AHH!! virus/pop ups SOMETHIGN is back up!!
I'm losing my mind!!! I think i have a virus or something again. I can't run nething b/c i have pop ups up the *** non stop. Even when the comp is just chillin and im not near it u see pop ups flying up everywhere.
My Kaspersky trial ended and all these issues came back up instantly. What is going on!!! and my IE and firefox for some reaosn at certain points says unable to connect "offline" bla bla bla issue but yet i am connected and i do other stuff while being online.
I need Peku's help if no one can help me out
My Kaspersky trial ended and all these issues came back up instantly. What is going on!!! and my IE and firefox for some reaosn at certain points says unable to connect "offline" bla bla bla issue but yet i am connected and i do other stuff while being online.
I need Peku's help if no one can help me out
0
Comments
My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.
Please observe the following while we work:
If you don't know, stop and ask! Don't continue, we don't want to start all over again!
Understand that cleaning your computer can sometimes take multiple passes/posts, and it's important to follow the steps in the order that I give them including re-running scans if needed. If you don't follow the instructions in the order I give them or you try something you read in another post you can reinfect this computer again and we will have to start over.
Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
As I am still on training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.
If you follow these instructions, everything should go smoothly.
install hijackthis
- Download HJTInstall.exe to your Desktop.
- Doubleclick HJTInstall.exe to install it.
- By default it will install to C:\Program Files\Trend Micro\HijackThis .
- Click on Install.
- It will create a HijackThis icon on the desktop.
- Once installed, it will launch Hijackthis.
- Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
- Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Gringo
Gringo
Scan saved at 10:13:08 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\QdrPack\QdrPack10.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ddcbcdb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qubeqebyt] C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ftknzbh] C:\WINDOWS\system32\?racle\m?iexec.exe
O4 - HKCU\..\Run: [QdrPack10] "C:\Program Files\QdrPack\QdrPack10.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcbcdb - ddcbcdb.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8622 bytes
Sorry it took so long, teachers were very buzy:(
First.....
If you are not planning on renewing your Kaspersky then I need you to uninstall it and check to see if Avira AntiVir PersonalEdition Classic is there to, it appears it was on this computer in the past
Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
Avira AntiVir<----if it is there
kaspersky<
if you are not not going to renew
If you have uninstalled kaspersky
Please download a free anti-virus software from one these excellent vendors
1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
: upload files to jotti
You seem to have a file I could not find any info on.
I need you to upload it to jotti so we can find out if it is bad.
Please visit http://virusscan.jotti.org/
Click on Browse... and navigate to the following file: C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
Click Open
Please let me know the results.
: Download and Run ComboFix
If you have an older version on your computer I need you to uninstall the old one and install this new one
- Download this file from either of the two below listed places :
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallhere or here
Step uninstall list
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
send me the log from jotti
send me the log from combofix
and a new log from hijackthis
pluss the uninstall list
gringo
I did renew Kaspersky but it doesn't have the same pop up blocker feature as it did before. dono if its due to it being a new version or not.
That file didnt exist that u asked me to cehck via that one website. I dono where that file is. It wasn't in that folder.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:43 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qubeqebyt] C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [QdrModule10] "C:\Program Files\QdrModule\QdrModule10.exe"
O4 - HKCU\..\Run: [Ftknzbh] C:\WINDOWS\system32\?racle\m?iexec.exe
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcbcdb - ddcbcdb.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8208 bytes
ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Ares 1.9.0
aspi
Audio Editor Pro 2.81
CCHelp
CCScore
C-Media 3D Audio
Cool Edit Pro 2.0
CR2
DivX
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DM9XInst
DVD Shrink 3.2
EPSON Copy Utility
EPSON EIC CX5400
EPSON Photo Print
EPSON Printer Software
EPSON Scan
EPSON Smart Panel
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Image Converter .EXE 2.0.0.77
iPhoneBrowser
iPhoneRingToneMaker 1.3.2
ITE Smart Accessories
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Kaspersky Internet Security 7.0
Kaspersky Internet Security 8.0 Beta
Kaspersky Internet Security 8.0 Beta
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LimeWire PRO 4.9.7
Macromedia Flash Player 8
MAGIX Ringtone Maker 2 silver (US)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Premium
Notifier
NVIDIA Drivers
NVIDIA WDM Drivers
OTtBP
PCDLNCH
PCI Audio Applications
PCI Audio Driver
PowerDVD
PS3 Video 9 1.94
QuickTime
RealPlayer
Registry Mechanic 6.0
Roxio Easy Media Creator 9 Suite
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB911565)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
SFR
SFR2
Shareaza version 2.2.1.0
SlimBrowser (remove only)
SOYO HW Monitor
Spybot - Search & Destroy 1.4
Steam
SUPERAntiSpyware Free Edition
touchFree 0.6
Trillian
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip
World of Warcraft
Yahoo! Toolbar
If you have an older version on your computer I need you to uninstall the old one and install this new one
- Download this file from either of the two below listed places :
- Then double click combofix.exe & follow the prompts.
- When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallhere or here
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.392 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\WinTouch
C:\Documents and Settings\Owner\Application Data\WinTouch\wintouch.cfg
C:\Program Files\icroso~1.net
C:\Program Files\icroso~1.net\?icrosoft.NET\
C:\Program Files\inetget2
C:\Program Files\Insider
C:\Program Files\Insider\UnInstall.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule10.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack10.exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\b148.exe
C:\WINDOWS\system32\racle~1
.
((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))
.
2007-12-09 22:34 . 2007-12-09 22:34 82,061 --a
C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 22:34 . 2007-12-09 22:34 81,549 --a
C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 22:15 . 2005-09-23 08:29 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-12-09 22:06 . 2007-12-09 22:06 <DIR> d
C:\WINDOWS\system32\%BlstFolder%
2007-12-09 20:52 . 2007-12-10 11:24 434,821 --ahs---- C:\WINDOWS\system32\jmllm.ini2
2007-12-09 19:25 . 2007-12-10 11:26 <DIR> d--hs---- C:\WINDOWS\RWR3aW4
2007-12-09 13:13 . 2007-12-09 20:34 42,419 --ahs---- C:\WINDOWS\system32\kjkmp.ini2
2007-12-09 13:13 . 2007-12-09 20:37 42,419 --ahs---- C:\WINDOWS\system32\kjkmp.ini
2007-11-21 21:48 . 2007-10-10 15:55 6,065,664
c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-21 21:48 . 2007-04-17 01:32 2,455,488
c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-21 21:48 . 2007-03-07 21:10 991,232
c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-21 21:48 . 2007-10-10 15:55 459,264
c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-21 21:48 . 2007-10-10 15:55 383,488
c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-21 21:48 . 2007-10-10 15:55 267,776
c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-21 21:48 . 2007-10-10 15:55 63,488
c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-21 21:48 . 2007-10-10 15:55 52,224
c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-21 21:48 . 2007-10-10 02:59 13,824
c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-20 12:22 . 2007-11-20 12:22 <DIR> d
C:\Deckard
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 17:41 154,891,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-18 17:35
d
w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-18 17:31 2,078,684 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-13 05:19
d
w C:\Program Files\SUPERAntiSpyware
2007-12-10 06:33
d
w C:\Program Files\Kaspersky Lab
2007-12-10 05:14 181,024 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 05:14 16,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-10 03:37
d
w C:\Program Files\Google
2007-11-29 04:08 50,592 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:08
d
w C:\Program Files\LimeWire
2007-11-13 06:07
d
w C:\Program Files\Microsoft IntelliType Pro
2007-11-13 05:38
d
w C:\Program Files\iTunes
2007-11-13 05:22
d
w C:\Program Files\Ares
2007-11-13 05:21
d
w C:\Program Files\AIM6
2007-11-12 08:07
d
w C:\Program Files\Shareaza
2007-11-07 06:29
d
w C:\Program Files\iPod
2007-11-07 06:27
d
w C:\Program Files\QuickTime
2007-11-07 05:49
d
w C:\Program Files\iPhoneBrowser
2007-11-07 01:09
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 01:09
d
w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-07 01:09
d
w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-06 08:06
d
w C:\Program Files\Common Files\Symantec Shared
2007-11-05 21:03
d
w C:\Program Files\Trend Micro
2007-11-03 16:29 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-03 02:28
d
w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-11-03 02:07
d
w C:\Program Files\Avira
2007-11-03 02:07
d
w C:\Documents and Settings\All Users\Application Data\Avira
2007-10-31 23:51 13,860 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-10-31 23:47 200,704 ----a-w C:\WINDOWS\system32\klogon.dll
2007-10-31 23:40 10,011 ----a-w C:\WINDOWS\system32\drivers\klnetinf.sys
2007-10-31 22:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 01:03
d
w C:\Program Files\Windows Sidebar
2007-10-29 00:56 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-29 00:56 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 00:27 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 22:16 32,272 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
2007-10-24 05:22
d
w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-24 05:19
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-23 10:01
d
w C:\Program Files\MSXML 6.0
2007-10-23 08:51
d
w C:\Program Files\touchFree
2007-10-23 02:38
d
w C:\Program Files\MSBuild
2007-10-23 02:32
d
w C:\Program Files\Reference Assemblies
2001-11-23 03:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot_2007-11-22_13.02.59.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 17:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 18:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2004-08-04 07:56:41 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 07:56:41 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 07:56:41 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 07:56:42 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 07:56:50 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 07:56:42 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 07:56:42 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2003-06-09 02:00:55 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 07:56:42 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 07:56:42 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 07:56:50 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 07:56:42 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 07:56:53 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 07:56:14 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2003-06-09 01:57:23 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 07:56:44 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-14 02:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 02:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-07 01:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 07:56:46 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 07:56:46 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-14 02:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-14 02:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-14 02:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll.000
+ 2007-08-14 02:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-14 02:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-14 02:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-14 02:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-14 02:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe.000
+ 2007-08-14 02:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-14 02:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll.000
+ 2007-08-14 02:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-14 02:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll.000
+ 2007-08-14 01:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-02-13 00:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 20:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-14 02:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-14 02:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll.000
+ 2007-08-14 02:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-14 02:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-14 02:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll.000
+ 2007-08-14 02:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-14 02:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-14 02:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-14 02:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe.000
+ 2007-08-14 02:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-14 02:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-14 02:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-14 02:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-14 02:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-14 02:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-14 02:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-14 02:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-08-14 02:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-14 02:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-14 02:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll.000
+ 2007-08-14 02:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-14 02:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-14 02:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll.000
+ 2007-08-14 02:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-20 10:04:34 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-20 10:04:34 132,608 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-20 10:04:39 27,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-20 23:34:42 3,584,512 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-20 10:04:41 477,696 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-20 10:04:41 193,024 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-20 10:04:42 671,232 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-20 10:04:42 1,152,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-20 10:04:43 824,832 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
- 2004-08-04 07:56:41 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-14 02:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-11-03 16:20:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-18 17:34:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-03 16:20:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-18 17:34:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-03 16:21:38 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-18 17:34:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-14 02:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-14 02:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-14 02:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-14 02:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-14 02:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2003-06-09 02:00:55 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 02:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 02:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-14 02:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-14 02:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-14 02:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-14 02:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-14 02:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-14 02:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-07-06 10:05:47 72,960 -c----w C:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 12:46:59 138,240 -c----w C:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 47,104 -c----w C:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 16,896 -c----w C:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 660,992 -c----w C:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 177,152 -c----w C:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 95,744 -c----w C:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 48,640 -c----w C:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 471,552 -c----w C:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-08-14 02:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-14 02:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2003-06-09 01:57:23 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-14 02:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-14 02:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-14 02:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2005-01-28 20:44:28 224,768 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-28 01:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
- 2007-04-28 23:51:02 110,360 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-07-18 22:39:54 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
- 2007-06-28 00:31:58 186,640 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-10 06:32:24 155,152 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-04-04 21:58:26 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2007-05-31 01:49:06 24,344 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
- 2004-08-04 05:58:20 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
- 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-14 02:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2004-08-04 07:56:50 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656
w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 07:56:42 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088
w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 07:56:42 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400
w C:\WINDOWS\system32\ieaksie.dll
- 2003-06-09 02:00:55 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792
w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 07:56:42 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512
w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 07:56:42 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-14 02:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-14 02:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 07:56:42 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544
w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 07:56:42 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-14 02:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2007-08-14 02:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-14 02:54:10 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-14 02:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-14 02:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-14 02:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648
w C:\WINDOWS\system32\jsproxy.dll
- 2007-03-16 01:19:28 1,476,992
w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2007-10-11 22:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2004-08-04 07:56:42 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-14 02:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2004-08-04 07:56:42 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w C:\WINDOWS\system32\mqad.dll
- 2004-08-04 07:56:42 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w C:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 07:56:42 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w C:\WINDOWS\system32\mqise.dll
- 2004-08-04 07:56:42 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w C:\WINDOWS\system32\mqqm.dll
- 2004-08-04 07:56:42 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w C:\WINDOWS\system32\mqrt.dll
- 2004-08-04 07:56:42 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec.dll
- 2004-08-04 07:56:42 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w C:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 07:56:42 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil.dll
- 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-14 02:36:40 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 07:56:53 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-14 02:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 07:56:14 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-14 02:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2003-06-09 01:57:23 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-14 02:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232
w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 07:56:44 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400
w C:\WINDOWS\system32\occache.dll
- 2007-11-22 20:39:19 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-18 08:50:59 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-22 20:39:19 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-18 08:50:59 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-14 02:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-07-18 12:42:22 60,416
w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-14 02:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-14 02:45:16 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"QdrModule10"="C:\Program Files\QdrModule\QdrModule10.exe" []
"Ftknzbh"="C:\WINDOWS\system32\?racle\m?iexec.exe" []
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 19:00]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"POINTER"="point32.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 20:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"qubeqebyt"="C:\Program Files\ComPlus Applications\qubeqebyt77798.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe" [2007-10-31 15:48]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcdb]
ddcbcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --a
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 --a
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-10-27 08:41 221184 --a
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 10:29 35328 --a
C:\Program Files\Winamp\winampa.exe
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\DRIVERS\klbg.sys [2007-10-24 14:16]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2001-12-31 08:04]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2001-12-31 08:04]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 17:49]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;C:\WINDOWS\system32\DRIVERS\itsernum.sys [2001-08-21 10:48]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys []
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 09:34:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-18 10:14:12 - machine was rebooted
.
2007-12-12 11:08:44 --- E O F ---
: Run CFScript
Open Notepad and copy/paste the text in the box into the window:
Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
:Clean temp files
Download and Run AFT Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
Kaspersky Online Scan
next I am going to have you do an online scan with Kaspersky WebScanner
Run Kaspersky Online Scan here
* Click on Kaspersky Online Scanner
* next you will need to click on accept for their disclaimer(if you are using IE7 and can't see the accept button click on the zoom tool at the bottem right of the screen and bring down the zoom to 75% afterwords set it back to 100%)
* You will be prompted to install an ActiveX component from Kaspersky, look for a yellow bar at the top of the web page it might take a minute or two for it to show up be patient when it does show up right click on the bar and select allow ActiveX
* then it will ask you to install click install
* The program will launch and then begin downloading the latest definition files: this will take a little while so be patient Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make that the following are selected:
*Scan using the following Anti-Virus database:Extended(if available otherwise Standard)
*Scan Options: Scan Archives and Scan Mail Bases Click OK
Before you do the next section you should disable your antivirus (if you can't disable your antivirus just do the scan anyway)
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Then post the contents of this log and a new hijackthis log into your next post next post
send me the log from combofix
after you have done combofix make me a new log from hijackthis
then make me the log from Kaspersky
Gringo
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.523 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\Virus Issues\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\Virus Issues\CFScript.txt
* Created a new restore point
FILE
C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run
.
C:\WINDOWS\system32\jmllm.ini2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.
2007-12-09 22:34 . 2007-12-09 22:34 82,061 --a
C:\WINDOWS\system32\drivers\klick.dat
2007-12-09 22:34 . 2007-12-09 22:34 81,549 --a
C:\WINDOWS\system32\drivers\klin.dat
2007-12-09 22:15 . 2005-09-23 08:29 626,688 --a
C:\WINDOWS\system32\msvcr80.dll
2007-12-09 22:06 . 2007-12-09 22:06 <DIR> d
C:\WINDOWS\system32\%BlstFolder%
2007-12-09 19:25 . 2007-12-10 11:26 <DIR> d--hs---- C:\WINDOWS\RWR3aW4
2007-11-21 21:48 . 2007-10-10 15:55 6,065,664
c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-21 21:48 . 2007-04-17 01:32 2,455,488
c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-21 21:48 . 2007-03-07 21:10 991,232
c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-21 21:48 . 2007-10-10 15:55 459,264
c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-21 21:48 . 2007-10-10 15:55 383,488
c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-21 21:48 . 2007-10-10 15:55 267,776
c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-21 21:48 . 2007-10-10 15:55 63,488
c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-21 21:48 . 2007-10-10 15:55 52,224
c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-21 21:48 . 2007-10-10 02:59 13,824
c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-21 06:41
d
w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-21 06:36 206,725,152 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-18 17:31 2,078,684 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-13 05:19
d
w C:\Program Files\SUPERAntiSpyware
2007-12-10 06:33
d
w C:\Program Files\Kaspersky Lab
2007-12-10 05:14 181,024 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-10 05:14 16,808 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-10 03:37
d
w C:\Program Files\Google
2007-11-29 04:08 50,592 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 06:08
d
w C:\Program Files\LimeWire
2007-11-13 06:07
d
w C:\Program Files\Microsoft IntelliType Pro
2007-11-13 05:38
d
w C:\Program Files\iTunes
2007-11-13 05:22
d
w C:\Program Files\Ares
2007-11-13 05:21
d
w C:\Program Files\AIM6
2007-11-12 08:07
d
w C:\Program Files\Shareaza
2007-11-07 06:29
d
w C:\Program Files\iPod
2007-11-07 06:27
d
w C:\Program Files\QuickTime
2007-11-07 05:49
d
w C:\Program Files\iPhoneBrowser
2007-11-07 01:09
d
w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 01:09
d
w C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-11-07 01:09
d
w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-06 08:06
d
w C:\Program Files\Common Files\Symantec Shared
2007-11-05 21:03
d
w C:\Program Files\Trend Micro
2007-11-03 16:29 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-03 02:28
d
w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-11-03 02:07
d
w C:\Program Files\Avira
2007-11-03 02:07
d
w C:\Documents and Settings\All Users\Application Data\Avira
2007-10-31 23:51 13,860 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-10-31 23:47 200,704 ----a-w C:\WINDOWS\system32\klogon.dll
2007-10-31 23:40 10,011 ----a-w C:\WINDOWS\system32\drivers\klnetinf.sys
2007-10-31 22:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 01:03
d
w C:\Program Files\Windows Sidebar
2007-10-29 00:56 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-29 00:56 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-29 00:27 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-24 22:16 32,272 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
2007-10-24 05:22
d
w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-24 05:19
d
w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-23 10:01
d
w C:\Program Files\MSXML 6.0
2007-10-23 08:51
d
w C:\Program Files\touchFree
2007-10-23 02:38
d
w C:\Program Files\MSBuild
2007-10-23 02:32
d
w C:\Program Files\Reference Assemblies
2001-11-23 03:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot_2007-12-18_ 9.47.35.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-18 17:34:16 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-21 06:41:07 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-12-18 17:34:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-12-21 06:41:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-18 17:34:16 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 06:41:07 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-18 08:50:59 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-21 06:45:18 66,608 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-18 08:50:59 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-21 06:45:18 428,208 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 19:00]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"POINTER"="point32.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 20:48]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16]
"qubeqebyt"="C:\Program Files\ComPlus Applications\qubeqebyt77798.exe" []
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe" [2007-10-31 15:48]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbcdb]
ddcbcdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --a
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 18:36 267048 --a
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
C:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35 32768 --a
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-10-27 08:41 221184 --a
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Valve\Steam\Steam.exe -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 12:03 36975 --a
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-02-13 10:29 35328 --a
C:\Program Files\Winamp\winampa.exe
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\DRIVERS\klbg.sys [2007-10-24 14:16]
R2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2001-12-31 08:04]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2001-12-31 08:04]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-05-30 17:49]
R3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 14:09]
S3 iteio;iteio;C:\WINDOWS\system32\drivers\iteio.sys [1999-08-30 19:49]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;C:\WINDOWS\system32\DRIVERS\itsernum.sys [2001-08-21 10:48]
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys []
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 00:31:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-21 1:10:43
C:\ComboFix2.txt ... 2007-12-18 10:14
.
2007-12-12 11:08:44 --- E O F ---
Scan saved at 11:58:08 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qubeqebyt] C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcbcdb - ddcbcdb.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 8208 bytes
Infected Object NameVirus NameLast ActionC:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\00\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\01\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\02\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\03\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\04\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_events.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\00000001_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\05\segments.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objbt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objdt.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\g_objid.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Report\report.rpt Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped C:\Documents and Settings\Owner\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{DCD2C82B-F6E4-4673-AA21-B342DF23FA41}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{DCD2C82B-F6E4-4673-AA21-B342DF23FA41}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007122120071222\index.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temp\fla10.tmp Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175640.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175642.exe Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175643.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175643.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175643.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP607\A0175643.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP614\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\JETD7B8.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP614\change.log Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08c089760e1fbacd8aaaebf2baa75fd7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d14758456fe8c0d1b4cc44439c08089_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1997de36275cbfdfbeaffedc24612f52_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2432f4f47bd6578d1c5658cfa7630ba5_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37ebbec6933386b92ed34c1c8ee08646_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3c87cfb02c23fe72fd8483060984f9d7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\406841e09c62b0580da0d390698d2082_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4329cec59818cee133eb03cbb1b7c0cc_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43ef07eb6ff40575afb0c483f1160b17_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\46eb954415ea71600c49f4470eea07ce_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4748038f73d1c450e83631857f5c3f4f_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\65edd36b73a7034a539462fe89c957ad_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6cc44dbbc236519fdf8e8e4b0d03fe30_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\80ece702f1340009efd190393b13702b_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\843b9b7faef49b30339fdf903e5e8560_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\97545a4377315db7eec3957d16c7af69_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abd701fab6ddcf9669f14554a312b27e_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b69f9f0a6fb8e652d516a7f9882a1047_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bcb13bad3b9744baf3eac33884eace49_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bf1530eccd77cc8dd123939319421040_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c345e98306afbb008e2882f57013eed9_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce3d30d8e41b3c2d46e0236574f097fa_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0cd5c061baca6618a96ee400ae403c9_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dac8410a88ab39f215372ee5bad1940f_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f06f6a63a9384fb34d24799dcc12d5b6_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fadde581360e04aeb0402d6268fad3b7_8a5f5487-30d1-4f0d-9448-f1d7a6d9b7e9 Object is locked skipped G:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP614\change.log Object is locked skipped G:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped G:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped G:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll.000 Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped G:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped G:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped G:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped G:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped H:\System Volume Information\_restore{D0733638-6E62-40D9-9DED-B8F1CBCC5BA6}\RP614\change.log
gringo
: Download and Run Norton Removal Tool
You seem to have some leftovers from Norton AntiVirus so please download and run their tool:
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039?OpenDocument
I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
- Click Start, point to Settings, and then click Control Panel.
- In Control Panel, double-click Add or Remove Programs.
- In Add or Remove Programs, highlight
reboot the computerViewpoint Manager (Remove Only)<---if you decide to remove
Viewpoint Media Player<---if you decide to remove
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
click Remove.
: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
- Download the latest version of Java(TM) SE Runtime Environment 6u3.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Then from your desktop double-click on the download to install the newest version.
: Remove bad HijackThis entries- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
: Delete bad servicesO4 - HKLM\..\Run: [qubeqebyt] C:\Program Files\ComPlus Applications\qubeqebyt77798.exe
O20 - Winlogon Notify: ddcbcdb - ddcbcdb.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop. Double click FixServices.bat. A window will open and close. This is normal.
:Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:
- Close all programs so that you are at your desktop.
- Double-click on the My Computer icon.
- Select the Tools menu and click Folder Options.
- After the new window appears select the View tab.
- Put a checkmark in the checkbox labeled Display the contents of system folders.
- Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
- Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
- Remove the checkmark from the checkbox labeled Hide protected operating system files.
- Press the Apply button and then the OK button and shutdown My Computer.
- Now your computer is configured to show all hidden files.
Delete files and foldersI need you to right click on the start button
click on explore and navegate to and delete these files or folders (if present)
C:\Program Files\Avira<----folder
P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Shareaza
LimeWire
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
I would recommend that you uninstall LimeWire,Shareaza, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
I would like to see a log from hijackthis
and let me know if you still have problems with IE7 so we can address that next
Gringo
Scan saved at 4:55:46 PM, on 12/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7864 bytes
My IE is still giving me issues after all this being done as well. The links for some reason just do NOT stay on the browser. even when i do LOCK TOOLBAR as it has been forever it goes away once i close it. Maybe i should uninstall then reinstall it?
BTW: my firefox has been in safe mode for the last month and it just wont open. When I click on it it gives me this safe mode box that says disable addons reset toolbar to default bookmarks preferences etc etc. how can I fix this issue?
hope you had a nice Christmas
there is still a couple of things in your hijackthis log to clean up
:disable SUPERAntiSpyware:
- Please disable SuperAntispyware as it can interfere with the fix
- Right-click on the shortcut from the system tray,
- choose View Control Center (preferences/options),
- on the General and Startup tab,
- uncheck, Start SUPERAntispyware when Windows starts,
- click Close to exit.
- Please enable this after the fixes
:Remove bad HijackThis entries:- Run HijackThis
- Click on the Scan button
- Put a check beside all of the items listed below (if present):
- Close all open windows and browsers/email, etc...
- Click on the "Fix Checked" button
- When completed, close the application.
If you want to have your Links favorites folder as a Toolbar, try this:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
In IE7 select View->Toolbars and make sure Links is checked.
It sounds like Firefox is being started in Safe Mode, make a new shortcut to the program and see if that helps:
Right-click your Desktop and select New->Shortcut
Then press Browse and browse to My Computer->C:\Program Files\Mozilla Firefox\firefox.exe then press OK
Then press Next->Finish to create the shortcut.
Launch Firefox using the new shortcut to see if it launches normally.
let me know if this helped your IE problem
Gringo
yes send me a new log and besides the problems with IE and firefox how are things?
gringo
BTW: Do you know how to setup Kaspersky where it blocks pop ups? b/c the last version i had blocked EVERYTHING and it had a pop up window on the lower right telling me what it woudl block or w/e but this new version doesnt.
but when you check in the log I see it as active, this might be what is going on with IE7 and your links
you can try to uninstall it and try the links again, then when we finish you can reinstall it
about firefox still at a lost asking around to see what we can do , you said you uninstalled it and reinstalled ,if not after you uninstall superantispyware try that also
The Kaspersky installation you have is a beta (testing) version and as such may be the cause of the problems. I recommend you uninstall Kaspersky and installing one of these alternatives:
AVG Anti-Virus
AntiVir
Avast
as for the popup blocker you can try the google toolbar
let me know what you do and if anything helps
let me see another hijackthis log
Gringo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:23 AM, on 12/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\avp.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [EPSON Stylus CX5400] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE" /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 8.0\SCIEPlgn.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by134fd.bay134.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1149475700296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149714605984
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 7608 bytes
whoops sorry i responded to ur post within ur quote...so read it like that if u can plz thanks.