|
|
|
Internet Problem - Hijack this log
|
|
|
twentytwo
Newbie
|
13. August 2008 @ 22:11 |
Link to this message
|
Basically, I cannot update any programs using there updaters, I've tried 3-4 different programs, including nod32, and superantivirus. Please help me. Ps. I have no router plugged in, and my windows firewall is disabled.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:37 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Octoshape Streaming Services\Angela Williams\OctoshapeClient.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\Angela Williams\Desktop\gtrewert\pvpTool\usethis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6445 bytes
|
|
Advertisement
|
 |
|
|
AfterDawn Addict
|
14. August 2008 @ 00:38 |
Link to this message
|
Hello twentytwo,
You are infected.
Run the following program to clean what it can and then we?ll go from there.
Please download Malwarebytes' Anti-Malware to your desktop.
? Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Be sure that everything is checked, and click Remove Selected.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post contents of that file in your next reply.
Please post the MBAM Log and a fresh HJT Log in your next reply.
TNX
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
14. August 2008 @ 00:50 |
Link to this message
|
Hi 22
First, make sure all browsers are closed, and then run HijackThis again. Do a system scan only, and then check the following items:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
Click on Fix, and then restart your computer. Post a new HijackThis log here, and tell me if your updaters have started working.
Also, in your next post, please use HijackThis to create an Uninstall list and post it here. Do do this, please open HijackThis, click on Main Menu, Open the Misc Tools section, Open Uninstall Manager, and Save list....
Hope to hear from you soon.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
This message has been edited since posting. Last time this message was edited on 14. August 2008 @ 00:56
|
AfterDawn Addict
|
14. August 2008 @ 00:53 |
Link to this message
|
|
No, No, No, cdavfrew,
No need for all that this is a simple one...
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
Senior Member
|
14. August 2008 @ 00:58 |
Link to this message
|
not for 22
Hey 2oldgeek
Sorry if I rushed things. I edited my post to only include the fixing of the HijackThis log only. I should have waited for more analysis to confirm if Vundo really is on this system, as indicated by the trusted websites in this HijackThis log.
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
AfterDawn Addict
|
14. August 2008 @ 01:05 |
Link to this message
|
@cdavfrew
MBAM has really improved and is getting ALL of the Vundo's to date.
My next step would be to analyze a ComboFix and remove the HJT entries from there...
p.s. you can fix any rootkits from ComboFix, also
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 14. August 2008 @ 01:11
|
|
twentytwo
Newbie
|
14. August 2008 @ 01:54 |
Link to this message
|
Originally posted by 2oldGeek:
Hello twentytwo,
You are infected.
Run the following program to clean what it can and then we?ll go from there.
Please download Malwarebytes' Anti-Malware to your desktop.
? Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
I got here, and it said: update fialed. Make sure you are connected to the internet and your firewall is set to allow Malwarebytes' Anti-malware to access the internet - i'm Going to continue anyway.
This message has been edited since posting. Last time this message was edited on 14. August 2008 @ 01:58
|
AfterDawn Addict
|
14. August 2008 @ 02:02 |
Link to this message
|
|
Sounds like the malware has blocked the updates for MBAM in your Host file.
Yes, go ahead and run it, we'll take care of that later.
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
14. August 2008 @ 05:53 |
Link to this message
|
did everything, heres my logs
Objects scanned: 156919
Time elapsed: 2 hour(s), 8 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Angela Williams\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.
C:\QooBox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir (Adware.Mirar) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139132.dll (Adware.Mirar) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139134.sys (Rogue.WinSecureAv) -> No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139137.exe (Adware.ZenoSearch) -> No action taken.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> No action taken.
NOTE: took log before removal.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:41 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6298 bytes
|
AfterDawn Addict
|
14. August 2008 @ 06:00 |
Link to this message
|
|
Please dis-regard this request if you already read it..
I will work something up and get back to you as soon as I can.
EDIT out
##################
Can you please send me a log AFTER the removal?
Sure would make it easier and faster.
##################
TNX
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 14. August 2008 @ 06:21
|
|
twentytwo
Newbie
|
14. August 2008 @ 06:40 |
Link to this message
|
Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2
5:43:11 AM 8/14/2008
mbam-log-8-14-2008 (05-43-11).txt
Scan type: Full Scan (C:\|)
Objects scanned: 156919
Time elapsed: 2 hour(s), 8 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Angela Williams\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\WinNB58.dll.vir (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139132.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139134.sys (Rogue.WinSecureAv) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP206\A0139137.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
|
AfterDawn Addict
|
14. August 2008 @ 06:48 |
Link to this message
|
Hi twentytwo,
The infection on your machine is blocking some things so do this:
Download ComboFix from Here But, BEFORE saving it to your Desktop, Rename it to Combo-Fix.exe with a hyphen ? in the middle.
? Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
? Double click combofix.exe and follow the prompts.
? When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
Extra-Note: Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.
TNX
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
14. August 2008 @ 06:48 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:03 AM, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6397 bytes
this and my previous post are after removal, sorry about that ^^.
|
AfterDawn Addict
|
14. August 2008 @ 06:50 |
Link to this message
|
thanks for the HJT Log. it helps now..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
14. August 2008 @ 07:03 |
Link to this message
|
|
still run combofix?
|
AfterDawn Addict
|
14. August 2008 @ 07:10 |
Link to this message
|
|
OH Yes, definitely?
After running ComboFix, it may clear up most of your problems and then it will just be nit picking..
I am going to get a little shut eye. I work the next 2 nights on a couple of 15 or 16 hr shifts so if I miss the combofix log this afternoon, it will be Saturday before I will be able to look at it and finish up..
Hang in there. If I get the Log when I get up this afternoon, I?ll look it over and let you know something..
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
14. August 2008 @ 07:12 |
Link to this message
|
|
ok gonna run it now. thanks a ton.
|
|
twentytwo
Newbie
|
14. August 2008 @ 07:29 |
Link to this message
|
combo fix log
ComboFix 08-08-13.02 - Angela Williams 2008-08-14 7:21:59.3 - NTFSx86
Running from: C:\Documents and Settings\Angela Williams\Desktop\Combo-Fix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bszip.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
.
2008-08-14 04:45 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-14 04:45 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-14 04:45 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-14 04:45 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Malwarebytes
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 01:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 01:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 22:41 . 2008-08-13 22:41 <DIR> d--hs---- C:\found.000
2008-08-13 22:01 . 2008-08-13 22:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 20:21 . 2008-08-13 20:20 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-08-13 20:20 . 2008-08-14 07:19 <DIR> d-------- C:\Program Files\ESET
2008-08-13 19:26 . 2008-08-13 19:32 <DIR> d-------- C:\ComboFix
2008-08-13 19:15 . 2008-08-13 19:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-08-13 07:28 . 2008-08-13 07:28 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\SUPERAntiSpyware.com
2008-08-13 07:28 . 2008-08-13 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-13 07:11 . 2008-08-13 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-06 22:25 . 2008-08-06 22:30 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Winamp
2008-08-05 20:26 . 2008-08-05 20:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-30 19:48 . 2008-07-30 19:48 8,192 --a------ C:\0ARCADE_RAM.srm
2008-07-29 00:02 . 1999-05-01 00:00 2,097,664 --a------ C:\Super Punchout (E).smc
2008-07-29 00:02 . 2008-07-30 20:06 8,192 --a------ C:\Super Punchout (E).srm
2008-07-24 14:46 . 2008-07-24 14:46 <DIR> d-------- C:\Documents and Settings\Angela Williams\TW
2008-07-24 14:22 . 2008-07-24 14:22 <DIR> d-------- C:\Documents and Settings\Angela Williams\DefaultClasses
2008-07-24 14:20 . 2008-07-24 14:20 <DIR> d-------- C:\Documents and Settings\Angela Williams\Classes
2008-07-24 14:20 . 2008-07-24 14:20 <DIR> d-------- C:\Documents and Settings\Angela Williams\Accounts
2008-07-24 14:19 . 2008-07-24 14:19 <DIR> d-------- C:\Documents and Settings\Angela Williams\Scripts
2008-07-24 14:19 . 2008-07-24 14:22 <DIR> d-------- C:\Documents and Settings\Angela Williams\DefaultScripts
2008-07-24 14:19 . 2008-07-24 14:18 880,640 --a------ C:\Documents and Settings\Angela Williams\uygljsms.exe
2008-07-24 14:18 . 2008-07-24 14:18 15,872 --a------ C:\Documents and Settings\Angela Williams\awejpi9iao.exe
2008-07-23 18:09 . 2008-08-13 02:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-23 18:09 . 2008-07-23 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-21 21:12 . 2008-07-21 21:12 <DIR> d-------- C:\Program Files\KLC
2008-07-21 21:12 . 1999-12-07 07:00 61,491 --a------ C:\WINDOWS\system32\wbemdisp.TLB
2008-07-21 21:08 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-07-14 00:17 . 2008-07-14 00:17 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 11:20 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Xfire
2008-08-14 09:43 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Desktopicon
2008-08-14 00:28 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\OpenOffice.org2
2008-08-13 23:20 --------- d-----w C:\Program Files\Xfire
2008-08-13 11:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-13 11:04 --------- d-----w C:\Program Files\Diablo II
2008-08-05 00:19 --------- d-----w C:\Program Files\Warcraft III
2008-08-02 06:31 --------- d-----w C:\Program Files\World of Warcraft
2008-08-02 04:43 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Hamachi
2008-07-24 18:18 40,960 ----a-w C:\Documents and Settings\Angela Williams\GliderTell.exe
2008-07-24 18:18 35,712 ----a-w C:\Documents and Settings\Angela Williams\Shadow.sys
2008-07-24 18:18 286,720 ----a-w C:\Documents and Settings\Angela Williams\GRefs.dat
2008-07-08 02:52 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\uTorrent
2008-07-08 01:24 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-08 01:24 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-08 01:24 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-08 01:02 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-08 01:02 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-07-01 20:10 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Corel
2008-07-01 01:22 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-06-24 18:15 --------- d-----w C:\Program Files\Hamachi
2008-06-24 18:14 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 19:05 --------- d-----w C:\Program Files\Java
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
.
((((((((((((((((((((((((((((( snapshot@2008-08-13_19.31.05.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut1_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut10_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut101_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut11_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut111_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut12_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut121_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut13_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut131_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut14_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut15_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut151_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut16_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut161_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut17_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut171_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut18_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 49,152 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut181_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut19_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut2_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut20_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut21_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut24_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut3_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut31_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut4_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut41_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut5_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut51_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
+ 2008-08-14 00:15:28 40,960 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut6_1B72F66FEC97454396CC50F63093FE70_1.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut7_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut71_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut8_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut81_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:27 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut9_1B72F66FEC97454396CC50F63093FE70.exe
- 2005-06-07 01:12:53 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
+ 2008-08-14 00:15:28 65,536 ----a-r C:\WINDOWS\Installer\{F543B12A-13F5-487E-9314-F7D25E1BBE3E}\NewShortcut91_1B72F66FEC97454396CC50F63093FE70.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F507E2-0C11-4D37-ABD7-E1A9CF111D5E}]
C:\WINDOWS\system32\comrep.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05 344064]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 01:10 15872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 06:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 06:00 158208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 11:20 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 17:46 135168 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 12:58 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
--a------ 2008-05-22 09:59 156944 C:\Program Files\Octoshape Streaming Services\Angela Williams\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 12:36 1266936 c:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRACTION In-Game Radio Player]
--a------ 2007-12-23 16:50 838 C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"Smartlaunch Server"=2 (0x2)
"rpcapd"=3 (0x3)
"NetSvc"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DomainService"=2 (0x2)
"MCVSRte"=2 (0x2)
"idsvc"=3 (0x3)
"aawservice"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\Program Files\\Valve\\Steam\\caserver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\Angela Williams\\OctoshapeClient.exe"=
"C:\\Valve\\Steam\\SteamApps\\teh_pozer\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:3724
"6112:TCP"= 6112:TCP:6112
R3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]
R3 xljefnq;xljefnq;C:\Documents and Settings\Angela Williams\Desktop\xljefnq.sys []
R3 zeqgrq;zeqgrq;C:\Documents and Settings\Angela Williams\Desktop\zeqgrq.sys []
R4 Smartlaunch Server;Smartlaunch Server;C:\Program Files\SmartLaunch\Server\server.exe []
R4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S0 ruemxsgz;ruemxsgz;C:\WINDOWS\system32\drivers\sxwuhstc.dat []
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SUPERAntiSpyware - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Angela Williams\Application Data\Mozilla\Firefox\Profiles\tfwoz1v3.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://my.yahoo.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 07:25:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\RGI6E5.tmp
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ruemxsgz]
"ImagePath"="system32\drivers\sxwuhstc.dat"
.
Completion time: 2008-08-14 7:26:35
ComboFix-quarantined-files.txt 2008-08-14 11:26:24
ComboFix2.txt 2008-08-13 23:31:36
Pre-Run: 14,558,781,440 bytes free
Post-Run: 14,553,419,776 bytes free
298 --- E O F --- 2008-07-22 06:46:06
|
AfterDawn Addict
|
14. August 2008 @ 07:42 |
Link to this message
|
You have a rootkit. I?ll send you a Fix later.
In the mean time delete 3 lines in HJT
Fix entries using HiJackThis[/b]
Launch HiJackThis
Click the Do a system scan only button
Put a check next to the entries listed below (if they still remain)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis
I?ll be back??????
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
14. August 2008 @ 08:28 |
Link to this message
|
|
Done, Thanks for the help, See you whenever!
|
Senior Member
|
14. August 2008 @ 22:01 |
Link to this message
|
Hey 2oldgeek
You missed one in the HijackThis log:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
Thanks for finishing this problem. You say Malware-bytes is really good at Vundo? How about superantispyware? Their database on vundo is getting bigger and bigger. Spybot 1.6 is said to be good at vundo as well. I don't suppose any vundo-infected victim will be willing to be a test subject :)
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
AfterDawn Addict
|
15. August 2008 @ 02:54 |
Link to this message
|
@cdavfrew
No, I didn?t miss it? Just failed to get it into my post early this morning, (yesterday morning) before I went to bed. LOL
Intended to go over the ComboFix Log before coming to work but was running behind and will not get a chance tonight. Maybe in the morning before I retire. : )
There are some strange ones in here that I want to research when I get the chance..
You notice that MBAM took out 2 of the 5 ? 015 lines.. I was hoping it would get all of them : (
Comodo BOClean has got quite a lot of the Vundo/virtumundo?s in it?s definitions also..
@twentytwo,
Please fix this line in HJT and it just might help your internet. That is if your not using a proxy server for anything??
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
Well, back to the grind stone. Got work to do?
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
twentytwo
Newbie
|
15. August 2008 @ 04:17 |
Link to this message
|
@2old, i deleted it. Was able to update everything! your the man!
new hjt just incase you wanted:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:33 AM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Xfire\xfire.exe
C:\Valve\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Angela Williams\Desktop\gtrewert\pvpTool\usethis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6119 bytes
|
AfterDawn Addict
|
16. August 2008 @ 10:39 |
Link to this message
|
Hey twentytwo,
Well, I?m off work and this is the obvious stuff that I see..
Let?s take care of it and then if anything else shows up, we?ll get that next trip.. ; )
Fix entries using HiJackThis
Launch HiJackThis
Click the Do a system scan only button
Put a check next to the entries listed below (if they still remain)
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} ?
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
Click the Fix checked button and close HiJackThis
Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the quote box by highlighting all the text with your mouse and pressing Ctrl+C
Quote:
Files::
C:\Documents and Settings\Angela Williams\uygljsms.exe
C:\Documents and Settings\Angela Williams\awejpi9iao.exe
C:\WINDOWS\system32\SIntfNT.dll
C:\WINDOWS\system32\SIntf32.dll
C:\WINDOWS\system32\SIntf16.dll
C:\Documents and Settings\Angela Williams\Desktop\xljefnq.sys
C:\Documents and Settings\Angela Williams\Desktop\zeqgrq.sys
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F507E2-0C11-4D37-ABD7-E1A9CF111D5E}]
Rootkit::
C:\DOCUME~1\ANGELA~1\LOCALS~1\Temp\RGI6E5.tmp
Go to the Notepad window and click Edit > Paste
Then click File > Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop
Referring to the picture above, drag CFScript into ComboFix.exe
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
2OG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
Advertisement
|
|
|
|
twentytwo
Newbie
|
17. August 2008 @ 00:31 |
Link to this message
|
done: newest logs combo fix first
ComboFix 08-08-16.01 - Angela Williams 2008-08-17 0:15:04.5 - NTFSx86
Running from: C:\Documents and Settings\Angela Williams\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Angela Williams\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Angela Williams\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\Angela Williams\Cookies\angela williams@adtrgt[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@getmusicfree.aavalue[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@grouplotto.aavalue[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@jrtux[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@lwken[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@myspace[1].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@nbjmp[1].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@npvos[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@personals.yahoo[2].txt
C:\Documents and Settings\Angela Williams\Cookies\angela williams@specificclick[2].txt
C:\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\test\Application Data\Microsoft\SystemCertificates\My
C:\Documents and Settings\test\Cookies\test@adtrgt[2].txt
C:\Documents and Settings\test\Cookies\test@arn.aavalue[1].txt
C:\Documents and Settings\test\Cookies\test@avsystemcare[1].txt
C:\Documents and Settings\test\Cookies\test@avsystemcare[3].txt
C:\Documents and Settings\test\Cookies\test@ehg.ripetv[2].txt
C:\Documents and Settings\test\Cookies\test@lativio[2].txt
C:\Documents and Settings\test\Cookies\test@myspace[2].txt
C:\Documents and Settings\test\Cookies\test@pcprivacytool[1].txt
.
((((((((((((((((((((((((( Files Created from 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))
.
2008-08-15 04:29 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 23:34 . 2008-08-14 23:41 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Bioshock
2008-08-14 04:45 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-14 04:45 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-14 04:45 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-14 04:45 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Malwarebytes
2008-08-14 01:51 . 2008-08-14 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 01:51 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 01:51 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 22:41 . 2008-08-13 22:41 <DIR> d--hs---- C:\found.000
2008-08-13 22:01 . 2008-08-13 22:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 20:20 . 2008-08-14 20:52 <DIR> d-------- C:\Program Files\ESET
2008-08-13 19:26 . 2008-08-13 19:32 <DIR> d-------- C:\ComboFix
2008-08-13 19:15 . 2008-08-13 19:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-08-13 07:28 . 2008-08-13 07:28 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\SUPERAntiSpyware.com
2008-08-13 07:28 . 2008-08-13 07:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-13 07:11 . 2008-08-13 07:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-08-06 22:25 . 2008-08-06 22:30 <DIR> d-------- C:\Documents and Settings\Angela Williams\Application Data\Winamp
2008-08-05 20:26 . 2008-08-05 20:26 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-30 19:48 . 2008-07-30 19:48 8,192 --a------ C:\0ARCADE_RAM.srm
2008-07-29 00:02 . 1999-05-01 00:00 2,097,664 --a------ C:\Super Punchout (E).smc
2008-07-29 00:02 . 2008-07-30 20:06 8,192 --a------ C:\Super Punchout (E).srm
2008-07-24 14:46 . 2008-07-24 14:46 <DIR> d-------- C:\Documents and Settings\Angela Williams\TW
2008-07-24 14:22 . 2008-07-24 14:22 <DIR> d-------- C:\Documents and Settings\Angela Williams\DefaultClasses
2008-07-24 14:20 . 2008-07-24 14:20 <DIR> d-------- C:\Documents and Settings\Angela Williams\Classes
2008-07-24 14:20 . 2008-07-24 14:20 <DIR> d-------- C:\Documents and Settings\Angela Williams\Accounts
2008-07-24 14:19 . 2008-07-24 14:19 <DIR> d-------- C:\Documents and Settings\Angela Williams\Scripts
2008-07-24 14:19 . 2008-07-24 14:22 <DIR> d-------- C:\Documents and Settings\Angela Williams\DefaultScripts
2008-07-24 14:19 . 2008-07-24 14:18 880,640 --a------ C:\Documents and Settings\Angela Williams\uygljsms.exe
2008-07-24 14:18 . 2008-07-24 14:18 15,872 --a------ C:\Documents and Settings\Angela Williams\awejpi9iao.exe
2008-07-23 18:09 . 2008-08-13 02:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-23 18:09 . 2008-07-23 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-21 21:12 . 2008-07-21 21:12 <DIR> d-------- C:\Program Files\KLC
2008-07-21 21:12 . 1999-12-07 07:00 61,491 --a------ C:\WINDOWS\system32\wbemdisp.TLB
2008-07-21 21:08 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 06:31 --------- d-----w C:\Program Files\Diablo II
2008-08-16 05:46 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Xfire
2008-08-15 03:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-15 03:44 --------- d-----w C:\Program Files\EA GAMES
2008-08-14 09:43 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Desktopicon
2008-08-14 00:28 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\OpenOffice.org2
2008-08-13 23:20 --------- d-----w C:\Program Files\Xfire
2008-08-13 11:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 00:19 --------- d-----w C:\Program Files\Warcraft III
2008-08-02 06:31 --------- d-----w C:\Program Files\World of Warcraft
2008-08-02 04:43 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Hamachi
2008-07-24 18:18 40,960 ----a-w C:\Documents and Settings\Angela Williams\GliderTell.exe
2008-07-24 18:18 35,712 ----a-w C:\Documents and Settings\Angela Williams\Shadow.sys
2008-07-24 18:18 286,720 ----a-w C:\Documents and Settings\Angela Williams\GRefs.dat
2008-07-14 04:17 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Apple Computer
2008-07-08 02:52 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\uTorrent
2008-07-08 01:02 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-07-08 01:02 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-07-01 20:10 --------- d-----w C:\Documents and Settings\Angela Williams\Application Data\Corel
2008-07-01 01:22 --------- d-----w C:\Program Files\Octoshape Streaming Services
2008-06-24 18:15 --------- d-----w C:\Program Files\Hamachi
2008-06-24 18:14 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((( snapshot_2008-08-14_ 7.26.05.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:11:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll
+ 2008-06-23 16:11:40 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll
+ 2008-06-23 16:11:42 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll
+ 2008-06-23 16:11:43 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:11:43 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll
+ 2008-06-23 16:11:43 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll
+ 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe
+ 2008-06-23 16:11:52 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll
+ 2008-06-23 16:11:52 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll
+ 2008-06-23 16:11:52 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll
+ 2008-06-23 16:11:58 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll
+ 2008-06-23 16:12:00 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll
+ 2008-06-23 16:12:02 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll
+ 2008-06-23 16:12:02 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll
+ 2008-06-23 16:12:02 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll
+ 2008-06-23 16:12:05 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll
+ 2008-06-23 16:12:05 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll
+ 2008-06-23 16:12:06 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll
+ 2008-06-23 16:12:08 667,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\xpsp3res.dll
+ 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll
+ 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll
+ 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll
+ 2008-06-23 15:09:27 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll
- 2008-04-23 17:34:12 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-08-15 03:33:36 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-04-23 17:34:13 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-08-15 03:33:37 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-04-23 17:34:13 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-08-15 03:33:37 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-04-23 17:34:07 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:31 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:08 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:32 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:09 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:33 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:09 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:33 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:10 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:34 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:10 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:34 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:10 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:34 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:11 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:35 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:11 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:35 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:13 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-08-15 03:33:37 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-04-23 17:34:13 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-08-15 03:33:38 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-04-23 17:34:14 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-08-15 03:33:38 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-04-23 17:34:14 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-08-15 03:33:38 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-04-23 17:34:15 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-08-15 03:33:39 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-04-23 17:34:12 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-08-15 03:33:36 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-21 07:03:56 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-04-21 07:03:56 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-04-21 07:03:57 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-04-21 07:03:56 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-23 15:38:28 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-04-21 07:03:56 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-06-23 15:38:29 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-04-21 07:03:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-06-23 15:38:30 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-04-21 07:03:57 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-21 07:03:57 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-17 10:52:54 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-06-23 09:49:29 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-04-21 07:03:58 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-21 07:03:58 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-06-23 15:38:31 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-04-21 07:03:58 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-21 07:03:59 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-21 07:03:59 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-21 07:03:59 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 15:38:33 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-21 07:03:59 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 15:38:33 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-21 07:03:59 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-04-21 07:04:00 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-04-21 07:04:00 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-21 07:04:00 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 15:38:34 659,456 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-21 07:03:57 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 15:38:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-21 07:03:57 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 15:38:30 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-04-21 07:03:57 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 15:38:30 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-21 07:03:58 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-06-23 15:38:31 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-21 07:03:58 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-06-23 15:38:31 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-04-21 07:03:58 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 15:38:31 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-04-21 07:03:59 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-23 15:38:33 3,059,712 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-21 07:03:59 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-21 07:03:59 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 15:38:33 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-21 07:03:59 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 15:38:33 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-21 07:03:59 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-21 07:04:00 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-06-23 15:38:34 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-04-21 07:04:00 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-04-21 07:04:00 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-21 07:04:00 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-07-03 09:14:02 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63F507E2-0C11-4D37-ABD7-E1A9CF111D5E}]
C:\WINDOWS\system32\comrep.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 21:05 344064]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 01:10 15872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 06:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 06:00 158208]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Angela Williams^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Angela Williams\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-10-04 11:20 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellTransferAgent]
--a------ 2007-11-13 17:46 135168 C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-18 12:58 278528 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
--a------ 2008-05-22 09:59 156944 C:\Program Files\Octoshape Streaming Services\Angela Williams\OctoshapeClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 12:36 1266936 c:\Program Files\Valve\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRACTION In-Game Radio Player]
--a------ 2007-12-23 16:50 838 C:\Program Files\TRACTION In-Game Radio Player\TRACTION In-Game Radio Player.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"Smartlaunch Server"=2 (0x2)
"rpcapd"=3 (0x3)
"NetSvc"=3 (0x3)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"DSBrokerService"=3 (0x3)
"DomainService"=2 (0x2)
"MCVSRte"=2 (0x2)
"idsvc"=3 (0x3)
"aawservice"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\Program Files\\Valve\\Steam\\caserver.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\pol.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Octoshape Streaming Services\\Angela Williams\\OctoshapeClient.exe"=
"C:\\Valve\\Steam\\SteamApps\\teh_pozer\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Diablo II\\Game.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:3724
"6112:TCP"= 6112:TCP:6112
R3 USBCamera;Digital Still Image Capture;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]
R3 xljefnq;xljefnq;C:\Documents and Settings\Angela Williams\Desktop\xljefnq.sys []
R3 zeqgrq;zeqgrq;C:\Documents and Settings\Angela Williams\Desktop\zeqgrq.sys []
R4 Smartlaunch Server;Smartlaunch Server;C:\Program Files\SmartLaunch\Server\server.exe []
R4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
S0 ruemxsgz;ruemxsgz;C:\WINDOWS\system32\drivers\sxwuhstc.dat []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-17 00:21:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ruemxsgz]
"ImagePath"="system32\drivers\sxwuhstc.dat"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-08-17 0:25:50 - machine was rebooted [Angela Williams]
ComboFix-quarantined-files.txt 2008-08-17 04:25:44
ComboFix2.txt 2008-08-14 11:26:36
ComboFix3.txt 2008-08-13 23:31:36
Pre-Run: 23,971,278,848 bytes free
Post-Run: 23,966,621,696 bytes free
427 --- E O F --- 2008-08-16 07:02:56
HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:53 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {63F507E2-0C11-4D37-ABD7-E1A9CF111D5E} - C:\WINDOWS\system32\comrep.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared...,23/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5327 bytes
|
|
