Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

is Bifrost the cause?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

is Bifrost the cause?

Unread postby JohnV » November 18th, 2007, 8:23 am

My computer has recently been undergoing some malware infections that ZoneAlarm and AVG haven't been able to keep out. Countless scans show no visible problem, yet every time i attempt to open a folder my system automatically reboots on me. I downloaded a free trial of counterspy and it detected a random trojan that i deleted and a weird program called Bifrost which supposedly is a tool used to remotely control another person's computer. The author showed up as evileyesoftware.com, which led me to this site: http://www.chasenet.org/

There i found a link to the very same tool that is plaguing my system. I was just wondering, is this the cause of the malfunctioning explorer.exe? I would also like to kno how i should go about removing this because it is registered as an HKEY_USERS file. I have copied down the location of the file just in case.

And also big thanks to katana for helping my brother's PC, which is still undergoing removal.
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California
Advertisement
Register to Remove

Re: is Bifrost the cause?

Unread postby Elrond » November 18th, 2007, 11:24 am

I'm Elrond and I'll be glad to help you with your computer problems.

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please only use this topic for your replies on this problem. Do not start another thread.
Please note that the fixes we will use are specific to your problems on this computer and should only be used for this problem on this computer.
These things need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.

Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default) Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


Please download HJTInstall.exe from here and save it to your desktop
  • Double click on the HJTInstall.exe icon on your desktop
  • Click I Accept
  • HijackThis will open
  • Click on the Do a system scan and save a log file button.
  • It will scan and then the log will open in notepad.
  • Paste the log as a reply to this thread.
  • Don't use the Analyse This button - its findings are dangerous if misinterpreted.
Do NOT have HijackThis fix anything yet.


Let me see if bifrost is present. If I find that it is there I will give you further information.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » November 18th, 2007, 8:53 pm

As I said before, CounterSpy appears to have detected Bifrost: (HKEY_USERS/S-1-5-21-1932689890-1774699048-3607514752-1003/SOFTWARE/WGET)
It was only a trial version so the file was not removed.

By the way my problem of being unable to open folders has now mytseriously been resolved, possibly due to recent deletion of a Trojan and adware removal.
However, since you are the expert, it is up to you to decide whether my PC has problems or not.
----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:37, on 2007-11-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\My Shared Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
O1 - Hosts: 64.93.92.8 9dragons.acclaimdownloads.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: AutoTBar.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0854697312
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1470134515
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » November 19th, 2007, 2:07 am

Nothing of importance shows in this log. A few things that should be corrected but that can wait.

I would like to see that AVG report.

How to get AVG report
  • Right click the AVG tray icon
  • Select Test Center > Test Results
  • Double click the scan where virus was detected.
  • Select Virus Results
  • At the top of the window select Program > Export List To File
  • Save it as "All Files" and name it AVGlog.txt
  • Post me AVGlog.txt

Add that log, if you can find it to your next post.


AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports.
    • Under What to scan? - Select Scan every file.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------

Boot to Safe Mode.

You will need to reboot your computer into Safe Mode for the next steps. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an always on connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode. I suggest that you print out these instructions.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting (a menu appears).
  • Use up-arrow key to select Safe Mode and press Enter.
------------------------------------------------

Run AVG Anti-Spyware:

Close all open windows and then start AVG Anti-Spyware, which you downloaded earlier
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------------

Post logs from AVG AntiVirus and AVG AntiSpyware in this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » November 23rd, 2007, 2:38 am

AVG anti-virus didn't find much:

"General properties",""
"Report name","Complete Test"
"Start time","2007-11-19 08:00"
"End time","2007-11-19 11:47 (total: 3:46:47.10 hrs)"
"Launch method","Scanning launched by scheduler"
"Scanning result","No threats found"
"Report status","Scanning completed successfully"
" ",""
"Object summary",""
"Scanned","157111"
"Threats Found","0"
"Cleaned","0"
"Moved to vault","0"
"Deleted","0"
"Errors","0"
"C:\WINDOWS\system32\shell32.dll","Change","Changed"
"C:\WINDOWS\system32\drivers\etc\hosts","Change","Changed"

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:40:55 PM 11/20/2007

+ Scan result:



HKU\S-1-5-21-1932689890-1774699048-3607514752-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\HKEY_USERS.S-1-5-21-1932689890-1774699048-3607514752-1003.SOFTWARE.WGET.zip/EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP182\A0064600.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.791:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.399:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.730:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.731:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.732:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.499:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.503:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.504:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.505:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.506:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.507:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.508:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.392:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.389:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.736:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.802:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.803:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.804:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.805:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.806:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.807:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.808:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.809:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.768:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.769:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.770:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.771:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.591:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.592:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.593:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.594:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.595:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.598:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.864:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.733:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.734:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.397:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.530:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.532:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.533:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.534:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.535:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.251:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\RECYCLER\S-1-5-21-1932689890-1774699048-3607514752-1003\Dc55.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.360:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\hsi2ukxt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

<------------------------------------------------------------------------------------>
If you didn't find the file in those reports, I can show you how I found it.
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » November 23rd, 2007, 3:11 am

So far every thing comes back clean however because Bifrost is a very serious infection I would like you to run the following scans:

Download and Run ComboFix

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Go here to run an online scannner from Kaspersky.

  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.


Please post logs from the Combofix and from the Kasperski scans in this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » November 26th, 2007, 12:17 am

I have the combofix log, but I was unable to perform the kaspersky scan due to an updating error. I could only get up to 27 % before it started looping from 1% back to 27% and then showing me this:

Udate process FAILED. No further antivirus actions can be performed!

Attention, you must be onlline to activate Kaspersky Online Scanner, since the latest Anti-virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest viruses. [21]


I don't think it would be my firewall because it is allowing Internet Explorer, which is required for the scan. I also accepted all of the requests.

<------------------------------------------------------------------------------------------------------>

ComboFix 07-11-19.3 - Owner 2007-11-23 12:29:19.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-10-23 to 2007-11-23 )))))))))))))))))))))))))))))))
.

