Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

trojan vundo removal help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

trojan vundo removal help

Unread postby f5spawn » October 7th, 2007, 12:29 am

I have tried numerous times to remove the vundo virus from my laptop but none of them can remove the virus. My antivirus tells me it is in my System32 Folder and is called "oppml.dll" but I cannot remove it. I was hoping some experts can help me since I am a novice. I've tried the AVG/safe mode removal method and when I finally failed, I came to this board to seek help. I will post my hijackthis logs for you to examine. Thank you for any help you can provide, I appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:03 PM, on 10/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas378.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Charlene Chan\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas378.exe" /minimize
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8526 bytes
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am
Advertisement
Register to Remove

Unread postby chryssi2001 » October 7th, 2007, 2:39 am

Hello f5spawn,

I will be assisting you with your malware issues.

As I am still a trainee, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.

----------------------------------------
As vundo tends to hide from HijackThis please follow my instructions to rename HijackThis.

RENAME HIJACKTHIS

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to: C:\Documents and Settings\Charlene Chan\Desktop\HiJackThis.exe

Right-click on HijackThis.exe & select Rename to scanner.exe and post back a new Hijackthis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 7th, 2007, 3:15 am

Hi, thank you for your help. I see what you mean about the vundo hiding as before I tried the AVG/safe mode technique I saw the vundo in the first hijackthis scan I did. Anyways, here are the new logs after I renamed my hijackthis to scanner.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:37 AM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {EC788FEF-06AA-442F-9588-DD17693A44E1} - C:\WINDOWS\system32\oppml.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas378.exe" /minimize
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9374 bytes
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 7th, 2007, 1:24 pm

Hello f5spawn,

Disable SpySweeper until the computer is clean

SpySweeper normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open SpySweeper
- Select Options and then Program Options
- Uncheck the option Load at Windows Startup
- Select Shields and uncheck all there
- Uncheck Home page shield
- Uncheck automatically restore default without notification
- Reboot your machine to complete the process
Don't forget to re-enable Spy Sweeper when the PC is clean.
-----------------------------------------------
AVG Anti-Spyware

Please disable AVG Anti-Spyware until the computer is clean.
  • Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
  • In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
  • If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
  • Reply 'no' and set it to 'inactive' for the duration of your cleanup.
Don't forget to re-enable it, when your computer is clean.

-----------------------------------------------
You have CyberDefender installed.

It used to be in the Rogue programs, so you might consider to remove it.
See information below.
http://spywarewarrior.com/rogue_anti-spyware.htm#cybdef_note

As i am not familiar with this program, if you wish to keep it, please disable it until we finish cleaning your pc.
-----------------------------------------------
In your next reply please tell me also if you set up this proxy server.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
-----------------------------------------------
I also see you use Super Ad Blocker and PopUpCop.
Do you use both? In case they interfere with the tools we will use please turn them off.
-----------------------------------------------
Download and Run ComboFix

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
-----------------------------------------------
Run HijackThis again.
-----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
All information regarding my questions.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 7th, 2007, 5:34 pm

Hi chryssi, sorry it took so long to respond. My laptop has been running so slow on startup/restarts and running programs in general I'm assuming because of the virus. It took me 4 hours just to perform the tasks you asked me to do. Anyways, I completed my tasks and here is the information you asked for:

1] I couldn't find the options you asked me to disable for SpySweeper, so I ended up uninstalling the program.

2] I completed the AVG task and set it to inactive.

3] I uninstalled CyberDefender.

4] I don't know much about proxy servers and I don't think any other users of this laptop set up a proxy server so I'm assuming no for that question but I can't be sure.

5] I think I uninstalled PopUpCop a while ago. I disabled SuperAdBlocker.

6] I ran ComboFix and here are the resulting logs:

ComboFix 07-10-07.2 - Charlene Chan 2007-10-07 14:08:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.132 [GMT -7:00]
Running from: C:\Documents and Settings\Charlene Chan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Charlene Chan\Application Data\PPATCH~1
C:\Documents and Settings\Charlene Chan\err.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\arnvlbgc.ini
C:\WINDOWS\SYSTEM32\brrvotlm.ini
C:\WINDOWS\system32\btbjotog.dll
C:\WINDOWS\system32\cgblvnra.dll
C:\WINDOWS\SYSTEM32\dbmapwkp.ini
C:\WINDOWS\SYSTEM32\dgpvqqtq.ini
C:\WINDOWS\system32\dtvdxblp.dll
C:\WINDOWS\system32\eciiijlh.dll
C:\WINDOWS\system32\eqcyyfco.dll
C:\WINDOWS\SYSTEM32\gotojbtb.ini
C:\WINDOWS\system32\hcyowynu.dll
C:\WINDOWS\SYSTEM32\hdarpipt.ini
C:\WINDOWS\system32\hgpitcfo.dll
C:\WINDOWS\SYSTEM32\hljiiice.ini
C:\WINDOWS\SYSTEM32\hxodhbdn.ini
C:\WINDOWS\SYSTEM32\iwqkgbjn.ini
C:\WINDOWS\system32\jduiwjrs.dll
C:\WINDOWS\system32\jsehtwhq.dll
C:\WINDOWS\system32\lgaktryp.dll
C:\WINDOWS\SYSTEM32\lmppo.bak1
C:\WINDOWS\SYSTEM32\lmppo.bak1
C:\WINDOWS\SYSTEM32\lmppo.bak2
C:\WINDOWS\SYSTEM32\lmppo.bak2
C:\WINDOWS\SYSTEM32\lmppo.ini
C:\WINDOWS\SYSTEM32\lmppo.ini
C:\WINDOWS\SYSTEM32\lmppo.ini2
C:\WINDOWS\SYSTEM32\lmppo.ini2
C:\WINDOWS\SYSTEM32\lmppo.tmp
C:\WINDOWS\SYSTEM32\lmppo.tmp
C:\WINDOWS\system32\mltovrrb.dll
C:\WINDOWS\system32\ndbhdoxh.dll
C:\WINDOWS\system32\njbgkqwi.dll
C:\WINDOWS\SYSTEM32\ocfyycqe.ini
C:\WINDOWS\SYSTEM32\oppml.dll
C:\WINDOWS\system32\pkuhpmnr.dll
C:\WINDOWS\system32\pkwpambd.dll
C:\WINDOWS\SYSTEM32\plbxdvtd.ini
C:\WINDOWS\SYSTEM32\pyrtkagl.ini
C:\WINDOWS\SYSTEM32\qcimatmq.ini
C:\WINDOWS\SYSTEM32\qhwthesj.ini
C:\WINDOWS\system32\qmtamicq.dll
C:\WINDOWS\system32\qtqqvpgd.dll
C:\WINDOWS\SYSTEM32\rnmphukp.ini
C:\WINDOWS\system32\rvghqfyr.dll
C:\WINDOWS\SYSTEM32\ryfqhgvr.ini
C:\WINDOWS\system32\sewhvugu.dll
C:\WINDOWS\SYSTEM32\srjwiudj.ini
C:\WINDOWS\system32\tpipradh.dll
C:\WINDOWS\SYSTEM32\uguvhwes.ini
C:\WINDOWS\SYSTEM32\unywoych.ini
C:\WINDOWS\system32\wdingetm.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\ApiMon


((((((((((((((((((((((((( Files Created from 2007-09-07 to 2007-10-07 )))))))))))))))))))))))))))))))
.

2007-10-07 14:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-10-06 19:23 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-10-06 02:50 <DIR> d-------- C:\VundoFix Backups
2007-10-06 02:21 23,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2007-10-06 02:21 20,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB8.sys
2007-10-06 02:12 164 --a------ C:\install.dat
2007-10-05 21:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-10-05 21:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-10-05 21:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-10-05 00:32 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Yahoo!
2007-10-05 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-05 00:23 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-05 00:23 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-29 16:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-29 16:38 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Lavasoft
2007-09-29 15:49 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\SuperAdBlocker.com
2007-09-29 15:48 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2007-09-29 15:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-28 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2007-09-27 01:20 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\UseNeXT
2007-09-27 00:32 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Azureus
2007-09-27 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-09-26 23:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\DivX
2007-09-26 23:34 9,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-09-26 23:34 9,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-09-26 23:34 129,784 --a------ C:\WINDOWS\SYSTEM32\pxafs.dll
2007-09-26 23:34 120,056 --a------ C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-09-26 23:34 118,520 --a------ C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-09-26 15:47 0 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
2007-09-26 15:47 0 --a------ C:\WINDOWS\SYSTEM32\SBFC.dat
2007-09-26 13:51 15,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbhr.sys
2007-09-26 13:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Sunbelt Software
2007-09-26 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-09-26 13:48 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-25 13:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\vMW10a
2007-09-25 13:14 <DIR> d-------- C:\temp\xOe
2007-09-24 15:49 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\PopupCop
2007-09-17 11:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-17 11:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-17 11:22 802,816 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-17 11:22 739,840 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-14 10:57 1,290 --a------ C:\WINDOWS\mozver.dat
2007-09-12 16:46 <DIR> d-------- C:\Program Files\Ventrilo
2007-09-11 16:14 156,992 --a------ C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-10 17:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\acccore
2007-09-10 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-10 17:48 <DIR> d-------- C:\Program Files\AIM6
2007-09-10 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-10 11:23 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Viewpoint
2007-09-09 17:42 <DIR> d-------- C:\Program Files\PokerStars

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 16:00 --------- d-------- C:\Program Files\FlashFXP
2007-09-26 23:34 --------- d-------- C:\Program Files\DivX
2007-09-10 17:49 --------- d-------- C:\Program Files\Viewpoint
2007-09-10 17:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-10 17:48 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-15 15:33 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 14:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 14:23]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 18:05]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-10-07 13:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 12:44]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 00:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-12 23:52]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Aim6"="" []
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-02-27 11:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 11:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-02-27 11:24 159744 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sealmon]
C:\Program Files\SealedMedia\sealmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 SABDIFSV;SABDIFSV;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
R1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-07 06:15:26 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-07 14:19:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-07 14:23:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 14:23
.
--- E O F ---


7] I ran HiJackThis again and here are the new logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:04 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8413 bytes


Thanks for your help.
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 9th, 2007, 12:20 pm

Hello f5spawn i apologise for the delay,

1] I couldn't find the options you asked me to disable for SpySweeper, so I ended up uninstalling the program.

I see some remainants of SpySweeper. How did you uninstall it?
----------------------------------------------------
POKERSTARS

I see you have Pokerstars installed. Did you intentionally installed it?
----------------------------------------------------
Please download ATF cleaner
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------------
AVG Anti-Spyware - 1st Part

I see you have AVG Anti-Spyware installed. Please update it and check that settings are as below:

  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now
    change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
Close all open windows.
Do not run a scan yet.
----------------------------------------------------
OPTIONAL

P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Azureus

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please tell me if you uninstalled it or not, as some other folders containing Azureus need to go too.

If you wish to keep it, please do not use it untill you pc is clean.
----------------------------------------------------
Now Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.


    PopUpCop
    Viewpoint
    Java or anything like Java 2 Runtime Environment, JRE or JSE

----------------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).


O8 - Extra context menu item: (PopUpCop) Allow images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/allowimages
O8 - Extra context menu item: (PopUpCop) Block images... - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/blockimages
O8 - Extra context menu item: (PopUpCop) Open In New Window - res://C:\PROGRA~1\PopUpCop\PopUpCop.dll/imagenew


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------------
Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:


  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options.
  • After the new window appears select the View tab.
  • Put a checkmark in the checkbox labeled Display the contents of system folders.
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
  • Remove the checkmark from the checkbox labeled Hide protected operating system files.
  • Press the Apply button and then the OK button and shutdown My Computer.
  • Now your computer is configured to show all hidden files.
----------------------------------------------------
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folders: if found, delete the following (some may not be present after previous steps):

C:\Program Files\CyberDefender
C:\PROGRAM FILES\PopUpCop
C:\WINDOWS\SYSTEM32\vMW10a
C:\VundoFix
C:\Documents and Settings\Charlene Chan\Application Data\PopupCop
C:\Documents and Settings\Charlene Chan\Application Data\Viewpoint
C:\Program Files\Viewpoint
C:\Program Files\Java

Now using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folder:

C:\temp

Right-click and remove all the contents.
----------------------------------------------------
AVG Anti-Spyware - 2nd Part

Print out these instructions or save them into a notepad on your desktop, because you will not have internet access while in Safe Mode.

Go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
  • Now copy the report back to this topic.

----------------------------------------------------
Run HijackThis again.
----------------------------------------------------
Post back:
AVG Anti-Spyware report.
HijackThis log.
How is the pc behaves now?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 9th, 2007, 3:39 pm

Hi chryssi,

1] I went to Control Panel -> add/remove programs to uninstall Spysweeper as I usually do to uninstall programs. What should I do to remove any leftover remnants of Spysweeper still left on my laptop?

2] Yes, my brother plays PokerStars on this laptop

3] I completed the ATF cleaner Task

4] I completed the AVG Anti Spyware Part 1 Task

5] I chose to keep Azureus. If it becomes a problem later, I can uninstall it

6] PopUpCop wasn't on the list, but Viewpoint and Java 1.4 was and I uninstalled both programs.

7] I used HiJackThis to fix those 3 entries with no problems.

8] I made Windows XP show all hidden files with no problems.

9] The first 4 of the list wasn't there, but the last 4 of the list was and I removed it. I also emptied the temp folder with no problems.

10] I ran AVG Anti Spyware Part 2 Scan and here is the report given:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:16:02 PM 10/9/2007

+ Scan result:



:mozilla.12:C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.


::Report end


11] I ran HiJackThis and here are the new logs after I followed all your instructions:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:14 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8125 bytes

12] My laptop runs fine now. Both startup time and running programs seem to be normal and at natural speeds. Although I do have one question. My Symantec AntiVirus seems to have did an autoscan and found a few Vundo files that were cleaned and quarantined by ComboFix (I believe) and moved these files to the Symantec Antivirus Quarantine. Is this a problem and if it is, what should I do to fix this? Thanks.
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 10th, 2007, 2:11 am

Hello f5spawn,

I can't see any Firewall in your reports. Do you use Windows Firewall?
------------------------------------------------------
My Symantec AntiVirus seems to have did an autoscan and found a few Vundo files that were cleaned and quarantined by ComboFix (I believe) and moved these files to the Symantec Antivirus Quarantine. Is this a problem and if it is, what should I do to fix this?


You should empty Symantec Quarantine files.

EMPTY NORTON QUARANTEE FOLDERS
Go to this page and follow the directions for emptying Quarantine for your version of Norton Antivirus:Removing files from Norton AntiVirus Quarantine
------------------------------------------------------
C:\Program Files\CyberDefender
C:\PROGRAM FILES\PopUpCop
C:\WINDOWS\SYSTEM32\vMW10a
C:\VundoFix


You didn't find these 4 folders right? Let's be sure they don't exist anymore.
------------------------------------------------------
I'll give you the steps to remove SpySweeper.
------------------------------------------------------
Go to Start-Settings-Control Panel, click on Add remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

    Webroot
------------------------------------------------------
COMBOFIX-Do
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Folder::
    C:\Program Files\Webroot
    C:\Program Files\CyberDefender
    C:\PROGRAM FILES\PopUpCop
    C:\WINDOWS\SYSTEM32\vMW10a
    C:\VundoFix

    Driver::
    SSFS0BB8
    sskbfd

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
------------------------------------------------------
Run HijackThis again.
------------------------------------------------------
Post back:
Combofix report.
HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 10th, 2007, 2:56 am

Hi chryssi,

1] My brother has a firewall setup on the network we use at home. I also have Windows Firewall that I use if I bring my laptop elsewhere to use.

2] I emptied the Symantec Quarantine files successfully

3] I didn't find any of the 4 folders you listed.

4] Spysweeper and Webroot weren't on the list of programs.

5] I ran ComboFix again and here is the new report:

ComboFix 07-10-07.2 - Charlene Chan 2007-10-09 23:36:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.159 [GMT -7:00]
Running from: C:\Documents and Settings\Charlene Chan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Charlene Chan\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\vMW10a

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SSFS0BB8
-------\SSFS0BB8


((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 01:07 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Move Networks
2007-10-07 14:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-10-06 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-10-06 19:23 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-10-06 02:21 23,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys
2007-10-06 02:21 20,280 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB8.sys
2007-10-06 02:12 164 --a------ C:\install.dat
2007-10-05 21:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Help
2007-10-05 00:32 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Yahoo!
2007-10-05 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-05 00:23 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-05 00:23 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-29 16:38 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-29 16:38 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Lavasoft
2007-09-29 15:49 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\SuperAdBlocker.com
2007-09-29 15:48 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2007-09-29 15:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-28 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\logs
2007-09-27 01:20 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\UseNeXT
2007-09-27 00:32 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Azureus
2007-09-27 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2007-09-27 00:24 <DIR> d-------- C:\Program Files\Azureus
2007-09-26 23:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\DivX
2007-09-26 23:34 9,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-09-26 23:34 9,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-09-26 23:34 129,784 --a------ C:\WINDOWS\SYSTEM32\pxafs.dll
2007-09-26 23:34 120,056 --a------ C:\WINDOWS\SYSTEM32\pxcpyi64.exe
2007-09-26 23:34 118,520 --a------ C:\WINDOWS\SYSTEM32\pxinsi64.exe
2007-09-26 15:47 0 --a------ C:\WINDOWS\SYSTEM32\SBRC.dat
2007-09-26 15:47 0 --a------ C:\WINDOWS\SYSTEM32\SBFC.dat
2007-09-26 13:51 15,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sbhr.sys
2007-09-26 13:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\Sunbelt Software
2007-09-26 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-09-26 13:48 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-09-17 11:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-17 11:23 823,296 --a------ C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-17 11:22 802,816 --a------ C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-17 11:22 739,840 --a------ C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-14 10:57 1,411 --a------ C:\WINDOWS\mozver.dat
2007-09-12 16:46 <DIR> d-------- C:\Program Files\Ventrilo
2007-09-11 16:14 156,992 --a------ C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-09-10 17:50 <DIR> d-------- C:\Documents and Settings\Charlene Chan\Application Data\acccore
2007-09-10 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-09-10 17:48 <DIR> d-------- C:\Program Files\AIM6
2007-09-10 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 11:10 --------- d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-08 22:42 --------- d-------- C:\Program Files\FlashFXP
2007-09-26 23:34 --------- d-------- C:\Program Files\DivX
2007-09-13 18:51 --------- d-------- C:\Program Files\PokerStars
2007-09-10 17:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-09-10 17:48 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-15 15:33 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-07_14.22.57.41 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB937143-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB937143-IE7\spuninst.exe
----a-w 124,928 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\advpack.dll
----a-w 132,608 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-06-27 09:16:27 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-06-27 14:39:42 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-06-27 14:39:43 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-06-27 07:07:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-06-27 14:39:43 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieapfltr.dll
----a-w 384,512 2007-06-27 14:39:44 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iedkcs32.dll
----a-w 6,059,008 2007-06-27 14:39:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-06-27 14:39:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-06-27 14:39:52 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-06-27 09:16:27 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-06-27 09:16:52 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-06-27 14:39:54 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-06-27 14:39:55 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-06-27 14:39:55 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,584,000 2007-07-18 21:09:49 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
----a-w 477,696 2007-06-27 14:40:00 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-06-27 14:40:01 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\url.dll
----a-w 1,154,048 2007-06-27 14:40:02 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-06-27 14:40:02 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\webcheck.dll
----a-w 824,320 2007-06-27 14:40:03 C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB937143-IE7\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 68,608 2007-10-08 03:32:40 C:\WINDOWS\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-10-08 03:33:00 C:\WINDOWS\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-10-08 03:33:02 C:\WINDOWS\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,902,016 2007-10-08 03:32:54 C:\WINDOWS\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-10-08 03:33:06 C:\WINDOWS\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-10-08 03:32:29 C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-10-08 03:32:29 C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-10-08 03:33:18 C:\WINDOWS\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,156,864 2007-10-08 03:32:46 C:\WINDOWS\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-10-08 03:32:37 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 507,904 2007-10-08 03:32:28 C:\WINDOWS\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-10-08 03:32:32 C:\WINDOWS\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-10-08 03:32:57 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-10-08 03:32:58 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-10-08 03:32:59 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-10-08 03:32:34 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-10-08 03:32:35 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-10-08 03:32:36 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-10-08 03:32:37 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 749,568 2007-10-08 03:32:33 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-10-08 03:33:20 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-10-08 03:33:21 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-10-08 03:33:22 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-10-08 03:32:24 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-10-08 03:33:23 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-10-08 03:32:25 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-10-08 03:32:27 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-10-08 03:32:26 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-10-08 03:33:11 C:\WINDOWS\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 2,940,928 2007-10-08 03:33:14 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 413,696 2007-10-08 03:33:13 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-10-08 03:32:41 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-10-08 03:33:07 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 888,832 2007-10-08 03:32:31 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,001,216 2007-10-08 03:32:56 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-10-08 03:32:42 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-10-08 03:32:43 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 577,536 2007-10-08 03:33:16 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-10-08 03:32:44 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 372,736 2007-10-08 03:33:08 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-10-08 03:33:17 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-10-08 03:33:09 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-10-08 03:33:10 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-10-08 03:32:39 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-10-08 03:32:45 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-10-08 03:33:19 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-10-08 03:32:47 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-10-08 03:32:49 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,152,768 2007-10-08 03:32:50 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,027,520 2007-10-08 03:32:52 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 26,624 2007-10-08 04:09:32 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Accessibility\b87cac4cd452555353e79c0dd35ee059\Accessibility.ni.dll
----a-w 888,832 2007-10-08 04:09:41 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\AspNetMMCExt\c787f76d275c78b8140cf2087f574624\AspNetMMCExt.ni.dll
----a-w 237,568 2007-10-08 04:09:43 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\CustomMarshalers\0d302e7e15dfc209a3b35ba1afc0f02c\CustomMarshalers.ni.dll
----a-w 15,360 2007-10-08 04:09:42 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\dfsvc\7c100b4f949aa7dcf39060f04e8847f5\dfsvc.ni.exe
----a-w 880,640 2007-10-08 04:09:45 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\15a9cceaf845e0927b9bd99eb92df46e\Microsoft.Build.Engine.ni.dll
----a-w 81,920 2007-10-08 04:09:46 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\5a434410dc93fbc22b2734f53f0e4209\Microsoft.Build.Framework.ni.dll
----a-w 1,687,552 2007-10-08 04:09:51 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c0f5161088ee63b352c201138408d2b1\Microsoft.Build.Tasks.ni.dll
----a-w 163,840 2007-10-08 04:09:52 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\05d8849516bdbe5adf9589dfe3136a00\Microsoft.Build.Utilities.ni.dll
----a-w 1,720,320 2007-10-08 04:09:56 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e763d37ad60b537f696276ba6529439f\Microsoft.VisualBasic.ni.dll
----a-w 11,304,960 2007-10-08 03:36:07 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\mscorlib\b9808ceba5eacb2e218bdb142bb37db0\mscorlib.ni.dll
----a-w 8,130,560 2007-10-08 03:36:38 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System\e649415a3b98099d781ccbc76bfb5486\System.ni.dll
----a-w 1,003,520 2007-10-08 04:09:58 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Configuration\41b7679b4fb29ba2008773ccf812d403\System.Configuration.ni.dll
----a-w 6,676,480 2007-10-08 03:37:05 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Data\3096a6bfc55cd27bd5cdc0f1be2c939e\System.Data.ni.dll
----a-w 1,724,416 2007-10-08 04:10:01 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Deployment\e271f72fb70ab46ba7d78136895d3d6f\System.Deployment.ni.dll
----a-w 10,702,848 2007-10-08 03:37:37 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Design\b6e87e9a4cc8b89b23020a9da85a13b1\System.Design.ni.dll
----a-w 512,000 2007-10-08 04:17:31 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\11b0d0e15723d11612b24b2e339900a7\System.DirectoryServices.Protocols.ni.dll
----a-w 1,216,512 2007-10-08 04:17:30 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.DirectorySer#\75dd1ebb2adaa571e4928f077875bc2b\System.DirectoryServices.ni.dll
----a-w 1,601,536 2007-10-08 03:37:41 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing\0468178ccfd5f2f90855dcc6b6d83c88\System.Drawing.ni.dll
----a-w 229,376 2007-10-08 03:37:43 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e20e093dcd57bfba07e030237b5a0f3c\System.Drawing.Design.ni.dll
----a-w 659,456 2007-10-08 04:17:34 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1617c2e9f16db283c5542030bc83badb\System.EnterpriseServices.ni.dll
----a-w 294,912 2007-10-08 04:17:34 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1617c2e9f16db283c5542030bc83badb\System.EnterpriseServices.Wrapper.dll
----a-w 729,088 2007-10-08 04:17:36 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Security\00c266370dd4fe79341bb1600b4e1369\System.Security.ni.dll
----a-w 684,032 2007-10-08 04:17:38 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Transactions\95f6f89132d67bf0ab4d576c52554639\System.Transactions.ni.dll
----a-w 12,185,600 2007-10-08 04:25:25 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web\e1ca9bccdce3386a832eb7000a23009c\System.Web.ni.dll
----a-w 2,306,048 2007-10-08 04:25:31 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Mobile\544615bd3772bc89c434e25a2dd24917\System.Web.Mobile.ni.dll
----a-w 237,568 2007-10-08 04:25:32 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.RegularE#\9ca371715d1179580db79e86ca00be48\System.Web.RegularExpressions.ni.dll
----a-w 1,941,504 2007-10-08 04:25:36 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Web.Services\77ae03295efe60221b20e677c6e96f85\System.Web.Services.ni.dll
----a-w 13,107,200 2007-10-08 03:38:09 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Windows.Forms\fdf7de3618078a8da24b081cf48b1e02\System.Windows.Forms.ni.dll
----a-w 5,623,808 2007-10-08 03:38:27 C:\WINDOWS\ASSEMBLY\NativeImages_v2.0.50727_32\System.Xml\1a8167c8460c05fa03cdedcd82c9a280\System.Xml.ni.dll
-c----w 123,904 2006-11-07 10:26:24 C:\WINDOWS\ie7updates\KB937143-IE7\advpack.dll
-c----w 131,584 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\extmgr.dll
-c----w 54,784 2006-11-07 10:26:28 C:\WINDOWS\ie7updates\KB937143-IE7\ie4uinit.exe
-c----w 152,064 2006-11-07 10:26:56 C:\WINDOWS\ie7updates\KB937143-IE7\ieakeng.dll
-c----w 229,376 2006-11-07 10:27:02 C:\WINDOWS\ie7updates\KB937143-IE7\ieaksie.dll
-c----w 161,792 2006-11-07 10:25:14 C:\WINDOWS\ie7updates\KB937143-IE7\ieakui.dll
-c----w 2,451,824 2006-09-06 06:01:26 C:\WINDOWS\ie7updates\KB937143-IE7\ieapfltr.dat
-c----w 380,928 2006-10-17 18:27:56 C:\WINDOWS\ie7updates\KB937143-IE7\ieapfltr.dll
-c----w 382,976 2006-11-07 10:27:10 C:\WINDOWS\ie7updates\KB937143-IE7\iedkcs32.dll
-c----w 6,049,280 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\ieframe.dll
-c----w 43,008 2006-11-07 10:26:28 C:\WINDOWS\ie7updates\KB937143-IE7\iernonce.dll
-c----w 266,752 2006-10-17 18:57:20 C:\WINDOWS\ie7updates\KB937143-IE7\iertutil.dll
-c----w 13,312 2006-11-07 10:26:32 C:\WINDOWS\ie7updates\KB937143-IE7\ieudinit.exe
-c----w 622,080 2006-10-17 19:04:40 C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
-c----w 27,136 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\jsproxy.dll
-c----w 458,752 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\msfeeds.dll
-c----w 50,688 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\msfeedsbs.dll
-c----w 3,577,856 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mshtml.dll
-c----w 475,648 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mshtmled.dll
-c----w 192,000 2006-10-17 19:05:10 C:\WINDOWS\ie7updates\KB937143-IE7\msrating.dll
-c----w 670,720 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\mstime.dll
-c----w 101,376 2006-10-17 19:04:46 C:\WINDOWS\ie7updates\KB937143-IE7\occache.dll
-c----w 105,984 2006-10-17 19:05:22 C:\WINDOWS\ie7updates\KB937143-IE7\url.dll
-c----w 1,162,240 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\urlmon.dll
-c----w 231,424 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\webcheck.dll
-c----w 818,688 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB937143-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\updspapi.dll
-c----w 765,952 2006-11-08 04:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
----a-w 58,712 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 507,904 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 75,264 2007-04-13 10:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 32,608 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 33,632 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 32,600 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 5,120 2007-04-13 10:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 228,688 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2007-04-13 10:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2007-04-13 10:21:10 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 749,568 2007-04-13 10:21:08 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,040 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 802,304 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,656 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,912 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 227,328 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 68,952 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,634,048 2007-04-13 10:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 99,152 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 15,360 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2007-04-13 10:21:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 382,464 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 413,696 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,902,016 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 888,832 2007-04-13 10:20:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,001,216 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 2,940,928 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 577,536 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 372,736 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2007-04-13 10:21:18 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,156,864 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,152,768 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,027,520 2007-04-13 10:21:16 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,166,672 2007-04-13 10:21:28 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,330,688 2007-04-13 10:20:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 406,016 2007-04-13 10:20:52 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\advpack.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\extmgr.dll
----a-w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SYSTEM32\ie4uinit.exe
----a-w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\ieakeng.dll
----a-w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\ieaksie.dll
----a-w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SYSTEM32\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SYSTEM32\ieapfltr.dat
----a-w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\ieapfltr.dll
----a-w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\ieframe.dll
----a-w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\iernonce.dll
----a-w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\iertutil.dll
----a-w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SYSTEM32\ieudinit.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w 271,360 2007-04-13 10:21:14 C:\WINDOWS\SYSTEM32\mscoree.dll
----a-w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SYSTEM32\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SYSTEM32\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\mstime.dll
----a-w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\occache.dll
----a-w 63,418 2007-10-08 03:34:06 C:\WINDOWS\SYSTEM32\PERFC009.DAT
----a-w 402,974 2007-10-08 03:34:06 C:\WINDOWS\SYSTEM32\PERFH009.DAT
------w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SYSTEM32\spmsg.dll
----a-w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\urlmon.dll
----a-w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SYSTEM32\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SYSTEM32\wininet.dll
------w 124,928 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
----a-w 132,608 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
------w 63,488 2007-06-27 08:27:04 C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
------w 153,088 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
------w 230,400 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
------w 161,792 2007-06-27 07:00:33 C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
------w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
------w 383,488 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
------w 384,512 2007-06-27 14:34:51 C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
------w 6,058,496 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
------w 44,544 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
------w 267,776 2007-06-27 14:34:55 C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
------w 13,824 2007-06-27 08:27:05 C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
------w 625,152 2007-06-27 08:27:30 C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
----a-w 27,648 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
------w 459,264 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
------w 52,224 2007-06-27 14:34:56 C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
----a-w 3,583,488 2007-07-19 06:59:59 C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
----a-w 477,696 2007-06-27 14:34:57 C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
----a-w 193,024 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
----a-w 671,232 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
------w 102,400 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
------w 105,984 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
----a-w 1,152,000 2007-06-27 14:34:58 C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
----a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
------w 232,960 2007-06-27 14:34:59 C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
----a-w 823,808 2007-06-27 14:34:59 C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
----a-w 258,048 2007-10-08 03:32:29 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-10-08 03:32:29 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
----a-w 68,608 2007-10-01 11:03:02 C:\WINDOWS\ASSEMBLY\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
----a-w 72,192 2007-10-01 11:02:35 C:\WINDOWS\ASSEMBLY\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
----a-w 4,308,992 2007-10-01 11:02:30 C:\WINDOWS\ASSEMBLY\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
----a-w 2,878,976 2007-09-27 15:46:57 C:\WINDOWS\ASSEMBLY\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
----a-w 482,304 2007-10-01 11:02:28 C:\WINDOWS\ASSEMBLY\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
----a-w 258,048 2007-10-01 11:03:12 C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
----a-w 114,176 2007-10-01 11:03:12 C:\WINDOWS\ASSEMBLY\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
----a-w 260,096 2007-10-01 10:00:16 C:\WINDOWS\ASSEMBLY\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
----a-w 5,029,888 2007-10-01 10:00:53 C:\WINDOWS\ASSEMBLY\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 10,752 2007-10-01 11:03:05 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
----a-w 503,808 2007-10-01 11:03:14 C:\WINDOWS\ASSEMBLY\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
----a-w 13,312 2007-10-01 11:03:11 C:\WINDOWS\ASSEMBLY\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
----a-w 8,192 2007-10-01 11:02:39 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
----a-w 36,864 2007-10-01 11:02:38 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
----a-w 5,632 2007-10-01 11:02:36 C:\WINDOWS\ASSEMBLY\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
----a-w 413,696 2007-10-01 11:03:09 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
----a-w 36,864 2007-10-01 11:03:07 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
----a-w 647,168 2007-10-01 11:03:06 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
----a-w 73,728 2007-10-01 11:03:05 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
----a-w 745,472 2007-10-01 11:03:09 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
----a-w 667,648 2007-10-01 10:00:14 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
----a-w 372,736 2007-10-01 10:00:13 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
----a-w 110,592 2007-10-01 10:00:12 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
----a-w 28,672 2007-10-01 11:03:19 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
----a-w 5,632 2007-10-01 10:00:11 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
----a-w 32,768 2007-10-01 11:03:18 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
----a-w 12,800 2007-10-01 11:03:14 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
----a-w 7,168 2007-10-01 11:03:16 C:\WINDOWS\ASSEMBLY\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
----a-w 110,592 2007-10-01 10:00:22 C:\WINDOWS\ASSEMBLY\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
----a-w 3,018,752 2007-09-27 15:47:17 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
----a-w 389,120 2007-10-01 10:00:22 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
----a-w 81,920 2007-10-01 11:03:02 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
----a-w 716,800 2007-10-01 11:02:27 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
----a-w 884,736 2007-10-01 11:03:11 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
----a-w 5,050,368 2007-09-27 15:46:59 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
----a-w 397,312 2007-10-01 11:03:00 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
----a-w 188,416 2007-10-01 11:03:00 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
----a-w 700,416 2007-10-01 10:00:18 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
----a-w 81,920 2007-10-01 11:02:59 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
----a-w 368,640 2007-10-01 11:02:24 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
----a-w 258,048 2007-10-01 10:00:17 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
----a-w 299,008 2007-10-01 10:00:25 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
----a-w 131,072 2007-10-01 10:00:23 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
----a-w 258,048 2007-10-01 11:03:03 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
----a-w 114,688 2007-10-01 11:02:56 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
----a-w 835,584 2007-10-01 10:00:15 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
----a-w 86,016 2007-10-01 11:02:53 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
----a-w 823,296 2007-10-01 11:02:50 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
----a-w 5,316,608 2007-09-27 15:46:54 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
----a-w 2,035,712 2007-09-27 15:46:56 C:\WINDOWS\ASSEMBLY\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
----a-w 55,488 2005-09-23 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
----a-w 503,808 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
----a-w 10,752 2006-04-14 13:08:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
----a-w 8,192 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
----a-w 23,552 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
----a-w 70,656 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
----a-w 26,824 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
----a-w 29,896 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
----a-w 23,040 2006-09-13 00:10:46 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
----a-w 88,576 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
----a-w 4,608 2005-09-23 14:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
----a-w 9,728 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
----a-w 224,952 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
----a-w 28,672 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
----a-w 413,696 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
----a-w 647,168 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
----a-w 745,472 2005-09-23 14:28:48 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
----a-w 87,552 2005-09-23 14:28:32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
----a-w 800,768 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
----a-w 36,864 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
----a-w 326,144 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
----a-w 4,308,992 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
----a-w 102,400 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
----a-w 226,816 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
----a-w 66,240 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
----a-w 5,615,616 2005-09-23 14:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
----a-w 96,440 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ngen.exe
----a-w 14,848 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\normalization.dll
----a-w 136,192 2005-09-23 14:28:50 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\peverify.dll
----a-w 377,344 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\SOS.dll
----a-w 110,592 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
----a-w 389,120 2005-09-23 14:28:58 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
----a-w 2,878,976 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
----a-w 482,304 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
----a-w 716,800 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
----a-w 884,736 2005-09-23 14:28:38 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
----a-w 5,050,368 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
----a-w 188,416 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
----a-w 3,018,752 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.dll
----a-w 700,416 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
----a-w 258,048 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
----a-w 47,616 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
----a-w 114,176 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
----a-w 368,640 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
----a-w 299,008 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
----a-w 260,096 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
----a-w 5,029,888 2006-09-13 00:11:12 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
----a-w 5,316,608 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
----a-w 2,035,712 2005-09-23 14:28:56 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
----a-w 1,140,920 2005-09-23 14:29:06 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe
----a-w 1,306,624 2005-09-23 14:28:30 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
----a-w 300,032 2006-09-13 00:10:46 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\webengine.dll
----a-w 123,904 2006-11-07 10:26:24 C:\WINDOWS\SYSTEM32\advpack.dll
----a-w 131,584 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\extmgr.dll
----a-w 54,784 2006-11-07 10:26:28 C:\WINDOWS\SYSTEM32\ie4uinit.exe
----a-w 152,064 2006-11-07 10:26:56 C:\WINDOWS\SYSTEM32\ieakeng.dll
----a-w 229,376 2006-11-07 10:27:02 C:\WINDOWS\SYSTEM32\ieaksie.dll
----a-w 161,792 2006-11-07 10:25:14 C:\WINDOWS\SYSTEM32\ieakui.dll
----a-w 2,451,824 2006-09-06 06:01:26 C:\WINDOWS\SYSTEM32\ieapfltr.dat
----a-w 380,928 2006-10-17 18:27:56 C:\WINDOWS\SYSTEM32\ieapfltr.dll
----a-w 382,976 2006-11-07 10:27:10 C:\WINDOWS\SYSTEM32\iedkcs32.dll
----a-w 6,049,280 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\ieframe.dll
----a-w 43,008 2006-11-07 10:26:28 C:\WINDOWS\SYSTEM32\iernonce.dll
----a-w 266,752 2006-10-17 18:57:20 C:\WINDOWS\SYSTEM32\iertutil.dll
----a-w 13,312 2006-11-07 10:26:32 C:\WINDOWS\SYSTEM32\ieudinit.exe
----a-w 27,136 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\jsproxy.dll
----a-w 271,360 2006-12-22 19:28:14 C:\WINDOWS\SYSTEM32\mscoree.dll
----a-w 458,752 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\msfeeds.dll
----a-w 50,688 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\msfeedsbs.dll
----a-w 3,577,856 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\mshtml.dll
----a-w 475,648 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\mshtmled.dll
----a-w 192,000 2006-10-17 19:05:10 C:\WINDOWS\SYSTEM32\msrating.dll
----a-w 670,720 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\mstime.dll
----a-w 101,376 2006-10-17 19:04:46 C:\WINDOWS\SYSTEM32\occache.dll
----a-w 63,418 2007-09-27 15:47:55 C:\WINDOWS\SYSTEM32\PERFC009.DAT
----a-w 402,974 2007-09-27 15:47:55 C:\WINDOWS\SYSTEM32\PERFH009.DAT
----a-w 14,048 2006-09-06 23:43:16 C:\WINDOWS\SYSTEM32\spmsg.dll
----a-w 105,984 2006-10-17 19:05:22 C:\WINDOWS\SYSTEM32\url.dll
----a-w 1,162,240 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\urlmon.dll
----a-w 231,424 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\webcheck.dll
----a-w 818,688 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\wininet.dll
------w 123,904 2006-11-07 10:26:24 C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
----a-w 131,584 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
------w 54,784 2006-11-07 10:26:28 C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
------w 152,064 2006-11-07 10:26:56 C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
------w 229,376 2006-11-07 10:27:02 C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
------w 161,792 2006-11-07 10:25:14 C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
------w 382,976 2006-11-07 10:27:10 C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
------w 43,008 2006-11-07 10:26:28 C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
------w 622,080 2006-10-17 19:04:40 C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
----a-w 27,136 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
----a-w 3,577,856 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
----a-w 475,648 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
----a-w 192,000 2006-10-17 19:05:10 C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
----a-w 670,720 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
------w 101,376 2006-10-17 19:04:46 C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
------w 105,984 2006-10-17 19:05:22 C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
----a-w 1,162,240 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
----a-w 765,952 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\VGX.dll
------w 231,424 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
----a-w 818,688 2006-11-08 04:03:36 C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
----a-w 258,048 2007-10-01 11:03:12 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
----a-w 114,176 2007-10-01 11:03:12 C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-22 14:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-22 14:23]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 18:05]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-10-07 13:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-02-06 12:44]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 00:01]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-12 23:52]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"Aim6"="" []
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-02-27 11:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 11:58 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-02-27 11:24 159744 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sealmon]
C:\Program Files\SealedMedia\sealmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R1 SABDIFSV;SABDIFSV;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
R1 SABKUTIL;SABKUTIL;\??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
R3 tifm;tifm;C:\WINDOWS\system32\drivers\tifm.sys

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-10-10 06:15:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 23:43:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 23:48:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 23:48
C:\ComboFix2.txt ... 2007-10-07 14:23
.
--- E O F ---

6] I ran HiJackThis again and here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:47 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby f5spawn » October 10th, 2007, 3:01 am

The last part of my post got cut off - word limit I guess. Here's what I wrote after I posted the ComboFix logs:


6] I ran HiJackThis again and here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:47 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8053 bytes

7] I noticed one difference while I ran ComboFix this time compared to before. After ComboFix restarted my laptop and was preparing the logs, it said it couldn't access "bak.dat" in the C:ComboFix folder because another program was using it. I thought there might have been an error with ComboFix but it continued on like usual and produced the logs for me. Did I do something wrong and if I did, should I run the ComboFix-Do task again to make sure it's correct this time?
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 10th, 2007, 2:43 pm

Hello f5spawn,

Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to and find the following folder: if found, delete the following (some may not be present after previous steps):

C:\Documents and Settings\All Users\Application Data\Viewpoint
-----------------------------------------------------
Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 3.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6 Update 3
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
-----------------------------------------------------
Your HijackThis looks clean now.

Let's run another scan to see if anything bad still on your pc.
Before doing this, please be sure AVG Anti-Spyware and other protective programs are disabled.
-----------------------------------------------------
Run Kaspersky Online AV Scanner
Using Internet Explore Go to http://www.kaspersky.com/virusscanner and click the Kaspersky Online Scanner button.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 10th, 2007, 6:06 pm

Hi chryssi,

1] I deleted the Viewpoint Folder.

2] I uninstalled my old Java version from previous steps you took me through and installed the new Java 6.

3] I ran HiJackThis again and here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:00 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SBCSTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] "C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8418 bytes

4] I attempted to run the online scanner but it didn't work. I followed your steps and after clicking "Accept" on the first try, I downloaded and installed ActiveX, I let the program update and it says "ready" and stays there. I even downloaded ActiveX separately from http://www.activex.com just in case the previous download failed, but the online scanner still doesn't work. It only says "ready" after I read the requirements and limitations and click accept. What should I do?

5] My laptop runs fine now. It boots up quickly now and programs run smoothly and I've done daily Symantec Antivirus scans and haven't found any viruses, malware, or spyware anywhere on this laptop.
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 11th, 2007, 1:53 am

Hello f5spawn,

It happens.
Let's try a different online scanner.
-----------------------------------------------------
PANDA ONLINE SCAN
Place a shortcut to Panda ActiveScan on your desktop.

Reboot back into Windows and click the Panda ActiveScan shortcut.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log.
-----------------------------------------------------
Please tell me something. Do you use AIM6? Does it work properly?
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Unread postby f5spawn » October 15th, 2007, 8:01 pm

Hi chryssi,

Sorry it took so long to respond, had a long extended weekend where I was too busy to be at the laptop. Anyways, here is the information you requested:

1] The Panda Online Scanner worked fine and here is the results:


Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.xiti.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.adtech.de/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Charlene Chan\Application Data\Mozilla\Firefox\Profiles\7sy8dhyj.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Charlene Chan\Cookies\charlene_chan@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Charlene Chan\Cookies\charlene_chan@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Charlene Chan\Cookies\charlene_chan@doubleclick[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Charlene Chan\Cookies\charlene_chan@perf.overture[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Charlene Chan\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Charlene Chan\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe


2] I ran HiJackThis again and here is the new logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:56:25 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Charlene Chan\Desktop\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 198.168.0.3:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] "C:\Program Files\Common Files\Dell\EUSW\Support.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7891 bytes


3] Yes, my brother installed and uses AIM6 on this laptop. I just tried it out and it seemed to work fine to me.
f5spawn
Regular Member
 
Posts: 26
Joined: October 7th, 2007, 12:15 am

Unread postby chryssi2001 » October 16th, 2007, 12:02 pm

Hello f5spawn,

Use once again ATF CLEANER.
Be sure you Click on Firefox to remove all cookies.

Make sure that all browser windows are closed.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
----------------------------------------------------
COMBOFIX-Do
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware