Free Malware Removal Forum

[InfiniteD]

I'm trying to clean a friend's laptop of a very severe infection. I've done my best up to this point but now I need some expert advice. So far I have ran Yahoo! AntiSpy powered by CA, SUPERAntiSpyware, Spybot S&D, CWS Shredder, Malware Bytes, and the already installed Norton AV. The machine is still infected. I see some stuff in HJT that most likely needs to go, but, I'd like to hear it (or read it) from someone who really knows what they're doing. Please help. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:16 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLHOS~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C:\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{c5988439-20e1-5c63-79a5-a3161088d33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32993b6-f5bf-3925-d0b6-b1b23c74917b}.dll" DllStart
O4 - HKLM\..\Run: [ac328e37] rundll32.exe "C:\WINDOWS\system32\bkwsxswl.dll",b
O4 - HKLM\..\Run: [BMaf01bdab] Rundll32.exe "C:\WINDOWS\system32\gaxtsbhy.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game ... .0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[Shaba]

Hi InfiniteD

HijackThis is outdated.

Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

[InfiniteD]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:57 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLHOS~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {8ff412a5-09b0-803b-1aa4-998c3698ef93} - {39fe8963-c899-4aa1-b308-0b905a214ff8} - C:\WINDOWS\system32\uwfwevyg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64340626-49E8-4256-AEBB-69DF59793009} - C:\WINDOWS\system32\ddcCTmMc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{c5988439-20e1-5c63-79a5-a3161088d33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32993b6-f5bf-3925-d0b6-b1b23c74917b}.dll" DllStart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ac328e37] rundll32.exe "C:\WINDOWS\system32\eyfscdlv.dll",b
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BMaf01bdab] Rundll32.exe "C:\WINDOWS\system32\xknvvlqt.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game ... .0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9644 bytes

[Shaba]

Hi

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report

[InfiniteD]

Hello Shaba. I believe I have the requested information, although Norton Internet Security sure did its level best to get in the way and shut down ComboFix. I think I got around it, though.

Results of ComboFix log:

ComboFix 08-06-10.1 - Owner 2008-06-10 20:10:09.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\vtmp2
C:\Temp\vtmp2\ktnv33.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\IA
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cMmTCcdd.ini
C:\WINDOWS\system32\cMmTCcdd.ini2
C:\WINDOWS\system32\eufbaptk.dll
C:\WINDOWS\system32\eyfscdlv.dll
C:\WINDOWS\system32\gaxtsbhy.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\iiOWxyxx.ini
C:\WINDOWS\system32\iiOWxyxx.ini2
C:\WINDOWS\system32\lkfcegya.dll
C:\WINDOWS\system32\lwsxswkb.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nnalfuxq.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qxuflann.ini
C:\WINDOWS\system32\QYFiPqru.ini
C:\WINDOWS\system32\QYFiPqru.ini2
C:\WINDOWS\system32\vjycujlp.ini
C:\WINDOWS\system32\vldcsfye.ini
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xknvvlqt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))
.

2008-06-08 01:16 . 2008-06-08 01:16 <DIR> d-------- C:\VundoFix Backups
2008-06-07 15:01 . 2008-06-07 15:02 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-06 23:29 . 2008-06-06 23:29 <DIR> d-------- C:\Program Files\SymNetDrv
2008-06-05 09:23 . 2008-06-05 13:18 436 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:43 . 2008-06-07 10:56 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-06-04 22:16 . 2008-06-04 22:16 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-04 22:05 . 2008-06-04 22:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 22:05 . 2008-06-04 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 21:40 . 2008-06-06 22:56 654 ---hs---- C:\WINDOWS\system32\mpcvyxvi.ini
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-05-30 12:20 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-30 12:20 . 2004-08-04 03:00 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2008-05-30 12:20 . 2004-08-04 03:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2008-05-30 12:20 . 2004-08-04 03:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-05-30 12:20 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-30 12:20 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-30 12:18 . 2001-08-17 13:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2008-05-30 12:17 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-30 12:16 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-30 12:15 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-30 12:15 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-30 12:15 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2008-05-30 12:15 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2008-05-30 12:15 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-30 12:15 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-30 12:15 . 2001-08-17 12:51 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2008-05-30 12:15 . 2004-08-03 23:07 44,672 --a--c--- C:\WINDOWS\system32\dllcache\uagp35.sys
2008-05-30 12:15 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2008-05-30 12:15 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2008-05-30 12:15 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-30 12:13 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-30 12:13 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-05-30 12:13 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-30 12:13 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-30 12:13 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-30 12:13 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-05-30 12:13 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-30 12:13 . 2001-08-17 14:02 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-05-30 12:12 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-30 12:12 . 2001-08-17 22:36 155,648 --a--c--- C:\WINDOWS\system32\dllcache\stlnprop.dll
2008-05-30 12:12 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-30 12:12 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-05-30 12:12 . 2001-08-17 22:36 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2008-05-30 12:12 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-30 12:12 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-05-30 12:12 . 2001-08-17 13:51 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2008-05-30 12:12 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-30 12:12 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-05-30 12:10 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-30 12:09 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-30 12:08 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-30 12:08 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-30 12:08 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-30 12:08 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-30 12:08 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-30 12:08 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-30 12:08 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-30 12:08 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-30 12:08 . 2004-08-04 00:56 3,901 --a--c--- C:\WINDOWS\system32\dllcache\siint5.dll
2008-05-30 12:06 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-30 12:05 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-30 12:05 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-30 12:05 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-05-30 12:05 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-30 12:05 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-05-30 12:05 . 2004-08-03 23:04 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-05-30 12:05 . 2004-08-04 03:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
2008-05-30 12:05 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-05-30 12:05 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2008-05-30 12:05 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-05-30 12:05 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2008-05-30 12:03 . 2004-08-04 03:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-30 12:02 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-30 12:01 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-30 12:00 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-30 12:00 . 2004-08-03 22:41 180,360 --a--c--- C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-05-30 12:00 . 2001-08-17 22:36 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll
2008-05-30 12:00 . 2001-08-17 12:20 54,528 --a--c--- C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-05-30 12:00 . 2001-08-17 12:49 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys
2008-05-30 12:00 . 2004-08-03 23:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-30 12:00 . 2001-08-17 13:47 9,344 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys
2008-05-30 12:00 . 2001-08-17 13:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys
2008-05-30 11:58 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-30 11:57 . 2004-08-04 03:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-30 11:57 . 2004-08-04 03:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-05-30 11:57 . 2004-08-03 23:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-30 11:57 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-30 11:57 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-05-30 11:57 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-30 11:57 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-05-30 11:56 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-30 11:56 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-30 11:56 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-05-30 11:56 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-05-30 11:56 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-30 11:56 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-30 11:56 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-05-30 11:56 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-05-30 11:54 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-30 11:53 . 2004-08-04 03:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-05-30 11:53 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-30 11:53 . 2004-08-04 03:00 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2008-05-30 11:53 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-30 11:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-30 11:53 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2008-05-30 11:53 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-05-30 11:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-05-30 11:51 . 2004-08-04 03:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-05-30 11:50 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-30 11:49 . 2004-08-04 03:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-30 11:48 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-05-30 11:47 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-30 11:46 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-05-30 11:46 . 2001-08-17 12:15 455,296 --a--c--- C:\WINDOWS\system32\dllcache\fusbbase.sys
2008-05-30 11:46 . 2001-08-17 12:14 444,416 --a--c--- C:\WINDOWS\system32\dllcache\fpcibase.sys
2008-05-30 11:46 . 2001-08-17 12:15 442,240 --a--c--- C:\WINDOWS\system32\dllcache\fpnpbase.sys
2008-05-30 11:46 . 2001-08-17 12:14 441,728 --a--c--- C:\WINDOWS\system32\dllcache\fpcmbase.sys
2008-05-30 11:46 . 2001-08-17 22:36 92,160 --a--c--- C:\WINDOWS\system32\dllcache\fuusd.dll
2008-05-30 11:46 . 2001-08-17 22:36 71,680 --a--c--- C:\WINDOWS\system32\dllcache\fnfilter.dll
2008-05-30 11:46 . 2004-08-03 22:31 34,173 --a--c--- C:\WINDOWS\system32\dllcache\forehe.sys
2008-05-30 11:46 . 2001-08-17 12:13 27,165 --a--c--- C:\WINDOWS\system32\dllcache\fetnd5.sys
2008-05-30 11:46 . 2001-08-17 12:10 22,090 --a--c--- C:\WINDOWS\system32\dllcache\fem556n5.sys
2008-05-30 11:44 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 03:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-07 17:53 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-07 06:29 --------- d-----w C:\Program Files\Symantec
2008-06-05 05:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 04:36 --------- d-----w C:\Program Files\SurfingSoftware
2008-05-29 06:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-29 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 20:05 --------- d-----w C:\Program Files\McAfee
2008-05-28 17:08 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-14 10:32 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39fe8963-c899-4aa1-b308-0b905a214ff8}]
C:\WINDOWS\system32\uwfwevyg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64340626-49E8-4256-AEBB-69DF59793009}]
C:\WINDOWS\system32\ddcCTmMc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcNotifier"="C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 12:06 176128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47 688218]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe" [2004-11-03 14:03 125528]
"gcNotifier"="C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 12:06 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"{c5988439-20e1-5c63-79a5-a3161088d33b}"="C:\WINDOWS\system32\{d32993b6-f5bf-3925-d0b6-b1b23c74917b}.dll" [ ]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-06-06 23:29 100056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 22:05 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1202623328\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18]
S1 wmilibb;wmilibb;C:\WINDOWS\system32\drivers\wmilibb.sys []
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Owner\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d5ad7f1-d799-11dc-ab1a-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2004-02-27 08:20:38 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 20:40:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\explorer.exe [144] 0xFD5A44E8

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2008-06-10 21:24:41 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-11 04:24:18

Pre-Run: 27,979,804,672 bytes free
Post-Run: 27,921,031,168 bytes free

290 --- E O F --- 2008-06-05 20:35:31


*** Results of latest HJT log: ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:15 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLHOS~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {8ff412a5-09b0-803b-1aa4-998c3698ef93} - {39fe8963-c899-4aa1-b308-0b905a214ff8} - C:\WINDOWS\system32\uwfwevyg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64340626-49E8-4256-AEBB-69DF59793009} - C:\WINDOWS\system32\ddcCTmMc.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [{c5988439-20e1-5c63-79a5-a3161088d33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32993b6-f5bf-3925-d0b6-b1b23c74917b}.dll" DllStart
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game ... .0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9452 bytes


Thank you for your assistance!

[Shaba]

Hi

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all

File::
C:\WINDOWS\system32\mpcvyxvi.ini

Driver::
wmilibb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39fe8963-c899-4aa1-b308-0b905a214ff8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64340626-49E8-4256-AEBB-69DF59793009}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{c5988439-20e1-5c63-79a5-a3161088d33b}"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

[InfiniteD]

Hello. I will do that and post back the results as requested. Meanwhile, what do you think about this line?

O4 - HKLM\..\Run: [{c5988439-20e1-5c63-79a5-a3161088d33b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{d32993b6-f5bf-3925-d0b6-b1b23c74917b}.dll" DllStart

There is an error message each time Windows starts that says the dll with the line of code in the second set of brackets could not be found, etc. I thought about removing it because I thought it could be related to the infection, but, erred on the side of caution and would like to ask a pro first.

I will post the results back later. Thanks.

Infinite

[Shaba]

Hi

That entry should go away after that CFScript

[InfiniteD]

Hello. Indeed the aforementioned dll error has indeed disappeared. Here are the new results:

ComboFix:

ComboFix 08-06-10.1 - Owner 2008-06-11 21:56:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.147 [GMT -7:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\mpcvyxvi.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mpcvyxvi.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WMILIBB
-------\Service_wmilibb


((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-10 21:38 . 2008-06-10 21:40 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 21:28 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-10 21:28 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-10 21:28 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-10 21:28 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-10 21:28 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-10 21:28 . 2008-04-14 04:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 21:28 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-10 21:28 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-10 21:28 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-10 21:28 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-08 01:16 . 2008-06-08 01:16 <DIR> d-------- C:\VundoFix Backups
2008-06-07 15:01 . 2008-06-07 15:02 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-06 23:29 . 2008-06-06 23:29 <DIR> d-------- C:\Program Files\SymNetDrv
2008-06-05 09:23 . 2008-06-05 13:18 436 --a------ C:\WINDOWS\wininit.ini
2008-06-04 22:43 . 2008-06-07 10:56 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-06-04 22:16 . 2008-06-04 22:16 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-06-04 22:05 . 2008-06-04 22:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-04 22:05 . 2008-06-04 22:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime
2008-05-30 12:20 . 2004-08-04 03:00 156,672 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime
2008-05-30 12:20 . 2004-08-03 22:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-05-30 12:20 . 2004-08-04 03:00 79,360 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime
2008-05-30 12:20 . 2004-08-04 03:00 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime
2008-05-30 12:20 . 2004-08-04 03:00 65,536 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime
2008-05-30 12:20 . 2001-08-17 12:12 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-05-30 12:20 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-05-30 12:18 . 2001-08-17 13:28 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2008-05-30 12:17 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-05-30 12:16 . 2001-08-17 22:36 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2008-05-30 12:15 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-05-30 12:15 . 2001-08-17 14:56 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2008-05-30 12:15 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2008-05-30 12:15 . 2001-08-17 12:51 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2008-05-30 12:15 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-05-30 12:15 . 2001-08-17 12:51 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2008-05-30 12:15 . 2001-08-17 12:51 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2008-05-30 12:15 . 2004-08-03 23:07 44,672 --a--c--- C:\WINDOWS\system32\dllcache\uagp35.sys
2008-05-30 12:15 . 2001-08-17 22:35 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2008-05-30 12:15 . 2001-08-17 12:12 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2008-05-30 12:15 . 2001-08-17 13:48 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2008-05-30 12:13 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-05-30 12:13 . 2001-08-17 13:50 103,936 --a--c--- C:\WINDOWS\system32\dllcache\sx.sys
2008-05-30 12:13 . 2001-08-17 22:36 94,293 --a--c--- C:\WINDOWS\system32\dllcache\sxports.dll
2008-05-30 12:13 . 2001-08-17 12:50 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-05-30 12:13 . 2001-08-17 13:49 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2008-05-30 12:13 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpidflt.dll
2008-05-30 12:13 . 2001-08-17 13:52 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2008-05-30 12:13 . 2001-08-17 14:02 3,968 --a--c--- C:\WINDOWS\system32\dllcache\swusbflt.sys
2008-05-30 12:12 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-05-30 12:12 . 2001-08-17 22:36 155,648 --a--c--- C:\WINDOWS\system32\dllcache\stlnprop.dll
2008-05-30 12:12 . 2001-08-17 22:36 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2008-05-30 12:12 . 2001-08-17 22:36 53,760 --a--c--- C:\WINDOWS\system32\dllcache\sw_wheel.dll
2008-05-30 12:12 . 2001-08-17 22:36 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2008-05-30 12:12 . 2001-08-17 12:11 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-05-30 12:12 . 2001-08-17 22:36 41,472 --a--c--- C:\WINDOWS\system32\dllcache\sw_effct.dll
2008-05-30 12:12 . 2001-08-17 13:51 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2008-05-30 12:12 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys
2008-05-30 12:12 . 2001-08-17 22:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\swpdflt2.dll
2008-05-30 12:10 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-05-30 12:09 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-05-30 12:08 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-05-30 12:08 . 2001-07-21 14:29 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-05-30 12:08 . 2001-08-17 12:50 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2008-05-30 12:08 . 2001-08-17 12:51 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-05-30 12:08 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2008-05-30 12:08 . 2001-07-21 14:29 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2008-05-30 12:08 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2008-05-30 12:08 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2008-05-30 12:08 . 2004-08-04 00:56 3,901 --a--c--- C:\WINDOWS\system32\dllcache\siint5.dll
2008-05-30 12:06 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-05-30 12:05 . 2001-08-17 22:36 86,097 --a--c--- C:\WINDOWS\system32\dllcache\reslog32.dll
2008-05-30 12:05 . 2004-08-03 22:59 79,104 --a--c--- C:\WINDOWS\system32\dllcache\rocket.sys
2008-05-30 12:05 . 2004-08-03 23:10 59,648 --a--c--- C:\WINDOWS\system32\dllcache\rfcomm.sys
2008-05-30 12:05 . 2001-08-17 12:12 37,563 --a--c--- C:\WINDOWS\system32\dllcache\rlnet5.sys
2008-05-30 12:05 . 2001-08-17 12:19 30,720 --a--c--- C:\WINDOWS\system32\dllcache\rthwcls.sys
2008-05-30 12:05 . 2004-08-03 23:04 30,080 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-05-30 12:05 . 2004-08-04 03:00 26,112 --a--c--- C:\WINDOWS\system32\dllcache\romanime.ime
2008-05-30 12:05 . 2001-08-17 12:12 19,017 --a--c--- C:\WINDOWS\system32\dllcache\rtl8029.sys
2008-05-30 12:05 . 2004-08-03 22:41 13,776 --a--c--- C:\WINDOWS\system32\dllcache\recagent.sys
2008-05-30 12:05 . 2001-08-17 22:36 9,216 --a--c--- C:\WINDOWS\system32\dllcache\rsmgrstr.dll
2008-05-30 12:05 . 2001-08-17 12:19 3,840 --a--c--- C:\WINDOWS\system32\dllcache\rpfun.sys
2008-05-30 12:03 . 2004-08-04 03:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-05-30 12:02 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-05-30 12:01 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-05-30 12:00 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-05-30 12:00 . 2004-08-03 22:41 180,360 --a--c--- C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-05-30 12:00 . 2001-08-17 22:36 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll
2008-05-30 12:00 . 2001-08-17 12:20 54,528 --a--c--- C:\WINDOWS\system32\dllcache\opl3sax.sys
2008-05-30 12:00 . 2001-08-17 12:49 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys
2008-05-30 12:00 . 2004-08-03 23:00 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys
2008-05-30 12:00 . 2001-08-17 13:47 9,344 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys
2008-05-30 12:00 . 2001-08-17 13:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys
2008-05-30 11:58 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-05-30 11:57 . 2004-08-04 03:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-05-30 11:57 . 2004-08-04 03:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-05-30 11:57 . 2004-08-03 23:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-05-30 11:57 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-05-30 11:57 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-05-30 11:57 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-05-30 11:57 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-05-30 11:56 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-05-30 11:56 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-05-30 11:56 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-05-30 11:56 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-05-30 11:56 . 2004-08-03 23:10 15,360 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-05-30 11:56 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-30 11:56 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-05-30 11:56 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-05-30 11:54 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-05-30 11:53 . 2004-08-04 03:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-05-30 11:53 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-05-30 11:53 . 2004-08-04 03:00 70,656 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.dll
2008-05-30 11:53 . 2004-08-04 00:56 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-05-30 11:53 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-05-30 11:53 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2008-05-30 11:53 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-05-30 11:53 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-05-30 11:51 . 2004-08-04 03:00 811,064 --a--c--- C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-05-30 11:50 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-05-30 11:49 . 2004-08-04 03:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-30 11:48 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-05-30 11:47 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-05-30 11:46 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 04:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-12 04:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-07 06:29 --------- d-----w C:\Program Files\Symantec
2008-06-05 05:25 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 04:36 --------- d-----w C:\Program Files\SurfingSoftware
2008-05-29 06:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-05-29 06:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 20:05 --------- d-----w C:\Program Files\McAfee
2008-05-28 17:08 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-14 10:32 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_20.56.37.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-11 03:39:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-12 05:03:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-14 01:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-14 01:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-14 01:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-14 01:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-14 01:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll
+ 2007-08-14 01:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-14 01:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-14 01:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-14 00:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-02-12 23:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dat
+ 2007-07-11 19:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll
+ 2007-08-14 01:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-14 01:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll
+ 2007-08-14 01:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-14 01:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll
+ 2007-08-14 01:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-14 01:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-14 01:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-14 01:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll
+ 2007-08-14 01:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll
+ 2007-08-14 01:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-14 01:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-14 01:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-14 01:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-14 01:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-14 01:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll
+ 2007-08-14 01:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-14 01:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-14 01:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-14 01:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2007-08-14 01:39:00 123,904 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-08-14 01:39:00 123,904 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2004-08-04 06:10:38 274,304 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c--a-w C:\WINDOWS\system32\dllcache\bthport.sys
- 2004-08-04 19:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 19:00:00 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 -c--a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
- 2007-08-14 01:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-08-14 01:54:10 131,584 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2008-02-20 06:51:05 282,624 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2007-08-14 01:39:06 54,784 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-08-14 01:39:54 229,376 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-08-14 00:56:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-08-14 01:39:50 382,976 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-08-14 01:39:10 43,008 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-08-14 01:43:56 622,080 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-14 01:54:10 27,136 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 19:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
+ 2008-02-26 11:59:50 294,912 -c--a-w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-04 19:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 19:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2007-08-14 01:54:12 3,578,368 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-08-14 01:54:10 475,648 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 19:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 19:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 19:00:00 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54 151,583 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2004-08-04 19:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 19:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 19:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 19:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2007-08-14 01:44:26 192,000 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 19:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 19:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 19:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 19:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2007-08-14 01:54:10 670,720 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 19:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 19:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 19:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2007-08-14 01:44:06 101,376 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-08-14 01:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2007-08-14 01:44:30 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2007-08-14 01:54:10 1,162,240 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-08-14 01:54:10 765,952 -c--a-w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2007-08-14 01:54:10 231,424 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2007-08-14 01:54:10 818,688 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 19:00:00 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
+ 2008-02-20 05:32:43 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
- 2007-08-14 01:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-14 01:35:38 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-14 01:54:10 131,584 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-05-28 20:05:14 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-12 04:41:36 151,584 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2008-02-20 06:51:05 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2007-08-14 01:36:26 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-08-14 01:39:06 54,784 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-08-14 01:39:26 152,064 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-08-14 01:39:54 229,376 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-08-14 00:56:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-02-12 23:10:12 2,451,312 ------w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
- 2007-07-11 19:27:48 383,488 ------w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-08-14 01:39:50 382,976 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-08-14 01:54:10 6,049,280 ------w C:\WINDOWS\system32\ieframe.dll
+ 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 01:39:10 43,008 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-08-14 01:34:04 266,752 ------w C:\WINDOWS\system32\iertutil.dll
+ 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-08-14 01:39:10 13,312 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-14 01:54:10 27,136 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-02-04 23:09:48 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 19:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 11:59:50 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
- 2004-08-04 19:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 19:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2007-08-14 01:54:10 458,752 ------w C:\WINDOWS\system32\msfeeds.dll
+ 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 01:54:10 50,688 ------w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-08-14 01:54:12 3,578,368 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 05:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-14 01:54:10 475,648 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 19:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 19:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 19:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 19:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 19:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2007-08-14 01:44:26 192,000 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 19:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 19:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 19:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 19:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2007-08-14 01:54:10 670,720 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 19:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 19:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 19:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-08-14 01:44:06 101,376 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-08-14 01:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-09-07 00:43:16 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2007-08-14 01:44:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-14 01:54:10 1,162,240 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-08-14 01:54:10 231,424 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcNotifier"="C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 12:06 176128]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32 58984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47 688218]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"HostManager"="C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe" [2004-11-03 14:03 125528]
"gcNotifier"="C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-01-25 12:06 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-06-06 23:29 100056]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-14 22:05 344064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1202623328\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18]
S3 AMDMSRIO;AMDMSRIO;C:\DOCUME~1\Owner\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d5ad7f1-d799-11dc-ab1a-806d6172696f}]
\Shell\AutoRun\command - D:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2004-02-27 08:20:38 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 22:05:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2008-06-11 22:21:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 05:20:58
ComboFix2.txt 2008-06-11 04:24:42

Pre-Run: 27,564,584,960 bytes free
Post-Run: 27,553,521,664 bytes free

500 --- E O F --- 2008-06-11 04:42:35

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:02 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game ... .0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8935 bytes

Thanks!

[Shaba]

Hi

Nice to hear

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
  
• Once the scanner is installed and the definitions downloaded, click Next.
  
• Now click on Scan Settings
  
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
  
• Click OK
  
• Now under select a target to scan select My Computer
  
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  
• Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
  
• Click the Save Report As... button (see red arrow below)
  
  
• In the Save as... prompt, select Desktop
  
• In the File name box, name the file KasScan-ddmmyy (or similar)
  
• In the Save as type prompt, select Text file (see below)
  
  
• Now click on the Save as Text button
  
• Savethe file to your desktop.
  
• Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only! Keep ALL other programs closed during the scan

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

[InfiniteD]

Ok here we are.

KasperSky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 00:56:48
Records in database: 857859
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 118653
Threat name: 16
Infected objects: 28
Suspicious objects: 0
Duration of the scan: 03:32:21


File name / Threat name / Threats count
C:\My Backup -- 08-02-09 1010PM\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BC77XCJD\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au 1
C:\My Backup -- 08-02-09 1010PM\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IXSQ67OW\allsecuritypage[1].htm Infected: not-virus:Hoax.HTML.Secureinvites.a 1
C:\My Backup -- 08-02-09 1010PM\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\My Backup -- 08-02-09 1010PM\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch 1
C:\My Backup -- 08-02-09 1010PM\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\My Backup -- 08-02-09 1010PM\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh 1
C:\Program Files\iWin.com\Jewel Quest II\GLWorker.exe Infected: Trojan-Spy.Win32.SCKeyLog.co 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17201322.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1D2B0553 Infected: Trojan.Win32.LowZones.gb 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21471FF5.dll Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\21B6337B.exe Infected: Trojan-Downloader.Win32.Agent.dwq 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32B752C5.tmp Infected: Trojan-Downloader.Win32.VB.bsa 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\32D876A1.exe Infected: Trojan-Downloader.Win32.VB.bsa 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3CA46BD9.exe Infected: Trojan-Downloader.Win32.VB.epp 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\43CF17F5.dll Infected: not-a-virus:AdWare.Win32.Comet.bl 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4791661D.exe Infected: Trojan.Win32.LowZones.gb 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4EDB765D Infected: Trojan.Win32.LowZones.gb 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6E5071C2.exe Infected: Trojan.Win32.LowZones.gb 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\72D24F15.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\795A47E5.exe Infected: Trojan.Win32.Obfuscated.aqn 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79DC2B9B Infected: Trojan.Win32.LowZones.gb 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\79E9538D Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eufbaptk.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\eyfscdlv.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gaxtsbhy.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lkfcegya.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nnalfuxq.dll.vir Infected: Trojan.Win32.Mondera.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xknvvlqt.dll.vir Infected: Trojan.Win32.Mondera.gen 1

The selected area was scanned.

Fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:04 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLHOS~1.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\COMMON~1\AOL\120262~1\EE\AOLServiceHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1202623328\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [gcNotifier] C:\Documents and Settings\Owner\Local Settings\Application Data\VTShared\GCNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://download.playfirst.com/play/game ... .0.0.6.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9087 bytes

[Shaba]

Hi

Do you recognize this?

C:\Program Files\iWin.com\Jewel Quest II\GLWorker.exe

[InfiniteD]

Hello Shaba. I do not recognize that entry as being anything useful. Thank you.

Infinite

[Shaba]

Hi

Thanks for the info

Empty these folders:

C:\My Backup -- 08-02-09 1010PM
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\
C:\QooBox\Quarantine\

Delete this:

C:\Program Files\iWin.com\

Empty Recycle Bin.

Still problems?

[InfiniteD]

Am I to run another online scan then after emptying those folders? Thanks.