2007-11-20 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-20 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-20 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-20 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-19 22:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-19 08:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-19 01:52 <DIR> d--hs---- C:\Diskeeper
2007-11-19 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-17 16:35 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-17 16:33 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-17 15:06 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-16 19:29 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-16 19:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-11-16 19:27 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-16 19:27 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-11-07 22:14 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-07 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-06 21:44 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-11-06 21:44 <DIR> d-------- C:\Program Files\AskPBar
2007-11-05 17:23 <DIR> d-------- C:\Program Files\iPod
2007-11-05 17:22 <DIR> d-------- C:\Program Files\iTunes
2007-11-02 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-31 09:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-31 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-31 08:56 <DIR> d-------- C:\Program Files\AdVantage
2007-10-31 08:54 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-30 20:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 19:57 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-30 19:57 6,506 --a------ C:\WINDOWS\system32\ijjiSetup.log
2007-10-30 13:26 <DIR> d-------- C:\Program Files\MagicISO
2007-10-29 20:50 <DIR> d-------- C:\Program Files\NHN USA
2007-10-29 20:50 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-29 12:30 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-10-29 12:29 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 12:29 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-29 12:29 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-29 12:29 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-29 12:29 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-29 12:29 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-10-29 12:29 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 12:28 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-29 12:16 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-29 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-10-23 22:30 <DIR> d-------- C:\Program Files\Graphing Calculator Viewer
2007-10-23 22:28 <DIR> d-------- C:\Program Files\Tools for Enriching Calculus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 22:36 72,459,552 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-23 19:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-23 10:59 971,180 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-23 04:21 --------- d-----w C:\Program Files\9Dragons
2007-11-22 23:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-22 23:53 --------- d-----w C:\Program Files\Quicken
2007-11-22 23:15 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-22 23:09 --------- d-----w C:\Program Files\Java Web Start
2007-11-22 23:09 --------- d-----w C:\Program Files\DivX
2007-11-20 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:08 --------- d-----w C:\Program Files\BitComet
2007-11-19 08:49 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-17 12:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 03:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 07:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 05:46 --------- d-----w C:\Program Files\Trillian
2007-11-06 01:18 --------- d-----w C:\Program Files\QuickTime
2007-11-02 23:33 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-02 21:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 17:30 --------- d-----w C:\Program Files\Microsoft Works
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-26 19:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-24 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-22 16:48 3,603 ----a-w C:\WINDOWS\viassary-hp.reg
2007-10-22 10:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 10:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 01:59 --------- d-----w C:\Program Files\Uniblue
2007-10-20 20:50 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 20:46 --------- d-----w C:\Program Files\Maxis
2007-10-20 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 02:29 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 02:28 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-19 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-13 10:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-13 08:51 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 22:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 20:16 --------- d-----w C:\Program Files\PC Registry Cleaner
2007-10-11 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-10-06 00:42 --------- d-----w C:\Program Files\Java
2007-10-06 00:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-05 23:35 --------- d-----w C:\Program Files\mIRC
2007-10-04 05:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2007-10-04 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-04 05:04 --------- d-----w C:\Program Files\Yahoo!
2007-10-04 05:04 --------- d-----w C:\Program Files\CCleaner
2007-10-04 04:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-04 04:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-04 04:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-10-04 03:15 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-04 03:07 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-04 03:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-03 20:52 --------- d-----w C:\Program Files\WordPerfect Office 11
2007-10-03 20:52 --------- d-----w C:\Program Files\Ventrilo
2007-10-03 20:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-03 20:50 --------- d-----w C:\Program Files\Super Mario War
2007-10-03 20:49 --------- d-----w C:\Program Files\Real
2007-10-03 20:49 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-10-03 20:49 --------- d-----w C:\Program Files\Opera
2007-10-03 20:41 --------- d-----w C:\Program Files\Guild Wars
2007-10-03 20:37 --------- d-----w C:\Program Files\Diablo II
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-03 20:27 --------- d-----w C:\Program Files\Alwil Software
2007-10-02 16:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-10-02 07:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-10-02 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-30 00:47 --------- d-----w C:\Program Files\Google
2007-09-28 18:56 --------- d-----w C:\Program Files\MSBuild
2007-09-28 18:52 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-28 18:42 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-28 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-27 00:52 --------- d-----w C:\Program Files\Softex
2007-09-27 00:51 --------- d-----w C:\Program Files\Common Files\Real
2007-09-27 00:50 --------- d-----w C:\Program Files\Symantec
2007-09-27 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-27 00:49 --------- d-----w C:\Program Files\Easy Internet signup
2007-09-27 00:31 4,174 --sha-r C:\WINDOWS\system32\drivers\HP_DM170A-ABA a350n_YW_Pavi_QMXM347_E34NAheBLU2_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.14_T030904_WXH1_L409_M512_J164_7Intel_8Pentium 4_92.8_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0181.MRK
2007-09-27 00:28 --------- d-----w C:\Program Files\ArcSoft
2007-09-27 00:26 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-09-06 23:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 23:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll" [2003-07-28 13:19 C:\WINDOWS\system32\nview.dll]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 08:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Uniblue SpyEraser"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 01:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 06:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 06:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-13 22:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 10:27]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:13]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:13]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 18:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 03:08:16]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 19:34:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Start.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 00:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-08 06:14:08 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-01 08:21:31 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-21 23:32:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 14:37:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\poof]

.
Completion time: 2007-11-23 14:40:54
.
--- E O F ---
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » November 26th, 2007, 5:06 pm

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).[/QUOTE]


While you are at it there is good reason to remove Askbar as well as can be seen from this article. http://www.benedelman.org/spyware/insta ... es-banner/


If you do not have Kaspersky installed on your computer but only use the online scanner please find Kaspersky in the Add/Remove list and remove list.



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all
Folder:: C:\Program Files\AdVantage


[*] Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


Image


[*] Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*] ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*] When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
[/list]

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Now Go here to run an online scannner from Kaspersky.

  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log as "KAV.txt" to the desktop.

Let us see if it will behave itself this time. Else we will have to try another way.

Post the Combofix log and the Kaspersky log (if it works)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » November 30th, 2007, 5:29 am

Would allowing sed.cfexe be a good thing? Oh, and the Kaspersky Scan couldnt update and i can't go on w/o it.

<--------------------------------------------------------------------------------------------------------------->

ComboFix 07-11-19.3 - Owner 2007-11-29 22:45:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-28 00:21 <DIR> d-------- C:\Program Files\MTV Networks
2007-11-27 21:28 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-11-27 21:24 <DIR> d-------- C:\4e6daeb3996ec6e3144e85645ed9b6
2007-11-25 19:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-25 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-20 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-20 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-20 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-19 22:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-19 08:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-19 01:52 <DIR> d--hs---- C:\Diskeeper
2007-11-19 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-17 16:35 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-17 16:33 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-17 15:06 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-16 19:29 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-16 19:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-11-16 19:27 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-16 19:27 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-11-07 22:14 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-07 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-06 21:44 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-11-06 21:44 <DIR> d-------- C:\Program Files\AskPBar
2007-11-05 17:23 <DIR> d-------- C:\Program Files\iPod
2007-11-05 17:22 <DIR> d-------- C:\Program Files\iTunes
2007-11-02 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-31 09:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-31 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-31 08:56 <DIR> d-------- C:\Program Files\AdVantage
2007-10-31 08:54 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-30 20:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 19:57 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-30 19:57 6,506 --a------ C:\WINDOWS\system32\ijjiSetup.log
2007-10-30 13:26 <DIR> d-------- C:\Program Files\MagicISO
2007-10-29 20:50 <DIR> d-------- C:\Program Files\NHN USA
2007-10-29 20:50 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-29 12:30 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-10-29 12:29 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 12:29 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-29 12:29 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-29 12:29 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-29 12:29 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-29 12:29 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-10-29 12:29 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 12:28 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-29 12:16 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-29 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 06:57 85,689,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-29 23:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-29 08:43 1,147,124 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-27 03:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 09:51 --------- d-----w C:\Program Files\Quicken
2007-11-24 09:51 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-24 09:51 --------- d-----w C:\Program Files\Java Web Start
2007-11-24 09:51 --------- d-----w C:\Program Files\DivX
2007-11-24 09:51 --------- d-----w C:\Program Files\9Dragons
2007-11-22 23:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:08 --------- d-----w C:\Program Files\BitComet
2007-11-19 08:49 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-17 12:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 03:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 07:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 05:46 --------- d-----w C:\Program Files\Trillian
2007-11-06 01:18 --------- d-----w C:\Program Files\QuickTime
2007-11-02 23:33 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-02 21:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 17:30 --------- d-----w C:\Program Files\Microsoft Works
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-26 19:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-24 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 06:32 --------- d-----w C:\Program Files\Graphing Calculator Viewer
2007-10-24 06:28 --------- d-----w C:\Program Files\Tools for Enriching Calculus
2007-10-22 16:48 3,603 ----a-w C:\WINDOWS\viassary-hp.reg
2007-10-22 10:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 10:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 01:59 --------- d-----w C:\Program Files\Uniblue
2007-10-20 20:50 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 20:46 --------- d-----w C:\Program Files\Maxis
2007-10-20 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 02:29 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 02:28 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-19 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-13 10:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-13 08:51 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 22:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 20:16 --------- d-----w C:\Program Files\PC Registry Cleaner
2007-10-11 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-10-06 00:42 --------- d-----w C:\Program Files\Java
2007-10-06 00:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-05 23:35 --------- d-----w C:\Program Files\mIRC
2007-10-04 05:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2007-10-04 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-04 05:04 --------- d-----w C:\Program Files\Yahoo!
2007-10-04 05:04 --------- d-----w C:\Program Files\CCleaner
2007-10-04 04:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-04 04:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-04 04:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-10-04 03:15 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-04 03:07 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-03 20:52 --------- d-----w C:\Program Files\WordPerfect Office 11
2007-10-03 20:52 --------- d-----w C:\Program Files\Ventrilo
2007-10-03 20:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-03 20:50 --------- d-----w C:\Program Files\Super Mario War
2007-10-03 20:49 --------- d-----w C:\Program Files\Real
2007-10-03 20:49 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-10-03 20:49 --------- d-----w C:\Program Files\Opera
2007-10-03 20:41 --------- d-----w C:\Program Files\Guild Wars
2007-10-03 20:37 --------- d-----w C:\Program Files\Diablo II
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-03 20:27 --------- d-----w C:\Program Files\Alwil Software
2007-10-02 16:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-10-02 07:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-10-02 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-30 00:47 --------- d-----w C:\Program Files\Google
2007-09-28 18:56 --------- d-----w C:\Program Files\MSBuild
2007-09-28 18:52 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-28 18:42 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-28 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-06 23:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 23:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-23_14.38.44.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 07:56:58 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-05-10 05:02:38 180,736 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-08-04 07:56:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-05-10 06:26:32 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-05-10 06:26:34 267,776 ------w C:\WINDOWS\system32\Audiodev.dll
- 2004-08-04 07:56:42 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-05-10 04:59:14 585,216 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-08-04 07:56:42 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-05-10 06:26:34 219,648 ----a-w C:\WINDOWS\system32\CEWMDM.dll
- 2004-08-04 07:56:44 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-05-10 06:26:34 345,088 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 07:56:58 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-05-10 05:02:42 1,587,712 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 07:56:48 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-05-10 06:26:34 87,040 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 07:56:58 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-05-10 06:25:54 62,976 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2006-12-08 00:02:24 2,174,976 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-05-10 06:22:32 2,463,744 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-05-10 04:58:46 646,656 ------w C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll
+ 2006-05-10 04:58:44 40,704 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-04-11 22:26:38 82,944 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-04-11 22:29:18 87,808 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-05-10 04:59:18 229,376 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 07:57:04 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-05-10 05:00:02 1,350,656 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-05-10 04:57:06 11,264 ------w C:\WINDOWS\system32\ehETW.dll
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-08-04 07:56:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-05-10 06:26:32 9,728 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-04 07:56:52 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-05-10 05:02:02 84,480 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-01-02 19:13:32 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2006-01-03 23:14:12 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-05-10 05:00:08 382,976 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-05-10 05:00:56 241,152 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:44 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-05-10 05:00:58 299,520 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:44 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-05-10 05:00:58 241,152 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:56:44 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-05-10 04:45:20 304,640 ------w C:\WINDOWS\system32\MSDelta.dll
- 2004-08-04 07:57:02 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-05-10 06:26:34 212,480 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-04 07:56:44 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-05-10 06:26:34 26,112 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
- 2004-08-04 07:56:44 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-05-10 06:26:34 165,376 ----a-w C:\WINDOWS\system32\MsPMSP.dll
- 2004-08-04 07:57:02 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-05-10 04:59:20 417,280 ----a-w C:\WINDOWS\system32\MSSCP.dll
- 2004-08-04 07:56:46 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-05-10 06:26:34 306,688 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-05-10 04:58:48 345,600 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-05-10 04:58:48 101,376 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-05-10 04:58:38 168,960 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-05-10 04:58:50 103,424 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-05-10 04:58:48 188,928 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-04 07:56:46 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-05-10 06:26:34 201,728 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-05-10 06:36:46 6,656 ------w C:\WINDOWS\system32\uWDF.exe
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\wdfApi.dll
+ 2006-05-10 06:36:46 6,656 ------w C:\WINDOWS\system32\WdfMgr.exe
- 2004-08-04 07:56:48 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-05-10 06:26:34 705,024 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-04 07:56:48 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-05-10 06:26:34 1,063,424 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-08-04 07:56:48 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-05-10 06:26:34 221,696 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-08-04 07:56:48 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-05-10 06:26:34 31,744 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
- 2004-08-04 07:56:48 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-05-10 06:26:34 36,864 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-05-10 06:26:34 417,280 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-05-10 06:26:34 337,408 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-05-10 04:59:34 513,536 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 07:56:36 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-05-10 06:26:32 218,112 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-04 07:56:48 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-05-10 06:26:34 155,136 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-04 07:56:48 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-05-10 06:26:34 992,256 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 09:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-05-10 06:26:34 10,394,624 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 07:56:48 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-05-10 06:26:34 237,056 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 07:56:48 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-05-10 06:26:34 301,056 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-05-10 06:26:34 433,152 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-05-10 06:26:34 1,641,472 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 07:56:38 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-05-10 06:26:34 7,706,112 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-05-10 05:00:22 546,816 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-05-10 06:26:34 135,680 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 07:56:48 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-05-10 06:26:34 97,792 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-05-10 06:26:34 203,776 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-04 07:56:48 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-04 07:56:48 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-04 07:56:48 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-05-10 06:26:34 564,736 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-04 07:56:48 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-05-10 06:26:34 1,280,000 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-08 00:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-05-10 06:22:32 2,463,744 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-05-10 05:01:06 1,463,808 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-04 07:56:48 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-04 07:56:48 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-05-10 05:00:58 1,455,616 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-05-10 05:01:06 1,359,360 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-05-10 05:00:58 770,560 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-05-10 05:00:56 636,928 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-05-10 04:58:50 670,208 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-05-10 04:58:40 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-05-10 04:58:40 144,896 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-05-10 04:58:40 55,808 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-05-10 04:58:54 3,745,280 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-05-10 04:58:54 13,824 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-05-10 04:58:54 52,224 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-05-10 04:58:46 343,552 ------w C:\WINDOWS\system32\WPDSp.dll
+ 2006-05-10 04:58:38 13,312 ------w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-04-11 22:30:44 93,752 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-04-11 22:27:18 130,048 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-04-11 22:26:44 158,208 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-04-11 22:26:56 54,272 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-04-11 22:27:18 304,640 ------w C:\WINDOWS\system32\WUDFx.dll
- 2007-11-23 09:14:06 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-27 22:17:35 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-11-23 19:39:35 879,408 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-11-29 23:25:02 881,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-11-22 19:31:06 6,837,027 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-26 04:02:03 6,850,081 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-29 23:25:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll" [2003-07-28 13:19 C:\WINDOWS\system32\nview.dll]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 08:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Uniblue SpyEraser"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 01:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 06:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 06:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-13 22:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 10:27]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:13]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:13]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 18:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 03:08:16]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 19:34:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Start.exe

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 00:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-24 09:50:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-01 08:21:31 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-21 23:32:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 22:57:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 23:02:21
C:\ComboFix2.txt ... 2007-11-23 14:40
.
--- E O F ---
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » November 30th, 2007, 10:01 am

Sorry to hear that you could not get the Kaspersky log. This is what we will do:

Download Flash_Disinfector from here and save it to your desktop.
Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
Wait until it has finished scanning and then exit the program.
The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well


Please download >>ComboFix<< by sUBs:

NOTE: In the event you already have ComboFix, Please delete it, this is a new version that I need you to download.

  • Save it to your desktop.
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    [b]File::[/b]
    F:\Start.exe
    
    [b]Folder::[/b]
    
    [b]DirLook::[/b]
    C:\WINDOWS\system32\drivers\umdf
    C:\4e6daeb3996ec6e3144e85645ed9b6
    
    [b]Registry::[/b]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


It seems to be some problems with Kaspersky at the moment. You are not the only one who has this problem. Let us hope this works.

Run Panda Online Scan
Run Panda's ActiveScan from here and perform a full system scan.
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click the big "Check Now" button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Click on "Local Disks" to start the scan
- Save the log file to your desktop


Please run a new HijackThis scan and post the log together with the logs from Combofix and Panda.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » December 5th, 2007, 3:44 am

Everything went fine until i had to run the PandaScan. When i clicked on scan now, nothing happened.

I tried scanning it with IE but that didn't work either. Would my firewall have anything to do with this?

<--------------------------------------------------------------------------------------------------->
ComboFix 07-12-02.6 - Owner 2007-12-04 19:04:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.82 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-11-28 00:21 . 2007-11-28 00:21 <DIR> d-------- C:\Program Files\MTV Networks
2007-11-27 21:30 . 2007-11-28 00:48 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-11-27 21:28 . 2007-11-28 10:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-11-27 21:24 . 2007-11-27 22:09 <DIR> d-------- C:\4e6daeb3996ec6e3144e85645ed9b6
2007-11-25 19:49 . 2007-11-25 19:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-25 19:49 . 2007-11-25 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 17:45 . 2007-11-20 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-20 17:34 . 2007-11-20 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-20 16:25 . 2007-11-20 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-20 11:29 . 2007-11-20 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-19 22:47 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-19 08:01 . 2007-11-19 08:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-19 01:52 . 2007-11-19 01:52 <DIR> d--hs---- C:\Diskeeper
2007-11-19 00:49 . 2007-11-19 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-17 17:13 . 2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-17 17:13 . 2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-17 16:35 . 2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-11-17 16:35 . 2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-17 16:35 . 2007-11-17 16:35 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-17 16:33 . 2007-11-17 16:33 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-17 15:06 . 2007-11-17 15:06 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-16 19:29 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-16 19:27 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-11-16 19:27 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-16 19:27 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-11-10 23:34 . 2007-12-04 10:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-10 23:34 . 2007-11-10 23:34 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-07 22:14 . 2007-11-30 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-07 11:03 . 2007-11-07 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 10:45 . 2003-08-23 06:34 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-07 10:45 . 2003-08-28 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-07 10:45 . 2003-08-23 06:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-07 10:45 . 2003-08-23 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-11-07 10:45 . 2003-08-28 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-06 21:44 . 2007-11-07 10:38 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-11-06 21:44 . 2007-11-06 21:44 <DIR> d-------- C:\Program Files\AskPBar
2007-11-05 17:23 . 2007-11-05 17:23 <DIR> d-------- C:\Program Files\iPod
2007-11-05 17:22 . 2007-11-05 17:23 <DIR> d-------- C:\Program Files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 03:11 11,501,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-04 18:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-04 08:39 153,500 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-01 11:04 3,694,105 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-01 11:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 09:51 --------- d-----w C:\Program Files\Quicken
2007-11-24 09:51 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-24 09:51 --------- d-----w C:\Program Files\MagicISO
2007-11-24 09:51 --------- d-----w C:\Program Files\Java Web Start
2007-11-24 09:51 --------- d-----w C:\Program Files\DivX
2007-11-24 09:51 --------- d-----w C:\Program Files\9Dragons
2007-11-22 23:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:08 --------- d-----w C:\Program Files\BitComet
2007-11-19 08:49 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-17 12:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 03:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 00:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-15 00:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-14 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-07 07:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 05:46 --------- d-----w C:\Program Files\Trillian
2007-11-06 01:18 --------- d-----w C:\Program Files\QuickTime
2007-11-02 23:33 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-02 21:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 17:30 --------- d-----w C:\Program Files\Microsoft Works
2007-10-31 17:26 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-31 16:56 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-31 16:56 --------- d-----w C:\Program Files\AdVantage
2007-10-31 04:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-30 04:50 --------- d-----w C:\Program Files\NHN USA
2007-10-29 20:30 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2007-10-29 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-10-26 19:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-24 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 06:32 --------- d-----w C:\Program Files\Graphing Calculator Viewer
2007-10-24 06:28 --------- d-----w C:\Program Files\Tools for Enriching Calculus
2007-10-22 16:48 3,603 ----a-w C:\WINDOWS\viassary-hp.reg
2007-10-22 10:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 10:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 01:59 --------- d-----w C:\Program Files\Uniblue
2007-10-20 20:50 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 20:46 --------- d-----w C:\Program Files\Maxis
2007-10-20 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 02:29 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 02:28 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-19 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-13 10:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-13 08:51 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 22:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 22:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 20:16 --------- d-----w C:\Program Files\PC Registry Cleaner
2007-10-11 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-10-06 00:42 --------- d-----w C:\Program Files\Java
2007-10-06 00:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-05 23:35 --------- d-----w C:\Program Files\mIRC
2007-10-02 16:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-27 19:08 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2006-12-15 02:24 58,910 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_13_18_53_46_small.dmp.zip
2006-12-02 19:45 54,661 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_01_19_16_07_small.dmp.zip
2006-09-01 14:32 92,015 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_01_02_18_small.dmp.zip
2006-09-01 14:32 135,113 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_00_56_36_small.dmp.zip
2006-09-01 14:32 115,584 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_05_09_32_small.dmp.zip
2006-07-07 20:02 124,765 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_06_16_44_25_small.dmp.zip
2006-06-17 23:03 59,793 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_17_11_36_40_small.dmp.zip
2006-01-29 16:48 99,259 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_01_28_07_22_43_small.dmp.zip
2005-12-03 22:47 89,237 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_03_12_24_31_small.dmp.zip
.

((((((((((((((((((((((((((((( snapshot_2007-11-29_22.59.31.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-09 00:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 11:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
- 2007-07-19 22:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-07-19 23:10:28 127,768 ----a-w C:\WINDOWS\system32\drivers\klif.sys
- 2007-09-06 23:14:04 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2007-11-15 00:04:52 83,432 ----a-w C:\WINDOWS\system32\vsdata.dll
- 2007-09-06 23:14:28 395,080 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2007-11-15 00:05:16 394,952 ----a-w C:\WINDOWS\system32\vsdatant.sys
- 2007-09-06 23:14:04 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2007-11-15 00:04:52 157,160 ----a-w C:\WINDOWS\system32\vsinit.dll
- 2007-09-06 23:14:04 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2007-11-15 00:04:52 103,912 ----a-w C:\WINDOWS\system32\vsmonapi.dll
- 2007-09-06 23:14:04 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2007-11-15 00:04:52 275,944 ----a-w C:\WINDOWS\system32\vspubapi.dll
- 2007-09-06 23:14:04 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2007-11-15 00:04:52 71,144 ----a-w C:\WINDOWS\system32\vsregexp.dll
- 2007-09-06 23:14:06 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2007-11-15 00:04:54 472,552 ----a-w C:\WINDOWS\system32\vsutil.dll
- 2007-09-06 23:14:06 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2007-11-15 00:04:54 46,568 ----a-w C:\WINDOWS\system32\vswmi.dll
- 2007-09-06 23:14:06 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2007-11-15 00:04:54 99,816 ----a-w C:\WINDOWS\system32\vsxml.dll
- 2007-09-06 23:14:06 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2007-11-15 00:04:56 83,432 ----a-w C:\WINDOWS\system32\zlcomm.dll
- 2007-09-06 23:14:08 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2007-11-15 00:04:56 71,144 ----a-w C:\WINDOWS\system32\zlcommdb.dll
- 2007-11-27 22:17:35 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-04 18:06:41 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-09-06 23:13:56 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-11-15 00:04:44 370,208 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll
- 2007-05-31 07:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2007-05-31 08:03:30 65,248 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
- 2006-06-30 21:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2006-06-30 22:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
- 2007-05-31 07:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-31 08:03:16 77,824 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
- 2007-05-31 07:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-31 08:03:16 110,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
- 2007-05-31 07:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-31 08:03:16 331,776 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
- 2007-05-31 07:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2007-05-31 08:03:16 38,400 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
- 2007-07-19 22:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
+ 2007-07-19 23:10:32 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\kl1.sys
- 2007-07-19 22:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
+ 2007-07-19 23:10:32 186,128 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\w2kxp32\klif.sys
- 2007-05-31 07:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
+ 2007-05-31 08:03:48 110,360 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\kl1.sys
- 2007-07-19 22:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
+ 2007-07-19 23:10:28 127,768 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\klif.sys
- 2007-05-31 07:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
+ 2007-05-31 08:03:50 45,056 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\instdrivers\x32\regcat.exe
- 2006-09-20 06:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2006-09-20 07:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
- 2007-08-25 02:31:48 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2007-09-12 05:09:16 274,432 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
- 2006-12-20 01:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2006-12-20 02:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
- 2007-05-31 07:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-31 08:03:20 548,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
- 2007-05-31 07:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-31 08:03:20 626,688 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
- 2007-05-31 07:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-31 08:03:18 184,320 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
- 2007-05-31 07:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-31 08:03:22 90,112 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
- 2007-08-25 02:31:48 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2007-09-12 05:09:16 135,168 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
- 2006-12-20 01:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2006-12-20 02:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
- 2007-09-06 23:13:56 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-11-15 00:04:44 99,816 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
- 2004-01-30 19:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2004-01-30 20:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
- 2007-09-06 23:13:58 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-11-15 00:04:46 128,480 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
- 2007-09-06 23:13:58 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-11-15 00:04:46 38,376 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
- 2007-09-06 23:13:58 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-11-15 00:04:46 321,016 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll
- 2007-09-06 23:14:30 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2007-11-15 00:05:18 288,144 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard.zip.dll
- 2007-09-06 23:14:30 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
+ 2007-11-15 00:05:18 152,976 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\licenseui.zip.dll
- 2007-09-06 23:14:30 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-11-15 00:05:18 26,000 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
- 2007-09-06 23:14:32 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-11-15 00:05:18 1,361,296 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
- 2007-09-06 23:14:32 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-11-15 00:05:20 71,056 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
- 2007-09-06 23:15:50 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-11-15 00:06:34 30,184 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
- 2007-09-06 23:15:52 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-11-15 00:06:36 30,216 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
- 2007-10-24 17:13:23 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-10-19 04:18:38 714,208 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
- 2007-10-24 17:13:23 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-10-19 04:18:38 787,936 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
- 2007-09-06 23:14:00 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-11-15 00:04:48 173,544 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
- 2007-11-26 04:02:03 6,850,081 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-26 04:02:04 6,850,081 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
- 2007-10-24 17:13:23 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-10-19 04:18:40 1,500,640 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
- 2007-10-24 17:13:23 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-10-19 04:18:44 51,176 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
- 2007-09-06 23:14:02 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-11-15 00:04:50 456,168 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
- 2007-09-06 23:15:52 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-11-15 00:06:36 214,528 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
- 2007-09-06 23:15:54 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2007-11-15 00:06:36 3,266,040 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
- 2006-09-05 03:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2006-09-05 04:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll
- 2007-08-01 13:30:04 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-10-12 00:50:32 832,984 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
- 2007-09-06 23:14:18 149,032 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-11-15 00:05:06 144,936 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
- 2007-01-12 00:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-01-12 01:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
- 2007-09-06 23:14:04 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-11-15 00:04:52 108,008 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
- 2007-09-06 23:14:04 79,336 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-11-15 00:04:52 83,432 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
- 2007-09-06 23:14:18 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-11-15 00:05:06 75,304 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
- 2007-09-06 23:14:04 2,024,936 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-11-15 00:04:52 2,029,032 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
- 2007-09-06 23:14:06 1,345,000 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-11-15 00:04:54 1,361,384 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
- 2007-09-06 23:14:06 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-11-15 00:04:54 239,080 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
- 2007-01-11 18:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-01-11 19:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
- 2007-09-06 23:14:08 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-11-15 00:04:56 177,640 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
- 2007-09-06 23:14:08 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-11-15 00:04:56 79,344 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
- 2007-09-06 23:14:08 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-11-15 00:04:58 382,440 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
- 2007-09-06 23:14:08 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-11-15 00:04:58 120,296 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-12-04 18:06:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll" [2003-07-28 13:19 C:\WINDOWS\system32\nview.dll]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 08:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Uniblue SpyEraser"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 01:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 06:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 06:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-13 22:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 10:27]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:13]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 18:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 03:08:16]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 19:34:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Start.exe

*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 00:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 00:49:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-01 09:10:34 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-21 23:32:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 19:16:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 20:00:28
C:\ComboFix2.txt ... 2007-11-29 23:02
C:\ComboFix3.txt ... 2007-11-23 14:40
.
--- E O F ---
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » December 5th, 2007, 5:07 pm

Let's try this:
  1. Download Flash_Disinfector from herea nd save it to your desktop.
    Doubleclick on Flash_Disinfector.exe to run it and follow the prompts.
    Wait until it has finished scanning and then exit the program.
    The utility may ask you to insert your flash drive and/or other removable drives. This may include your mobile phone.
    Please do so and allow the utility to clean up those drives as well.
  2. B. 1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code: Select all
    DirLook::
    C:\WINDOWS\system32\drivers\umdf
    C:\4e6daeb3996ec6e3144e85645ed9b6
    
    File::
    F:\Start.exe
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    
    


    3. Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)


    4. Save the above as CFScript.txt

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    Image
  3. try Kaspersky once more because it is the best scanner:
    Go here to run an online scannner from Kaspersky.

    • Click on "Kaspersky Online Scanner"
    • A new smaller window will pop up. Press on "Accept". After reading the contents.
    • Now Kaspersky will update the anti-virus database. Let it run.
    • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
    • Then click on "My Computer", and the scan will start.
    • Once finished, save the log as "KAV.txt" to the desktop.
  4. If the last point did not work then please try this:
    Download and run Sysclean

    • Create a folder on your desktop called Sysclean.
    • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
    • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
      This file will be called lptXXX.zip (XXX represents the version number)
    • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
    • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
    • Open the sysclean-folder and doubleclick sysclean.com.
    • Check: "Automatically clean or delete detected files".
    • Click scan.

Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

[*] Post the Combofix Log and either the Kaspersky or the Sysclean log.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby JohnV » December 14th, 2007, 5:28 pm

Sorry if I haven't replied in a while, but work and school is taking up much of my free time. Kaspersky did not work for some reason. I'm also not sure if there were any other logs to post because sysclean continued to scan after the report was done.
<---------------------------------------------------------------------------------------------------------->
ComboFix 07-12-02.6 - Owner 2007-12-05 21:33:04.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
F:\Start.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 04:32 . 2007-12-05 04:32 <DIR> d--hs---- C:\Diskeeper
2007-12-05 00:09 . 2007-12-05 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-28 00:21 . 2007-11-28 00:21 <DIR> d-------- C:\Program Files\MTV Networks
2007-11-27 21:30 . 2007-11-28 00:48 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-11-27 21:28 . 2007-11-28 10:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-11-27 21:24 . 2007-11-27 22:09 <DIR> d-------- C:\4e6daeb3996ec6e3144e85645ed9b6
2007-11-25 19:49 . 2007-11-25 19:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-25 19:49 . 2007-11-25 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 17:45 . 2007-11-20 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-20 17:34 . 2007-11-20 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-20 16:25 . 2007-11-20 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-20 11:29 . 2007-11-20 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-19 22:47 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-19 08:01 . 2007-11-19 08:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-17 17:13 . 2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-17 17:13 . 2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-17 16:35 . 2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-11-17 16:35 . 2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-17 16:35 . 2007-11-17 16:35 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-17 16:33 . 2007-11-17 16:33 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-17 15:06 . 2007-11-17 15:06 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-16 19:29 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-16 19:27 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-11-16 19:27 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-16 19:27 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-11-10 23:34 . 2007-12-04 10:08 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-10 23:34 . 2007-11-10 23:34 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-07 22:14 . 2007-11-30 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-07 11:03 . 2007-11-07 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 10:45 . 2003-08-23 06:34 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-07 10:45 . 2003-08-28 19:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-07 10:45 . 2003-08-23 06:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-07 10:45 . 2003-08-23 19:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-11-07 10:45 . 2003-08-28 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-06 21:44 . 2007-11-07 10:38 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-11-06 21:44 . 2007-11-06 21:44 <DIR> d-------- C:\Program Files\AskPBar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 05:41 17,665,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 16:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-05 07:54 --------- d-----w C:\Program Files\9Dragons
2007-12-04 08:39 153,500 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-01 11:04 3,694,105 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-01 11:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 09:51 --------- d-----w C:\Program Files\Quicken
2007-11-24 09:51 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-24 09:51 --------- d-----w C:\Program Files\MagicISO
2007-11-24 09:51 --------- d-----w C:\Program Files\Java Web Start
2007-11-24 09:51 --------- d-----w C:\Program Files\DivX
2007-11-22 23:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:08 --------- d-----w C:\Program Files\BitComet
2007-11-19 08:49 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-17 12:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 03:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-15 00:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-15 00:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-14 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-07 07:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 05:46 --------- d-----w C:\Program Files\Trillian
2007-11-06 01:23 --------- d-----w C:\Program Files\iTunes
2007-11-06 01:23 --------- d-----w C:\Program Files\iPod
2007-11-06 01:18 --------- d-----w C:\Program Files\QuickTime
2007-11-02 23:33 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-02 21:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-02 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 17:30 --------- d-----w C:\Program Files\Microsoft Works
2007-10-31 17:26 --------- d-----w C:\Program Files\Microsoft.NET
2007-10-31 16:56 --------- d-----w C:\Program Files\DAEMON Tools
2007-10-31 16:56 --------- d-----w C:\Program Files\AdVantage
2007-10-31 04:05 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-30 04:50 --------- d-----w C:\Program Files\NHN USA
2007-10-29 20:30 --------- d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2007-10-29 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\IJJIGame
2007-10-26 19:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-24 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 06:32 --------- d-----w C:\Program Files\Graphing Calculator Viewer
2007-10-24 06:28 --------- d-----w C:\Program Files\Tools for Enriching Calculus
2007-10-22 16:48 3,603 ----a-w C:\WINDOWS\viassary-hp.reg
2007-10-22 10:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 10:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 01:59 --------- d-----w C:\Program Files\Uniblue
2007-10-20 20:50 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 20:46 --------- d-----w C:\Program Files\Maxis
2007-10-20 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 02:29 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 02:28 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-19 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-13 10:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-13 08:51 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 22:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 22:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 20:16 --------- d-----w C:\Program Files\PC Registry Cleaner
2007-10-11 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-10-06 00:42 --------- d-----w C:\Program Files\Java
2007-10-06 00:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-02 16:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-27 19:08 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2006-12-15 02:24 58,910 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_13_18_53_46_small.dmp.zip
2006-12-02 19:45 54,661 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_01_19_16_07_small.dmp.zip
2006-09-01 14:32 92,015 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_01_02_18_small.dmp.zip
2006-09-01 14:32 135,113 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_00_56_36_small.dmp.zip
2006-09-01 14:32 115,584 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_09_01_05_09_32_small.dmp.zip
2006-07-07 20:02 124,765 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_07_06_16_44_25_small.dmp.zip
2006-06-17 23:03 59,793 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_06_17_11_36_40_small.dmp.zip
2006-01-29 16:48 99,259 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_01_28_07_22_43_small.dmp.zip
2005-12-03 22:47 89,237 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2005_12_03_12_24_31_small.dmp.zip
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\4e6daeb3996ec6e3144e85645ed9b6 ----

2006-05-09 22:44 5101 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\update.ver
2006-05-09 22:42 26352 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\wmfdist11.cat
2006-05-09 22:41 54625 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\update.inf
2006-05-09 22:41 11831 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\wmfdist11.cdf
2006-05-09 22:36 6656 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wdfmgr.exe
2006-05-09 22:36 6656 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\uwdf.exe
2006-05-09 22:26 992256 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmnetmgr.dll
2006-05-09 22:26 9728 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\laprxy.dll
2006-05-09 22:26 705024 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmadmod.dll
2006-05-09 22:26 564736 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmspdmod.dll
2006-05-09 22:26 417280 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmdrmdev.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvdmoe2.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvdmod.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvadve.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvadvd.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmsdmoe2.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmsdmod.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wdfapi.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mpg4dmod.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mp4sdmod.dll
2006-05-09 22:26 4096 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mp43dmod.dll
2006-05-09 22:26 36864 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmdmps.dll
2006-05-09 22:26 337408 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmdrmnet.dll
2006-05-09 22:26 31744 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmdmlog.dll
2006-05-09 22:26 306688 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mswmdm.dll
2006-05-09 22:26 26112 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mspmsnsv.dll
2006-05-09 22:26 221696 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmasf.dll
2006-05-09 22:26 219648 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\cewmdm.dll
2006-05-09 22:26 212480 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\msnetobj.dll
2006-05-09 22:26 201728 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\qasf.dll
2006-05-09 22:26 165376 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mspmsp.dll
2006-05-09 22:26 155136 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmidx.dll
2006-05-09 22:26 1280000 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmspdmoe.dll
2006-05-09 22:26 1063424 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmadmoe.dll
2006-05-09 22:22 2463744 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvcore.dll
2006-05-09 21:02 84480 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\logagent.exe
2006-05-09 21:02 1587712 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmsetsdk.exe
2006-05-09 21:01 1463808 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvdecod.dll
2006-05-09 21:01 1359360 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvsdecd.dll
2006-05-09 21:00 770560 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvsencd.dll
2006-05-09 21:00 636928 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvxencd.dll
2006-05-09 21:00 382976 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mfplat.dll
2006-05-09 21:00 299520 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mp4sdecd.dll
2006-05-09 21:00 241152 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mpg4decd.dll
2006-05-09 21:00 241152 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\mp43decd.dll
2006-05-09 21:00 1455616 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmvencod.dll
2006-05-09 21:00 1350656 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\drmv2clt.dll
2006-05-09 20:59 585216 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\blackbox.dll
2006-05-09 20:59 513536 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wmdrmsdk.dll
2006-05-09 20:59 417280 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\msscp.dll
2006-05-09 20:59 229376 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\drmupgds.exe
2006-05-09 20:58 670208 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpd_ci.dll
2006-05-09 20:58 646656 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdmtpdr.dll
2006-05-09 20:58 55808 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdmtpus.dll
2006-05-09 20:58 40704 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdusb.sys
2006-05-09 20:58 35840 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdconns.dll
2006-05-09 20:58 345600 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\portabledeviceapi.dll
2006-05-09 20:58 343552 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdsp.dll
2006-05-09 20:58 188928 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\portabledevicewmdrm.dll
2006-05-09 20:58 168960 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\portabledevicetypes.dll
2006-05-09 20:58 144896 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdmtp.dll
2006-05-09 20:58 13312 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdtrace.dll
2006-05-09 20:58 103424 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\portabledevicewiacompat.dll
2006-05-09 20:58 101376 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\portabledeviceclassextension.dll
2006-05-09 20:57 11264 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\ehetw.dll
2006-05-09 20:00 716000 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\update.exe
2006-05-09 20:00 371424 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\update\updspapi.dll
2006-05-09 20:00 22752 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\spupdsvc.exe
2006-05-09 20:00 213216 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\spuninst.exe
2006-03-20 19:10 7017 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdmtp.inf
2006-03-16 18:40 1816 --a------ C:\4e6daeb3996ec6e3144e85645ed9b6\wpdmtphw.inf

---- Directory of C:\WINDOWS\system32\drivers\umdf ----

2007-11-28 10:50 0 --ah----- C:\WINDOWS\system32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
2007-11-28 00:48 0 --ah----- C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
2006-05-09 20:58 646656 --------- C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll


((((((((((((((((((((((((((((( snapshot_2007-12-04_19.14.58.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-19 08:49:44 22,486 ----a-r C:\WINDOWS\Installer\{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}\ARPPRODUCTICON.exe
+ 2007-12-05 08:10:20 22,486 ----a-r C:\WINDOWS\Installer\{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}\ARPPRODUCTICON.exe
- 2007-11-19 08:49:44 65,536 ----a-r C:\WINDOWS\Installer\{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}\DiskeeperShortcut.exe
+ 2007-12-05 08:10:20 65,536 ----a-r C:\WINDOWS\Installer\{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}\DiskeeperShortcut.exe
+ 2007-12-05 08:10:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_480.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll" [2003-07-28 13:19 C:\WINDOWS\system32\nview.dll]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 08:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Uniblue SpyEraser"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 01:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 06:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 06:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-13 22:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 10:27]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:13]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 18:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 03:08:16]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 19:34:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

*Newly Created Service* - DISKEEPER
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 00:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-01 00:49:42 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-12-01 09:10:34 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-21 23:32:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-05 21:45:38
C:\ComboFix2.txt ... 2007-12-04 20:00
C:\ComboFix3.txt ... 2007-11-29 23:02
.
--- E O F ---
<------------------------------------------------------------------------------------>

Damage Cleanup Engine (DCE) 5.3(Build 1103)
Windows XP(Build 2600: Service Pack 2)

Start time : Thu Dec 13 2007 23:18:50

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Owner\Desktop\Sysclean\TMRDCT.ptn" (version ) [fail]
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Owner\Desktop\Sysclean\tsc.ptn" (version 918) [success]

Complete time : Thu Dec 13 2007 23:20:17
Execute pattern count(2958), Virus found count(0), Virus clean count(0), Clean failed count(0)
JohnV
Regular Member
 
Posts: 23
Joined: November 7th, 2007, 2:18 am
Location: California

Re: is Bifrost the cause?

Unread postby Elrond » December 15th, 2007, 3:12 pm

It looks as if you have a clean computer.
We could probably get one of the scans to work by disabeling your firewall and your antivirus but it is not worth the risk involved to do so.

Now to some house cleaning and good advise before I let you go.


  1. Go to Start > Run - type in ComboFix /u & click OK
  2. This is a good time to clear your existing system restore points and establish a new clean restore point:

    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select drive will open. Click OK
    • Either a scan will open up and take a few minutes or it will go directly to Disk Cleanup for ...
    • Select the More options tab
    • Find System Restore. Click Clean up
  3. Set correct settings for files that should be hidden in Windows XP
    • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
    • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
    • If unchecked please checkHide protected operating system files (Recommended)
    • If necessary check "Display content of system folders"
    • If necessary Uncheck Hide file extensions for known file types.
    • Click OK
  4. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
  5. Clean out Temporary Files etc. Download System Security Suite from http://www.igorshpak.net/software/3ssetup104.zip. Extract it from the zip file into a folder and double click on sss.exe. Please check the following check-boxes under the Items to Clear tab:
    1. Under Internet Explorer
      • History
      • Temporary Files
    2. Under My Computer
      • Recycle Bin
      • Run (Menu)
      • Search History
      • Temporary Files
    Next click 'Clear Selected Items'. Reboot when prompted. It is a good idea to do this every few weeks as a lot of junk collects there over time.
  6. Always use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  7. Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Once a day is a good idea). If you do not update your anti virus software it will not be able to catch new variants that come out.
  8. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Windows Firewall is not recomended.
    Be restrictive with granting access to the internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.
  9. Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.
  10. Visit Microsoft's Windows Update Site Frequently or better yet set computer for automatic updates.
  11. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  12. If you use Quicktime you need to check that you use the latest version. There are a lot of malware that uses holes in Qucktime to infect computers.
  13. Read and follow the sugestions given at this web site by Miekiemoes http://users.telenet.be/bluepatchy/miek ... ntion.html that will give you more information on some of the points above.
Follow this list and your potential for being infected again will reduce dramatically.

Stand up and be Counted.
NOW is the time you can start to hit back at the people who infected you.
Image
Please take the time to go and complain. The infection that hit you is Bifrost but you also had other infections on your computer. It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


I hope that I have helped you. E :)

Edit: Please let me know how your computer behaves now.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: is Bifrost the cause?

Unread postby Elrond » December 25th, 2007, 2:56 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware