13:25 981,760 -c----w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-12-26 13:07:23 536,576 -c----w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 180,224 -c----w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 200,704 -c----w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-11-27 14:54:06 539,136 -c----w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2008-02-16 22:29:38 3,059,712 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 08:59:37 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2006-12-26 13:07:23 102,400 -c----w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2007-05-16 15:12:08 1,314,816 -c----w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2008-02-16 08:59:37 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 08:59:37 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-06-26 06:08:16 1,104,896 -c----w C:\WINDOWS\system32\dllcache\msxml3.dll
+ 2006-08-17 12:28:27 332,288 -c----w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2007-02-09 11:10:35 574,464 -c----w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2006-10-13 12:35:12 142,336 -c----w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2001-08-18 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:39:48 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2001-08-18 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2001-08-18 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2008-02-16 08:59:37 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2006-06-22 05:06:30 1,435,648 -c----w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-26 17:37:10 8,192 -c----w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-22 10:47:18 181,248 -c----w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-11-27 14:54:06 433,152 -c----w C:\WINDOWS\system32\dllcache\riched20.dll
- 2001-08-18 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2007-04-25 14:21:15 144,896 -c----w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2008-02-16 08:59:38 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2008-02-16 08:59:38 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-12-19 21:52:18 134,656 -c----w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\system32\dllcache\splitter.sys
+ 2006-08-14 10:34:41 332,928 -c----w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-21 14:52:08 246,814 -c----w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-10-19 13:56:32 713,216 -c----w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2007-04-23 10:32:54 364,160 -c----w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-02-05 20:17:02 185,344 -c----w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2008-02-16 08:59:38 615,936 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-03-08 15:36:28 577,536 -c----w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c----w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-05-16 15:12:12 510,976 -c----w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:15 85,504 -c----w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2006-06-14 09:00:45 82,944 -c----w C:\WINDOWS\system32\dllcache\wdmaud.sys
+ 2006-12-19 18:16:47 333,824 -c----w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2008-03-19 09:47:00 1,845,248 -c----w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-02-16 08:59:39 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-03-17 13:43:01 292,864 -c----w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2006-08-17 12:28:27 132,096 -c----w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2007-10-27 22:39:20 230,912 -c----w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 22:37:38 2,109,440 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 07:56:42 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 05:39:36 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2004-08-04 06:01:19 124,800 ------w C:\WINDOWS\system32\drivers\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 ------w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-08-04 06:00:13 263,040 ------w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\system32\drivers\http.sys
- 2004-08-04 06:04:50 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-04 06:07:48 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
- 2004-08-04 06:15:16 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 06:15:09 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-04 06:20:06 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 08:01:08 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2001-08-18 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2001-08-18 12:00:00 27,440 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-04 06:07:47 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 06:14:45 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 06:14:40 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 06:07:45 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 05:58:32 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-04 06:15:04 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-04 07:56:42 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-22 09:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-04 07:56:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 08:59:35 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 07:56:42 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 08:59:35 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 07:56:42 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-04 07:56:42 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 08:59:35 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 07:56:42 16,896 ------w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-04 07:56:49 22,528 ------w C:\WINDOWS\system32\fltmc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2008-04-08 16:16:06 91,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-10 15:35:16 91,888 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2001-08-18 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 07:56:42 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2001-08-18 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 07:56:42 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-08-04 07:56:42 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2004-08-04 07:56:42 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 08:59:35 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 07:56:42 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 07:56:42 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 08:59:35 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 07:56:42 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 07:56:42 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-04 07:56:42 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2001-08-18 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:47:07 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2001-08-18 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:47:07 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-04 07:56:42 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 07:56:42 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 08:59:35 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-04 07:56:42 983,552 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 07:56:42 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 07:56:42 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-01-21 21:01:22 25,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\genuinst.exe
+ 2006-01-03 23:14:12 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
- 2004-08-04 07:56:42 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2001-08-18 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 07:56:42 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-04 07:56:42 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 07:56:43 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 07:56:43 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 07:56:43 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 07:56:43 537,088 ------w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ------w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 07:56:43 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 22:29:38 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 07:56:43 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 08:59:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2005-05-04 19:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 07:56:43 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 08:59:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 07:56:43 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 08:59:37 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-04 07:56:44 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 07:56:44 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-04 07:56:44 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 07:56:44 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 05:58:58 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-04 06:19:59 2,180,992 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 07:56:44 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-08-04 07:56:44 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 07:56:44 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2001-08-18 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2001-08-18 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2001-08-18 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2008-04-08 16:20:13 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-10 15:37:42 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 16:20:13 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-10 15:37:42 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-04 07:56:44 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 08:59:37 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 07:56:44 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 07:56:44 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-04 07:56:44 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 07:56:44 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
- 2004-08-04 07:56:44 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 07:56:44 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 07:56:44 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-04 07:56:45 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 08:59:38 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 07:56:45 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 07:56:45 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 08:59:38 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 07:56:45 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2004-08-04 07:56:57 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-04 07:56:45 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 07:56:45 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 14:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 07:56:46 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 07:56:46 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 07:56:46 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 07:56:57 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 07:56:46 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 07:56:46 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 07:56:46 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-04 07:56:46 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 08:59:38 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 07:56:46 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-04 07:56:46 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 07:56:46 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 07:56:46 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-04 07:56:46 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 22:39:20 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
- 2004-08-04 07:56:46 4,874,240 ------w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 07:22:16 4,734,976 ------w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 07:57:02 2,105,344 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2007-10-27 22:37:38 2,109,440 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 07:56:46 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-07 00:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-07 00:13 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=


.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 01:41:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-11 1:42:31
ComboFix-quarantined-files.txt 2008-04-11 06:42:20
ComboFix2.txt 2008-04-10 07:11:35
Pre-Run: 35,127,402,496 bytes free
Post-Run: 35,117,780,992 bytes free
.
2008-04-10 16:14:17 --- E O F ---

 

Hi Pepse

Ok lets do this one more time.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\i
C:\WINDOWS\java\Packages\1BFBNFDN.ZIP 

Please post the CFScript log again.

Thanks
Geri

 

ComboFix 08-04-09.8 - Kimm Sykes 2008-04-12 1:29:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.83 [GMT -5:00]
Running from: C:\Documents and Settings\Kimm Sykes\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kimm Sykes\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-10 01:00 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-10 00:56 . 2007-12-18 04:51 179,584 -----c--- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-04-10 00:55 . 2007-08-21 01:15 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-04-10 00:53 . 2007-12-04 13:38 550,912 -----c--- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-04-09 13:10 . 2008-04-09 13:10 <DIR> d-------- C:\Deckard
2008-04-09 12:01 . 2008-04-10 11:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-09 12:01 . 2006-05-05 04:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-09 12:01 . 2006-10-12 06:09 256,512 -----c--- C:\WINDOWS\system32\dllcache\agentsvr.exe
2008-04-09 12:01 . 2006-05-05 04:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-04-09 12:01 . 2007-03-09 08:46 57,344 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-04-09 12:01 . 2006-10-12 09:02 42,496 -----c--- C:\WINDOWS\system32\dllcache\agentdp2.dll
2008-04-09 11:30 . 2008-04-09 11:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-08 11:56 . 2006-03-16 19:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-04-08 11:16 . 2008-04-08 11:16 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-07 14:29 . 2008-04-08 11:17 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-07 14:27 . 2008-04-07 14:27 <DIR> d-------- C:\WINDOWS\peernet
2008-04-07 14:25 . 2008-04-07 14:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-07 14:20 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-07 14:18 . 2008-04-07 14:18 <DIR> d-------- C:\WINDOWS\EHome
2008-04-07 14:07 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-07 14:07 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-07 14:07 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-07 13:40 . 2008-04-07 13:40 80 --a------ C:\WINDOWS\system32\i
2008-04-07 13:33 . 2008-04-07 13:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-07 13:31 . 2004-08-04 02:56 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2008-04-07 13:31 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-07 13:31 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-07 13:31 . 2004-08-04 02:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-07 13:31 . 2004-08-04 02:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-07 13:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-07 13:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-07 13:25 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-07 13:25 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-07 13:25 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-04-07 13:25 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-04-07 13:25 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-04-07 13:25 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-04-07 13:21 . 2008-04-07 13:21 <DIR> d---s---- C:\Documents and Settings\Kimm Sykes\UserData
2008-04-07 13:04 . 2008-04-07 13:15 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2008-04-07 13:04 . 2008-04-07 13:04 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\Thunderbird
2008-04-07 13:00 . 2008-04-08 12:47 <DIR> d-------- C:\Downloads
2008-04-07 12:52 . 2008-04-07 12:53 153 --a------ C:\WINDOWS\wininit.ini
2008-04-07 12:17 . 2008-04-07 12:17 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 12:17 . 2008-04-10 02:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 00:16 . 2008-04-12 00:57 <DIR> d-------- C:\Documents and Settings\Kimm Sykes\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-07 00:13 . 2008-04-07 00:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-07 00:13 . 2008-04-07 00:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-04-07 00:12 . 2008-04-07 00:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-07 00:12 . 2008-04-07 11:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 04:34 155,995 ----a-w C:\WINDOWS\java\Packages\1BFBNFDN.ZIP
2008-04-07 04:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-11_ 1.42.10.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-11 06:41:51 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
+ 2008-04-12 06:30:05 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-07 00:13 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-07 00:13 219136]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=


.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 01:30:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 1:30:45
ComboFix-quarantined-files.txt 2008-04-12 06:30:34
ComboFix2.txt 2008-04-11 06:42:32
ComboFix3.txt 2008-04-10 07:11:35
Pre-Run: 35,106,795,520 bytes free
Post-Run: 35,099,549,696 bytes free
.
2008-04-10 16:14:17 --- E O F ---

 

Hi Pepse
Are you sure you ran the correct CFScript?

Please see if you can delete these manually.

C:\WINDOWS\system32\i
C:\WINDOWS\java\Packages\1BFBNFDN.ZIP

Let me know.

Thanks
Geri

 

Geri,

Yeah, I did cut and paste on that CFScript both times. As for the 2 items you asked about. I did a Start-Search- and was able to remove the " i " file but not the java file. Got somewhere else I can look for it to remove it?

Pepse.

 

Hi Pepse

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\WINDOWS\java\Packages\1BFBNFDN.ZIP
  

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know if OTMoveIt2 confirmed that it moved it.

Thanks
Geri

 

File/Folder C:\WINDOWS\java\Packages\1BFBNFDN.ZIP not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04132008_222757

As you see it says the file is not found. But this was from the second time I did this because the first time after OT moved it I closed out and then read your post again and discovered that I forgot to post the results here. Or if I messed up let me know what to do next.

Pepse.

 

Hi Pepse

OK if it moved it the first time that is good.

Lets run a on-line scan.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

You will be prompted to install an ActiveX component from Kaspersky, Click Yes or Install.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 14, 2008 1:56:38 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/04/2008
Kaspersky Anti-Virus database records: 703073
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 24846
Number of viruses found: 5
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 00:25:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Kimm Sykes\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kimm Sykes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kimm Sykes\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kimm Sykes\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kimm Sykes\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kimm Sykes\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kimm Sykes\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP17\change.log Object is locked skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP3\A0000037.exe Infected: Trojan.Win32.Pakes.cop skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP3\A0000038.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP3\A0000039.exe Infected: Trojan-Proxy.Win32.Agent.aeu skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP3\A0000040.exe Infected: Trojan-Proxy.Win32.Agent.aeu skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP3\A0000042.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.mxi skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP8\A0003583.exe Infected: Trojan.Win32.NoUpdate.b skipped
C:\System Volume Information\_restore{1BD6CF6C-4201-4E59-84F4-71728849565D}\RP8\A0003584.exe Infected: Trojan.Win32.NoUpdate.b skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

Hi Pepse

OK that looks good.

Please do this.

• Please double-click OTMoveIt.exe to run it.
• Click on the CleanUp! button. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
• This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


We need to turn off and on system restore. There are infections in it and by using system restore you would reinfect yourself.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

Let me know how things are running.

Thanks
Geri

 

Geri,

So, far it seems pretty good. I will let you know either Tues. afternoon or early Wed. morn.

Pepse.

 

Geri,

Everything is running smooth again. BUT, I need to know how to re-do things so that the CD-ROM auto loads, and whatever else needs to be turned on.

Pepse.

 

Hi Pepse

OK Good to hear.

I will PM you the instruction on how to fix auto run.

We do not wish to post that here on the board, so please check your PM.

Let me know and then I'll mark this one resolved.

Thanks
Geri