Solved Viruses, Adware, Trojans. I'm sunk.

Hi Pepse

OK, whenever you can get here.

I'm not going anywhere.

Geri

 

StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trkic\webinfox2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trkic\webinfox2.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Pepse\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Works Calendar Reminders.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CARPService = carpserv.exe
WCOLOREAL = "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
srmclean = C:\Cpqs\Scom\srmclean.exe
Smapp = C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
AutoLogon =
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
CamMonitor = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
HP Software Update = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
HPHmon05 = C:\WINDOWS\system32\hphmon05.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
PRONoMgr.exe = C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
WebInf = C:\Program Files\Trkic\webinfox2.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
DW4 =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing) - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\rubcnsri.dll (file missing) - {479da9e8-1dd2-11b2-9fa9-873c0b90b5d5}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
(no name) - C:\WINDOWS\tgfydonq.dll (file missing) - {645af146-1dd2-11b2-b2bb-8782910e93a0}
(no name) - C:\WINDOWS\ryvwjofq.dll - {c48d83c8-1dd1-11b2-a29b-88574dde46ab}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
HP Usg Daily.job
SpywareBot Scheduled Scan.job
WebReg 20070903032716.job

 

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

[YahooYMailTo Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll
CODEBASE = http://download.yahoo.com/dl/installs/ymail/ymmapi.dll

[Java Plug-in 1.4.1_02]
InProcServer32 = C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
CODEBASE = http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
basic2: System32\DRIVERS\basic2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Pepse\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative SBLive! Gameport: System32\DRIVERS\ctljystk.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Yamaha DS1 Audio Driver (WDM): system32\drivers\ds1wdm.sys (manual start)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
EACMOS: \SystemRoot\system32\drivers\EACMOS.SYS (system)
Compaq Easy Access PS2 Internet Keyboard (Win2K): System32\DRIVERS\eaps2kbd.sys (manual start)
EAWDMFD: System32\DRIVERS\eawdmfd.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\fallback.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
VIA Rhine-Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5bv.sys (manual start)
VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver: System32\DRIVERS\fetnd5.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\fsksnt.sys (autostart)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Game port for Yamaha DS1: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimFP5: System32\DRIVERS\wADV07nt.sys (manual start)
iAimFP6: System32\DRIVERS\wADV08nt.sys (manual start)
iAimFP7: System32\DRIVERS\wADV09nt.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
iAimTV5: System32\DRIVERS\wATV10nt.sys (manual start)
iAimTV6: System32\DRIVERS\wATV06nt.sys (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IntelIde: system32\DRIVERS\intelide.sys (system)
Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\k56nt.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
MR97310 CIF Dual Mode Camera: System32\DRIVERS\mr97310c.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel NCS NetService: C:\Program Files\Intel\NCS\Sync\NetSvc.exe (manual start)
NETGEAR FA310TX Fast Ethernet Adapter Driver: System32\DRIVERS\ngrpci.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PfModNT: \??\C:\WINDOWS\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\system32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\rksample.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
ServiceLayer: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
SoftFax: System32\DRIVERS\faxnt.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
DualCamera: System32\Drivers\Capt905c.sys (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
StreamDispatcher: System32\DRIVERS\strmdisp.sys (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{86B83382-931F-480F-9121-11F7B38A9516} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\tonesnt.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft AGPv3.5 Filter: System32\DRIVERS\uagp35.sys (system)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Nokia CA-42 USB: system32\DRIVERS\usb2vcom.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\v124nt.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\System32\MsPMSPSv.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 38,638 bytes
Report generated in 0.188 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

 

Strange thing, I had to go to my FireFox browser to complete this as I kept getting an error to refresh the page in IE6.

ComboFix 07-10-12.4 - Pepse 2007-10-12 1:22:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.240 [GMT -5:00]
Running from: C:\Documents and Settings\Pepse\Local Settings\Temporary Internet Files\Content.IE5\YPK7AX45\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-08 11:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 01:20 <DIR> d-------- C:\VundoFix Backups
2007-10-03 01:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-03 00:38 <DIR> d-------- C:\Program Files\Trkic
2007-10-02 11:26 <DIR> d-------- C:\Deckard
2007-09-23 23:24 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-09-23 23:24 <DIR> d-------- C:\Program Files\PerfSoft
2007-09-23 20:20 <DIR> d-------- C:\Program Files\WinPerformance

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 18:12 --------- d-----w C:\Documents and Settings\Pepse\Application Data\AVG7
2007-10-01 18:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-09-24 04:24 --------- d-----w C:\Program Files\MyApp
2007-09-24 04:24 --------- d-----w C:\Program Files\DivX
2007-09-24 04:23 --------- d-----w C:\Program Files\USoft
2007-09-24 04:23 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-09-06 21:46 98,304 ------w C:\WINDOWS\ryvwjofq.dll
2007-08-30 16:29 --------- d-----w C:\Documents and Settings\Pepse\Application Data\Nokia
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-i.FOT
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-bi.FOT
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-b.FOT
2007-08-25 17:13 --------- d-----w C:\Documents and Settings\Pepse\Application Data\aMule
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-16 17:40 --------- d--h--r C:\Documents and Settings\Pepse\Application Data\yahoo!
2007-08-16 02:01 --------- d-----w C:\Program Files\qzidexet
2007-08-15 21:33 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-08-15 21:27 --------- d-----w C:\Program Files\The Weather Channel FW
2007-08-15 21:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-08-15 21:22 --------- d-----w C:\Program Files\Common Files\Real
2007-08-15 21:07 --------- d-----w C:\Documents and Settings\Pepse\Application Data\Apple Computer
2007-08-02 17:12 528,384 ----a-w C:\WINDOWS\system32\After Dark Flying Toasters Free.scr
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_12.16.15.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-04 12:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:45 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:09:18 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 13:12:15 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 13:12:16 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-14 18:09:18 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-14 18:09:20 3,058,688 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-14 18:09:20 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-06-14 18:09:20 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-14 18:09:20 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:09:10 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{479da9e8-1dd2-11b2-9fa9-873c0b90b5d5}]
C:\WINDOWS\rubcnsri.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{645af146-1dd2-11b2-b2bb-8782910e93a0}]
C:\WINDOWS\tgfydonq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c48d83c8-1dd1-11b2-a29b-88574dde46ab}]
2007-09-06 16:46 98304 --------- C:\WINDOWS\ryvwjofq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService "= "carpserv.exe" [2002-01-02 19:06 C:\WINDOWS\system32\carpserv.exe]
"WCOLOREAL "= "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 17:46]
"CPQEASYACC "= "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01]
"srmclean "= "C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34]
"Smapp "= "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio "= "C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 13:00]
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00]
"AutoLogon "=" " []
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-11-06 23:03]
"nwiz "= "nwiz.exe" [2003-11-06 23:04 C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon "= "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42]
"CamMonitor "= "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-04 17:36]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPHUPD05 "= "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-23 19:31]
"PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-15 16:22]
"WebInf "= "C:\Program Files\Trkic\webinfox2.exe" [2007-10-03 00:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-11-06 23:04]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49]
"DW4 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 13:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S3 usb2vcom;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-07-02 03:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-07 23:45:01 C:\WINDOWS\Tasks\HP Usg Daily.job "
"2007-09-03 08:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job "
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-09-03 08:27:17 C:\WINDOWS\Tasks\WebReg 20070903032716.job "
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 01:25:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-12 1:26:19
C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:20
C:\ComboFix2.txt ... 2007-10-08 12:20
.
--- E O F ---

 

Hi

Please post the contents of this log.

C:\ComboFix-quarantined-files.txt

Thanks
Geri

 

Code:

2006-07-20 15:10      50680    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\YTAntiSpy.dll.vir
2006-10-25 17:07      116216    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\YMERemote.dll.vir
2006-10-25 17:07      66616    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\YTMsgr.dll.vir
2006-10-25 17:08      1313    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_atb.html.vir
2006-10-25 17:08      1354    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_as.html.vir
2006-10-25 17:08      1658    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_map.html.vir
2006-10-25 17:08      1867    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_upg.html.vir
2006-10-25 17:08      1966    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_cotb.html.vir
2006-10-25 17:08      1995    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_catb.html.vir
2006-10-25 17:08      2037    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_cnf.html.vir
2006-10-25 17:08      2467    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_ctb.html.vir
2006-10-25 17:08      3228    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_pub.html.vir
2006-10-25 17:08      6910    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Data\dlg_opt.html.vir
2006-10-25 18:35      132600    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\YTabBar.dll.vir
2006-10-26 11:28      440384    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll.bak.vir
2006-11-01 12:40      201720    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\ypubc.dll.vir
2006-11-01 12:40      71160    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\pubmod.dll.vir
2007-02-21 00:48      4078    --a------    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\ytinst.log.vir
2007-05-24 16:21      49808    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe.vir
2007-06-05 10:03      172656    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll.vir
2007-08-02 12:11      63396    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSUninst.exe.vir
2007-08-02 12:12      1689523    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\temp\3D Flying Toasters.exe.vir
2007-08-02 12:12      35325    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\temp\dmA.tmp.exe.vir
2007-08-02 12:12      43    --a------    C:\Qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\temp\dm8.tmp.exe.vir
2007-08-15 21:01      100920    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla2.exe.vir
2007-08-15 21:01      97312    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla3.exe.vir
2007-08-15 21:01      99848    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla1.exe.vir
2007-08-18 22:20      10182    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\main.htm.vir
2007-08-18 22:20      1320    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\reinstall1.gif.vir
2007-08-18 22:20      1322    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\turnon1.gif.vir
2007-08-18 22:20      1325    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\turnoff1.gif.vir
2007-08-18 22:20      15086    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\icon1.ico.vir
2007-08-18 22:20      22168    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\mainframe.htm.vir
2007-08-18 22:20      283    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\bgtop.gif.vir
2007-08-18 22:20      297    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\softbottom_on.gif.vir
2007-08-18 22:20      3485    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\top2.gif.vir
2007-08-18 22:20      3572    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\top1.gif.vir
2007-08-18 22:20      3854    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\s2.htm.vir
2007-08-18 22:20      419    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\bottom1.gif.vir
2007-08-18 22:20      423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\softbottom_off.gif.vir
2007-08-18 22:20      4254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\s3.htm.vir
2007-08-18 22:20      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\bg1.gif.vir
2007-08-18 22:20      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\right1.gif.vir
2007-08-18 22:20      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\softleft_off.gif.vir
2007-08-18 22:20      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\softleft_on.gif.vir
2007-08-18 22:20      44    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\left1.gif.vir
2007-08-18 22:20      4589    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\s1.htm.vir
2007-08-18 22:20      51    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\li.gif.vir
2007-08-18 22:20      5803    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\logo.gif.vir
2007-08-18 22:20      619    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\essentials.gif.vir
2007-08-18 22:20      7046    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft2_on.gif.vir
2007-08-18 22:20      7062    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft2_on_ext.gif.vir
2007-08-18 22:20      7372    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft1_on.gif.vir
2007-08-18 22:20      7423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft1_on_ext.gif.vir
2007-08-18 22:20      7462    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\SMTop4.gif.vir
2007-08-18 22:20      7478    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\SMTop3.gif.vir
2007-08-18 22:20      7520    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft3_on.gif.vir
2007-08-18 22:20      7548    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft3_on_ext.gif.vir
2007-08-18 22:20      863    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\install1.gif.vir
2007-08-18 22:20      8751    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft2_off_ext.gif.vir
2007-08-18 22:20      8760    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft2_off.gif.vir
2007-08-18 22:20      8981    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft1_off.gif.vir
2007-08-18 22:20      8987    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft1_off_ext.gif.vir
2007-08-18 22:20      9058    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft3_off_ext.gif.vir
2007-08-18 22:20      9069    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\SMTop1.gif.vir
2007-08-18 22:20      9078    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\soft3_off.gif.vir
2007-08-18 22:20      9082    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\SMTop2.gif.vir
2007-08-18 23:41      100920    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo2.exe.vir
2007-08-18 23:41      97312    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo3.exe.vir
2007-08-18 23:41      99848    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo1.exe.vir
2007-08-26 22:13      10182    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\main.htm.vir
2007-08-26 22:13      1320    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\reinstall1.gif.vir
2007-08-26 22:13      1322    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\turnon1.gif.vir
2007-08-26 22:13      1325    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\turnoff1.gif.vir
2007-08-26 22:13      15086    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\icon1.ico.vir
2007-08-26 22:13      22168    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\mainframe.htm.vir
2007-08-26 22:13      283    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\bgtop.gif.vir
2007-08-26 22:13      297    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\softbottom_on.gif.vir
2007-08-26 22:13      3485    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\top2.gif.vir
2007-08-26 22:13      3572    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\top1.gif.vir
2007-08-26 22:13      3854    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\s2.htm.vir
2007-08-26 22:13      419    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\bottom1.gif.vir
2007-08-26 22:13      423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\softbottom_off.gif.vir
2007-08-26 22:13      4254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\s3.htm.vir
2007-08-26 22:13      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\bg1.gif.vir
2007-08-26 22:13      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\right1.gif.vir
2007-08-26 22:13      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\softleft_off.gif.vir
2007-08-26 22:13      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\softleft_on.gif.vir
2007-08-26 22:13      44    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\left1.gif.vir
2007-08-26 22:13      4589    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\s1.htm.vir
2007-08-26 22:13      51    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\li.gif.vir
2007-08-26 22:13      5803    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\logo.gif.vir
2007-08-26 22:13      619    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\essentials.gif.vir
2007-08-26 22:13      7046    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft2_on.gif.vir
2007-08-26 22:13      7062    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft2_on_ext.gif.vir
2007-08-26 22:13      7372    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft1_on.gif.vir
2007-08-26 22:13      7423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft1_on_ext.gif.vir
2007-08-26 22:13      7462    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\SMTop4.gif.vir
2007-08-26 22:13      7478    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\SMTop3.gif.vir
2007-08-26 22:13      7520    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft3_on.gif.vir
2007-08-26 22:13      7548    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft3_on_ext.gif.vir
2007-08-26 22:13      863    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\install1.gif.vir
2007-08-26 22:13      8751    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft2_off_ext.gif.vir
2007-08-26 22:13      8760    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft2_off.gif.vir
2007-08-26 22:13      8981    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft1_off.gif.vir
2007-08-26 22:13      8987    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft1_off_ext.gif.vir
2007-08-26 22:13      9058    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft3_off_ext.gif.vir
2007-08-26 22:13      9069    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\SMTop1.gif.vir
2007-08-26 22:13      9078    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\soft3_off.gif.vir
2007-08-26 22:13      9082    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\SMTop2.gif.vir
2007-08-26 23:35      43542    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\khhiggf.dll.vir
2007-08-27 00:46      298080    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtutu.dll.vir
2007-08-29 11:10      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lbhlhegj.exe.vir
2007-08-30 11:11      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\oinasbuo.exe.vir
2007-09-03 00:44      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\gdtyabfb.exe.vir
2007-09-06 13:16      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qvupbocq.exe.vir
2007-09-06 16:50      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\amgawhag.exe.vir
2007-09-06 22:50      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\kytfokxj.exe.vir
2007-09-07 10:01      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rnpnoyam.exe.vir
2007-09-23 19:30      100920    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe2.exe.vir
2007-09-23 19:30      99848    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe1.exe.vir
2007-09-23 19:31      97312    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe3.exe.vir
2007-09-23 19:33      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\swxdbydy.exe.vir
2007-09-23 19:39      85568    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fgljssqs.dll.vir
2007-09-23 19:49      10182    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\main.htm.vir
2007-09-23 19:49      1320    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\reinstall1.gif.vir
2007-09-23 19:49      1322    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\turnon1.gif.vir
2007-09-23 19:49      1325    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\turnoff1.gif.vir
2007-09-23 19:49      15086    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\icon1.ico.vir
2007-09-23 19:49      22168    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\mainframe.htm.vir
2007-09-23 19:49      283    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\bgtop.gif.vir
2007-09-23 19:49      297    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\softbottom_on.gif.vir
2007-09-23 19:49      3485    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\top2.gif.vir
2007-09-23 19:49      3572    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\top1.gif.vir
2007-09-23 19:49      3854    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\s2.htm.vir
2007-09-23 19:49      419    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\bottom1.gif.vir
2007-09-23 19:49      423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\softbottom_off.gif.vir
2007-09-23 19:49      4254    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\s3.htm.vir
2007-09-23 19:49      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\bg1.gif.vir
2007-09-23 19:49      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\right1.gif.vir
2007-09-23 19:49      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\softleft_off.gif.vir
2007-09-23 19:49      43    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\softleft_on.gif.vir
2007-09-23 19:49      44    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\left1.gif.vir
2007-09-23 19:49      4589    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\s1.htm.vir
2007-09-23 19:49      51    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\li.gif.vir
2007-09-23 19:49      5803    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\logo.gif.vir
2007-09-23 19:49      619    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\essentials.gif.vir
2007-09-23 19:49      7046    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft2_on.gif.vir
2007-09-23 19:49      7062    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft2_on_ext.gif.vir
2007-09-23 19:49      7372    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft1_on.gif.vir
2007-09-23 19:49      7423    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft1_on_ext.gif.vir
2007-09-23 19:49      7462    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\SMTop4.gif.vir
2007-09-23 19:49      7478    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\SMTop3.gif.vir
2007-09-23 19:49      7520    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft3_on.gif.vir
2007-09-23 19:49      7548    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft3_on_ext.gif.vir
2007-09-23 19:49      863    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\install1.gif.vir
2007-09-23 19:49      8751    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft2_off_ext.gif.vir
2007-09-23 19:49      8760    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft2_off.gif.vir
2007-09-23 19:49      8981    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft1_off.gif.vir
2007-09-23 19:49      8987    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft1_off_ext.gif.vir
2007-09-23 19:49      9058    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft3_off_ext.gif.vir
2007-09-23 19:49      9069    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\SMTop1.gif.vir
2007-09-23 19:49      9078    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\soft3_off.gif.vir
2007-09-23 19:49      9082    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\SMTop2.gif.vir
2007-09-23 19:58      693472    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sqssjlgf.ini.vir
2007-09-23 20:00      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qhxjvvbi.exe.vir
2007-09-23 21:22      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dtpdnrli.exe.vir
2007-09-23 23:35      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tytwtidh.exe.vir
2007-09-23 23:51      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mstopxsl.exe.vir
2007-09-29 18:56      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ojoqmiac.exe.vir
2007-10-01 00:59      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\rqfedtad.exe.vir
2007-10-01 02:04      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wlwiqdnp.exe.vir
2007-10-01 12:53      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\shkeglkf.exe.vir
2007-10-02 09:55      77376    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pyqikxie.dll.vir
2007-10-03 00:41      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\jprueowk.exe.vir
2007-10-03 01:31      77376    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lufbbcbs.dll.vir
2007-10-04 00:51      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\npseixxb.exe.vir
2007-10-05 01:28      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\shffpper.exe.vir
2007-10-05 02:13      285    --a------    C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2007-10-07 12:16      1502893    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ututv.bak2.vir
2007-10-07 12:19      75328    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lgerwujj.exe.vir
2007-10-08 11:47      77376    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmcwfofb.dll.vir
2007-10-08 11:54      1508405    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ututv.ini.vir
2007-10-08 11:54      2956    --a------    C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.dat
2007-10-08 11:54      846    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.dat
2007-10-08 11:57      301438    --a------    C:\Qoobox\Quarantine\catchme2007-10-08_121331.07.zip
2007-10-08 11:57      309    --a------    C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is 5820-F04C
C:\QOOBOX\QUARANTINE
|   catchme.log
|   catchme2007-10-08_121331.07.zip
|   
+---C
|   +---Program Files
|   |   \---Screensavers.com
|   |       |   SSSUninst.exe.vir
|   |       |   
|   |       +---ActiveDesktop
|   |       |   \---bin
|   |       |           ActiveDesktopExe.exe.vir
|   |       |           
|   |       \---SSSInstaller
|   |           +---bin
|   |           |       SSSInstaller.dll.vir
|   |           |       
|   |           \---temp
|   |                   3D Flying Toasters.exe.vir
|   |                   dm8.tmp.exe.vir
|   |                   dmA.tmp.exe.vir
|   |                   
|   \---WINDOWS
|       |   cookies.ini.vir
|       |   
|       +---Downloaded Program Files
|       |   \---Companion
|       |       +---Data
|       |       |       dlg_as.html.vir
|       |       |       dlg_atb.html.vir
|       |       |       dlg_catb.html.vir
|       |       |       dlg_cnf.html.vir
|       |       |       dlg_cotb.html.vir
|       |       |       dlg_ctb.html.vir
|       |       |       dlg_map.html.vir
|       |       |       dlg_opt.html.vir
|       |       |       dlg_pub.html.vir
|       |       |       dlg_upg.html.vir
|       |       |       
|       |       \---Installs
|       |           \---cpn
|       |                   pubmod.dll.vir
|       |                   YMERemote.dll.vir
|       |                   ypubc.dll.vir
|       |                   yt.dll.bak.vir
|       |                   YTabBar.dll.vir
|       |                   YTAntiSpy.dll.vir
|       |                   ytinst.log.vir
|       |                   YTMsgr.dll.vir
|       |                   
|       \---system32
|           |   amgawhag.exe.vir
|           |   dtpdnrli.exe.vir
|           |   fgljssqs.dll.vir
|           |   gdtyabfb.exe.vir
|           |   jprueowk.exe.vir
|           |   khhiggf.dll.vir
|           |   kytfokxj.exe.vir
|           |   lbhlhegj.exe.vir
|           |   lgerwujj.exe.vir
|           |   lufbbcbs.dll.vir
|           |   mstopxsl.exe.vir
|           |   npseixxb.exe.vir
|           |   oinasbuo.exe.vir
|           |   ojoqmiac.exe.vir
|           |   pmcwfofb.dll.vir
|           |   pyqikxie.dll.vir
|           |   qhxjvvbi.exe.vir
|           |   qvupbocq.exe.vir
|           |   rnpnoyam.exe.vir
|           |   rqfedtad.exe.vir
|           |   shffpper.exe.vir
|           |   shkeglkf.exe.vir
|           |   sqssjlgf.ini.vir
|           |   swxdbydy.exe.vir
|           |   tytwtidh.exe.vir
|           |   ututv.bak2.vir
|           |   ututv.ini.vir
|           |   vtutu.dll.vir
|           |   wlwiqdnp.exe.vir
|           |   
|           +---ffqfosla
|           |       bg1.gif.vir
|           |       bgtop.gif.vir
|           |       bottom1.gif.vir
|           |       essentials.gif.vir
|           |       ffqfosla1.exe.vir
|           |       ffqfosla2.exe.vir
|           |       ffqfosla3.exe.vir
|           |       icon1.ico.vir
|           |       install1.gif.vir
|           |       left1.gif.vir
|           |       li.gif.vir
|           |       logo.gif.vir
|           |       main.htm.vir
|           |       mainframe.htm.vir
|           |       reinstall1.gif.vir
|           |       right1.gif.vir
|           |       s1.htm.vir
|           |       s2.htm.vir
|           |       s3.htm.vir
|           |       SMTop1.gif.vir
|           |       SMTop2.gif.vir
|           |       SMTop3.gif.vir
|           |       SMTop4.gif.vir
|           |       soft1_off.gif.vir
|           |       soft1_off_ext.gif.vir
|           |       soft1_on.gif.vir
|           |       soft1_on_ext.gif.vir
|           |       soft2_off.gif.vir
|           |       soft2_off_ext.gif.vir
|           |       soft2_on.gif.vir
|           |       soft2_on_ext.gif.vir
|           |       soft3_off.gif.vir
|           |       soft3_off_ext.gif.vir
|           |       soft3_on.gif.vir
|           |       soft3_on_ext.gif.vir
|           |       softbottom_off.gif.vir
|           |       softbottom_on.gif.vir
|           |       softleft_off.gif.vir
|           |       softleft_on.gif.vir
|           |       top1.gif.vir
|           |       top2.gif.vir
|           |       turnoff1.gif.vir
|           |       turnon1.gif.vir
|           |       
|           +---tpdiumhe
|           |       bg1.gif.vir
|           |       bgtop.gif.vir
|           |       bottom1.gif.vir
|           |       essentials.gif.vir
|           |       icon1.ico.vir
|           |       install1.gif.vir
|           |       left1.gif.vir
|           |       li.gif.vir
|           |       logo.gif.vir
|           |       main.htm.vir
|           |       mainframe.htm.vir
|           |       reinstall1.gif.vir
|           |       right1.gif.vir
|           |       s1.htm.vir
|           |       s2.htm.vir
|           |       s3.htm.vir
|           |       SMTop1.gif.vir
|           |       SMTop2.gif.vir
|           |       SMTop3.gif.vir
|           |       SMTop4.gif.vir
|           |       soft1_off.gif.vir
|           |       soft1_off_ext.gif.vir
|           |       soft1_on.gif.vir
|           |       soft1_on_ext.gif.vir
|           |       soft2_off.gif.vir
|           |       soft2_off_ext.gif.vir
|           |       soft2_on.gif.vir
|           |       soft2_on_ext.gif.vir
|           |       soft3_off.gif.vir
|           |       soft3_off_ext.gif.vir
|           |       soft3_on.gif.vir
|           |       soft3_on_ext.gif.vir
|           |       softbottom_off.gif.vir
|           |       softbottom_on.gif.vir
|           |       softleft_off.gif.vir
|           |       softleft_on.gif.vir
|           |       top1.gif.vir
|           |       top2.gif.vir
|           |       tpdiumhe1.exe.vir
|           |       tpdiumhe2.exe.vir
|           |       tpdiumhe3.exe.vir
|           |       turnoff1.gif.vir
|           |       turnon1.gif.vir
|           |       
|           \---ueuhhfwo
|                   bg1.gif.vir
|                   bgtop.gif.vir
|                   bottom1.gif.vir
|                   essentials.gif.vir
|                   icon1.ico.vir
|                   install1.gif.vir
|                   left1.gif.vir
|                   li.gif.vir
|                   logo.gif.vir
|                   main.htm.vir
|                   mainframe.htm.vir
|                   reinstall1.gif.vir
|                   right1.gif.vir
|                   s1.htm.vir
|                   s2.htm.vir
|                   s3.htm.vir
|                   SMTop1.gif.vir
|                   SMTop2.gif.vir
|                   SMTop3.gif.vir
|                   SMTop4.gif.vir
|                   soft1_off.gif.vir
|                   soft1_off_ext.gif.vir
|                   soft1_on.gif.vir
|                   soft1_on_ext.gif.vir
|                   soft2_off.gif.vir
|                   soft2_off_ext.gif.vir
|                   soft2_on.gif.vir
|                   soft2_on_ext.gif.vir
|                   soft3_off.gif.vir
|                   soft3_off_ext.gif.vir
|                   soft3_on.gif.vir
|                   soft3_on_ext.gif.vir
|                   softbottom_off.gif.vir
|                   softbottom_on.gif.vir
|                   softleft_off.gif.vir
|                   softleft_on.gif.vir
|                   top1.gif.vir
|                   top2.gif.vir
|                   turnoff1.gif.vir
|                   turnon1.gif.vir
|                   ueuhhfwo1.exe.vir
|                   ueuhhfwo2.exe.vir
|                   ueuhhfwo3.exe.vir
|                   
\---Registry_backups
        LEGACY_DOMAINSERVICE.reg.dat
        services_DomainService.reg.dat
        

 

Hi Pepse

OK Very Good.

I need to know if you know what any of these are.
C:\Program Files\Trkic
C:\Program Files\WinPerformance
C:\Program Files\qzidexet

Now do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;
Make sure you use NotePad to do this.

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\ryvwjofq.dll

Folder::
C:\Program Files\Trkic
C:\Program Files\WinPerformance
C:\Program Files\qzidexet

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{479da9e8-1dd2-11b2-9fa9-873c0b90b5d5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{645af146-1dd2-11b2-b2bb-8782910e93a0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c48d83c8-1dd1-11b2-a29b-88574dde46ab}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.


Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please let me know if you know what those programs are.

Thnaks
Geri

 

Geri,

I have no idea what those 3 programs are. I doubt that they are a part of any necessary programs I have/use. My guess would be something I picked up while running too far looking for a software hack. I Googled winperformance and it seems to be malware, I did the same for trkic and am sure it is similar, and Googled qzidexet and the only thing it shows is a link to right where we are right now.

I am in my Linux box now, and I will have to wait until Sat. evening to have time to do what you need me to do in my windows HDD.

Later. Pepse.

 

Hi
OK, Ive added those folders to the CFScript.

Geri

 

ComboFix 07-10-12.4 - Pepse 2007-10-13 21:21:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.202 [GMT -5:00]
Running from: C:\Documents and Settings\Pepse\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Pepse\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\WINDOWS\ryvwjofq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\qzidexet
C:\Program Files\qzidexet\qxmxyvqn.dll
C:\Program Files\Trkic
C:\Program Files\Trkic\webinfox2.exe
C:\Program Files\WinPerformance
C:\Program Files\WinPerformance\uninstall.exe
C:\WINDOWS\ryvwjofq.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.

2007-10-08 11:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 01:20 <DIR> d-------- C:\VundoFix Backups
2007-10-03 01:15 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 11:26 <DIR> d-------- C:\Deckard
2007-09-23 23:24 <DIR> d-------- C:\WINDOWS\PerfInfo
2007-09-23 23:24 <DIR> d-------- C:\Program Files\PerfSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 00:29 --------- d-----w C:\Documents and Settings\Pepse\Application Data\AVG7
2007-10-01 18:11 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-09-24 04:24 --------- d-----w C:\Program Files\MyApp
2007-09-24 04:24 --------- d-----w C:\Program Files\DivX
2007-09-24 04:23 --------- d-----w C:\Program Files\USoft
2007-09-24 04:23 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-08-30 16:29 --------- d-----w C:\Documents and Settings\Pepse\Application Data\Nokia
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-i.FOT
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-bi.FOT
2007-08-25 17:14 1,409 ----a-w C:\WINDOWS\Fonts\poornima-b.FOT
2007-08-25 17:13 --------- d-----w C:\Documents and Settings\Pepse\Application Data\aMule
2007-08-19 04:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-16 17:40 --------- d--h--r C:\Documents and Settings\Pepse\Application Data\yahoo!
2007-08-15 21:33 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys
2007-08-15 21:27 --------- d-----w C:\Program Files\The Weather Channel FW
2007-08-15 21:23 --------- d-----w C:\Program Files\Common Files\xing shared
2007-08-15 21:22 --------- d-----w C:\Program Files\Common Files\Real
2007-08-15 21:07 --------- d-----w C:\Documents and Settings\Pepse\Application Data\Apple Computer
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_12.16.15.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2004-08-04 12:00:00 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB939653$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB939653$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB939653$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB939653$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB939653$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB939653$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB939653$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB939653$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB939653$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB939653$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB939653$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB939653$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB939653$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB939653$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB939653$\xpsp3res.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\browseui.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\cdfview.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\danim.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\extmgr.dll
+ 2007-08-21 10:30:45 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iedw.exe
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\iepeers.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\inseng.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\jsproxy.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtml.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mshtmled.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\msrating.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\mstime.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\pngfilt.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shdocvw.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\shlwapi.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\urlmon.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\wininet.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2gdr\xpsp3res.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\sp2qfe\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\0474e07262334919ca66aaa879430a63\update\updspapi.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2007-06-14 18:09:18 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 13:12:15 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 13:12:16 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2007-06-14 18:09:18 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-14 18:09:20 3,058,688 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-14 18:09:20 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2007-06-14 18:09:20 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2007-06-14 18:09:20 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-26 14:09:10 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-14 18:09:19 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-06-14 18:09:19 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-06-14 13:39:54 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CARPService "= "carpserv.exe" [2002-01-02 19:06 C:\WINDOWS\system32\carpserv.exe]
"WCOLOREAL "= "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 17:46]
"CPQEASYACC "= "C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01]
"srmclean "= "C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34]
"Smapp "= "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 16:45]
"Microsoft Works Portfolio "= "C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-13 13:00]
"Microsoft Works Update Detection "= "C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00]
"AutoLogon "=" " []
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-11-06 23:03]
"nwiz "= "nwiz.exe" [2003-11-06 23:04 C:\WINDOWS\system32\nwiz.exe]
"Share-to-Web Namespace Daemon "= "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42]
"CamMonitor "= "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-04 17:36]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-07 23:55]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPHUPD05 "= "C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-07 23:55]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 16:41]
"HPHmon05 "= "C:\WINDOWS\system32\hphmon05.exe" [2005-07-07 23:55]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-09-23 19:31]
"PRONoMgr.exe "= "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57]
"PCSuiteTrayApplication "= "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-15 16:22]
"WebInf "= "C:\Program Files\Trkic\webinfox2.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL" [2003-11-06 23:04]
"Yahoo! Pager "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49]
"DW4 "=" " []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
"Nokia.PCSync "=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 13:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

R2 StreamDispatcher;StreamDispatcher;C:\WINDOWS\system32\DRIVERS\strmdisp.sys
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys
S3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S3 usb2vcom;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-07-02 03:19:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-07 23:45:01 C:\WINDOWS\Tasks\HP Usg Daily.job "
"2007-09-03 08:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job "
- C:\Program Files\SpywareBot\SpywareBot.exe
"2007-09-03 08:27:17 C:\WINDOWS\Tasks\WebReg 20070903032716.job "
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 21:27:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-13 21:30:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 12:20
C:\ComboFix2.txt ... 2007-10-12 01:26
C:\ComboFix3.txt ... 2007-10-08 12:20
.
--- E O F ---

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:41:25 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "www.google.com "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebInf] C:\Program Files\Trkic\webinfox2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8548 bytes

 

Hi Pepse

OK, Things are looking pretty good, How are things running?
Let me know.

Lets do a little clean up and then get an on-line scan.
Please do these in the order given.


Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\Companion\Installs\cpn\yt.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Please reboot

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post the Panda report and a new HJT log.
Let me know how things are running also.

Thanks
Geri

 

Geri,

The computer is running better. But, AVG keeps finding trojans, seems to be a different one each time. I have noticed I don't have the " windows no disk " error. But, I will uninstall AVG before using Panda. And then will post those reports.

Later. Pepse.

 

Hi

Why are you going to uninstall AVG? You need a Anti-Virus, you can turn it off when you run Panda then turn it back on, but I don't suggest uninstalling it.

Can you give me a file path? where it is finding them.

Geri

 

After the last things I did, I did not get a virus scan from AVG. I remeber that "most" were in " documents and settings/PEPSE/Local settings/temporaryInternetFiles/content.IE5\xxx.xxxx ". I was going to dump AVG because I figured that since I was going to add Panda that maybe you didn't think/forgot I was protected. So, from this point I will continue with your instructions.

Pepse.

 

Hi Pepse

Panda is a stand alone on-line scanner, It's not like having two AV's.
It will not affect AVG's protection. Keep AVG it's a good AV.

Geri

 

Geri,

As you can see from the Panda report my AVG Free is apparently worthless, as well as my Spybot Search and Destroy. I guess that's what I get for being cheap.

First the Panda; report 2 posts. And then a post for the HJT log.


Incident Status Location

Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\amgawhag.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\dtpdnrli.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\gdtyabfb.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\jprueowk.exe
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\khhiggf.dll
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\kytfokxj.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\lbhlhegj.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\mstopxsl.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\npseixxb.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\oinasbuo.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\ojoqmiac.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\qhxjvvbi.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\qvupbocq.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\rnpnoyam.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\rqfedtad.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\shkeglkf.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\swxdbydy.exe
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\tytwtidh.exe
Adware:Adware/WinAntiVirus2007 Not disinfected C:\!KillBox\vtutu.dll
Virus:Trj/Downloader.OZB Disinfected C:\!KillBox\wlwiqdnp.exe
Spyware:Cookie/2o7 Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@2o7[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@adultfriendfinder[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@questionmarket[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@stat.onestat[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@trafficmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\Cookies\pepse@zedo[1].txt
Adware:Adware/Comet Not disinfected C:\Deckard\System Scanner\20071004114331\backup\DOCUME~1\Pepse\LOCALS~1\Temp\SSSInstaller.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.advertising.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.go.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Firefox\Profiles\lre717dr.default\cookies.txt[server.iad.liveperson.net/hc/84815040]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.adtech.de/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Mozilla\Profiles\default\b97e25eq.slt\cookies.txt[searchportal.information.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[counter15.sextracker.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.ccbill.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.fastclick.net/]
Pepse.

 

Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.adtech.de/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[statse.webtrendslive.com/S129102]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Pepse\Application Data\Netscape\Navigator\Profiles\uflqirlg.default\cookies.txt[searchportal.information.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Pepse\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Pepse\Desktop\ComboFix.exe[nircmd.cfexe]
Adware:Adware/Comet Not disinfected C:\Downloads\sinstaller3.exe[SSSInstaller.dll]
Adware:Adware/Comet Not disinfected C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\amgawhag.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\dtpdnrli.exe.vir
Adware:Adware/UltimateFixer Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla1.exe.vir
Potentially unwanted tool:Application/UltimateDefender Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla2.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ffqfosla\ffqfosla3.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\gdtyabfb.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\jprueowk.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\kytfokxj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\lbhlhegj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\lgerwujj.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\mstopxsl.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\npseixxb.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\oinasbuo.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ojoqmiac.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\qhxjvvbi.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\qvupbocq.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\rnpnoyam.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\rqfedtad.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\shffpper.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\shkeglkf.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\swxdbydy.exe.vir
Adware:Adware/UltimateFixer Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe1.exe.vir
Potentially unwanted tool:Application/UltimateDefender Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe2.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\tpdiumhe\tpdiumhe3.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\tytwtidh.exe.vir
Adware:Adware/UltimateFixer Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo1.exe.vir
Potentially unwanted tool:Application/UltimateDefender Not disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo2.exe.vir
Virus:Generic Malware Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\ueuhhfwo\ueuhhfwo3.exe.vir
Virus:Trj/Downloader.OZB Disinfected C:\qoobox\Quarantine\C\WINDOWS\system32\wlwiqdnp.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\qoobox\Quarantine\catchme2007-10-08_121331.07.zip[khhiggf.dll]
Adware:Adware/WinAntiVirus2007 Not disinfected C:\qoobox\Quarantine\catchme2007-10-08_121331.07.zip[vtutu.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\efcdcya.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hggdcda.dll.bad
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\khhiggf.dll.bad
Adware:Adware/WinAntiVirus2007 Not disinfected C:\VundoFix Backups\vtutu.dll.bad
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Hope I split this right.

Pepse.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:17 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref( "browser.startup.homepage ", "www.google.com "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
N3 - Netscape 7: user_pref( "browser.search.defaultengine ", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src "); (C:\Documents and Settings\PEPSE\Application Data\Mozilla\Profiles\default\b97e25eq.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe "
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebInf] C:\Program Files\Trkic\webinfox2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160242266984
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160273404390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8185 bytes
Later. Pepse.

 

Hi Pepse

OH, Not so. Those are very good programs.

Please do these in the order given.

OK, Very good. There is only one to remove.

• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below by highlighting ALL of them right-click and choose copy):
  
  C:\Downloads\sinstaller3.exe
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

OK Now lets do some major clean up and then we will run another scan.

Delete any tools you were asked to download and the files/folders or logs they created, There will be newer versions if ever needed again any way.

These Tools.
VundoFix.exe
ComboFix.exe
dss.exe
OTMoveIt.exe <If Present
Killbox.exe

These Files/Folders
C:\WINDOWS\nircmd.exe
C:\WINDOWS\system32\tmp.reg
C:\QOOBOX
C:\Combofix quarantine files.txt >Any ComboFix reports.
C:\_OTMoveIt\MovedFiles <If Present
C:\!Killbox
C:\Deckard

Now I need you to run ATF Cleaner this time "select all" boxes to clean.
If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

This will delete cookies also, so you will need to "log in" to any sites that you have registered to.Do this right before you run the Panda scan.
Go here for instructions to delete cookies Netscape 7
http://businesssupport.wamu.com/knowbase/root/public/wm_bb16001.htm

Run the Panda scan again

Please post the Panda scan.

Thanks
Geri