Member Panel

Dover Shark · 12:43 AM

Could one of you kind souls have a look at this log file please.
Prework has been done.
Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:27, on 28/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1173454572\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = UltimateCleaner 2007
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Miniphone] C:\WINDOWS\glophone.exe /w
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [alyfkhex] C:\WINDOWS\alyfkhex.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173454572\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\PETERE~1\LOCALS~1\Temp\msprint.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSYYYYYY54GB
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?eb3c545725534aa2a849dd62d4a68970
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?eb3c545725534aa2a849dd62d4a68970
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Voiceglo directory - {C9B8ABB6-1CC3-4957-9CA3-053036B2EE3A} - C:\Documents and Settings\All Users\Desktop\Glophone.lnk (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/...gameloader.cab
O16 - DPF: {01234567-1234-1234-1234-012345678921} - http://images.neopets.com/glophone/neopets4.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - iqtop100.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B735B98-8010-11D5-AD0B-00500463D885} (SearchCD Control) - http://www.partsarena.com/baxi/Plugins/IMIESRCHie7.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {36C17E9B-3354-11D1-95CF-0000B4530F04} (GrafixViewControl) - http://www.partsarena.com/baxi/Plugins/GFXVIEW.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aolsvc.aol.co.uk/comput...up/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aolsvc.co.uk/molb...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1...datePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120310797229
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aolsvc.co.uk/molb...21/mcgdmgr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunterra.com/europe/downloads/svideo3.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/d82c8d/games...ploader_v6.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by108fd.bay108.hotmail.msn.co...x/HMAtchmt.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: hgGyaaYs - hgGyaaYs.dll (file missing)
O21 - SSODL: wdpoefan - {1412A2D9-5276-4F4D-9D0E-BD033A89CFD4} - C:\WINDOWS\wdpoefan.dll (file missing)
O21 - SSODL: vadokmxt - {B4087D44-D342-4147-BF85-374DB8ED0150} - C:\WINDOWS\vadokmxt.dll (file missing)
O22 - SharedTaskScheduler: (no name) - {15538B3E-BBBF-4e1f-BE6B-496406297C11} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - Unknown owner - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 17268 bytes

Pancake

Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

Dover Shark

Thanks Pancake, I'll get back to you with the results soon.

Dover Shark

Sorry for the delay, my friend has been working nights. Here are the requested log files.

ComboFix 08-05-01.3 - Peter Eriksson 2008-05-04 13:54:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\Peter Eriksson\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\com\pcsd.dll
C:\WINDOWS\base64.tmp
C:\WINDOWS\SYSTEM32\Gghkknpo.ini
C:\WINDOWS\SYSTEM32\Gghkknpo.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-05-01 11:53 . 2008-05-01 11:53 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-27 15:19 . 2008-04-27 15:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 22:16 . 2008-04-25 22:16 <DIR> d-------- C:\Program Files\Malware Removal Tool
2008-04-25 20:43 . 2008-04-25 20:44 <DIR> d-------- C:\Documents and Settings\Peter Eriksson\Application Data\SpywareBot
2008-04-25 18:23 . 2008-04-25 18:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-25 18:23 . 2008-05-04 14:01 11,907 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-04-25 18:22 . 2008-04-25 20:30 <DIR> d-------- C:\Documents and Settings\Peter Eriksson\Application Data\SiteAdvisor
2008-04-25 18:21 . 2006-03-03 08:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2008-04-25 18:18 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-04-25 18:18 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-04-25 18:18 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-04-25 18:18 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-04-25 18:18 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-04-25 18:17 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-04-24 17:17 . 2008-04-26 13:26 <DIR> d-------- C:\Documents and Settings\Peter Eriksson\Application Data\TmpRecentIcons
2008-04-24 16:24 . 2008-04-27 15:13 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-04-24 16:24 . 2008-04-24 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-24 16:17 . 2008-05-04 13:09 <DIR> d-------- C:\Program Files\McAfee
2008-04-24 16:16 . 2008-04-25 18:18 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-04-24 16:06 . 2008-04-24 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-24 15:36 . 2008-04-27 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\mhotcrqd
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-01 17:22 --------- d-----w C:\Program Files\FinePixViewer
2008-04-27 14:58 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-27 14:58 --------- d-----w C:\Documents and Settings\Peter Eriksson\Application Data\SUPERAntiSpyware.com
2008-04-25 19:26 --------- d-----w C:\Program Files\minicliptoolbar toolbar
2008-04-25 17:25 --------- d-----w C:\Program Files\McAfee.com
2008-04-25 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-30 14:12 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-03-06 17:51 --------- d-----w C:\Program Files\RegCleaner
2008-03-06 17:08 --------- d-----w C:\Documents and Settings\Peter Eriksson\Application Data\Uniblue
2008-03-06 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2008-03-06 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-06 14:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-05 18:30 --------- d-----w C:\Documents and Settings\Peter Eriksson\Application Data\Business Logic
2008-03-05 15:44 --------- d-----w C:\Documents and Settings\Peter Eriksson\Application Data\Prevx
2008-03-01 17:36 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\SYSTEM32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
.
((((((((((((((((((((((((((((( snapshot@2008-03-06_18.12.55.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-10-31 14:07:37 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\0e1r5rj9.dat
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\c3dr7dv9.dat
+ 2004-10-31 14:07:35 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3jhjrjr.dat
+ 2002-08-29 04:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 00:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-10-06 21:36:21 2,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\ffbj3tv7.dat
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\lj3777d7.dat
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\$NtServicePackUninstall$\u4xv7d31.dat
+ 2008-05-04 13:00:35 2,048 ----a-w C:\WINDOWS\BOOTSTAT.DAT
- 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 08:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-04-29 04:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-01 10:53:52 4,395,008 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-05-01 10:53:52 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-29 04:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-01 10:53:37 4,395,008 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-05-01 10:53:38 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2000-08-31 07:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-08 05:21:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-03-21 14:07:22 2,494 ----a-r C:\WINDOWS\Installer\{69640730-B830-4C24-BB5C-222DA1260548}\ARPPRODUCTICON.exe
- 2008-03-05 13:44:30 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-04-09 13:56:43 12,288 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-03-05 13:44:30 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-09 13:56:43 135,168 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-03-05 13:44:30 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-09 13:56:43 11,264 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-03-05 13:44:30 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-04-09 13:56:43 27,136 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-03-05 13:44:30 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-04-09 13:56:43 4,096 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-03-05 13:44:30 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-09 13:56:44 794,624 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-03-05 13:44:30 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-04-09 13:56:44 23,040 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-03-05 13:44:30 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-09 13:56:43 286,720 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-03-05 13:44:30 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-09 13:56:43 409,600 ----a-r C:\WINDOWS\Installer\{91130409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-27 14:58:56 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-04-27 14:58:56 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-10-31 14:07:37 2,678 -c----w C:\WINDOWS\Java\Packages\Data\0E1R5RJ9.DAT
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\Java\Packages\Data\C3DR7DV9.DAT
+ 2004-10-31 14:07:35 2,678 -c----w C:\WINDOWS\Java\Packages\Data\D3JHJRJR.DAT
+ 2004-10-06 21:36:21 2,232 -c----w C:\WINDOWS\Java\Packages\Data\FFBJ3TV7.DAT
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\Java\Packages\Data\LJ3777D7.DAT
+ 2004-10-31 14:07:34 2,678 -c----w C:\WINDOWS\Java\Packages\Data\U4XV7D31.DAT
- 2000-08-31 08:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 28,160 -c--a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2002-08-29 04:00:00 2,000 -c----w C:\WINDOWS\SYSTEM\KEYBOARD.DRV
+ 2002-08-29 04:00:00 2,032 -c----w C:\WINDOWS\SYSTEM\MOUSE.DRV
+ 2002-08-29 04:00:00 1,744 -c----w C:\WINDOWS\SYSTEM\SOUND.DRV
+ 2002-08-29 04:00:00 2,176 -c----w C:\WINDOWS\SYSTEM\VGA.DRV
- 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2003-03-26 21:06:26 2,560 -c--a-w C:\WINDOWS\SYSTEM32\CoachTW.dll
- 2004-11-25 21:18:43 16,384 -c----w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\I NDEX.DAT
+ 2008-05-04 12:09:48 32,768 -c--a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\I NDEX.DAT
- 2004-11-25 21:18:43 32,768 -c----w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2008-05-04 12:09:48 32,768 -c----w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\SYSTEM32\dcache.bin
+ 2004-03-15 00:04:00 2,233 ----a-w C:\WINDOWS\SYSTEM32\dla\tfsndres.sys
- 2007-12-07 02:21:45 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2008-03-01 13:06:20 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2002-08-29 04:00:00 19,456 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\agt0409.dll
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
- 2007-12-07 02:21:45 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2008-03-01 13:06:21 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2007-12-07 02:21:45 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
- 2007-12-07 02:21:46 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2002-08-29 04:00:00 2,000 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\keyboard.drv
+ 2002-08-29 04:00:00 2,032 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mouse.drv
- 2007-12-07 02:21:47 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
- 2007-12-07 02:21:48 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2002-08-29 04:00:00 1,744 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\sound.drv
- 2007-12-07 02:21:48 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
+ 2008-03-01 13:06:29 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2002-08-29 04:00:00 2,176 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vga.drv
- 2007-12-07 02:21:48 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2002-08-29 04:00:00 2,112 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\winspool.exe
+ 2002-08-29 04:00:00 2,736 -c--a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wowdeb.exe
- 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\SYSTEM32\dnsapi.dll
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
+ 2002-08-29 04:00:00 2,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS
- 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
- 2007-04-05 12:09:38 169,896 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
+ 2008-04-10 09:54:23 169,896 ----a-w C:\WINDOWS\SYSTEM32\FNTCACHE.DAT
- 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
- 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
- 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
- 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2004-09-29 15:10:42 254,680 ----a-w C:\WINDOWS\SYSTEM32\imgfxtif.dll
- 2007-09-24 22:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
- 2007-09-24 22:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
- 2007-09-24 23:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
- 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2002-08-29 04:00:00 2,000 -c--a-w C:\WINDOWS\SYSTEM32\KEYBOARD.DRV
+ 2002-08-29 04:00:00 2,560 ----a-w C:\WINDOWS\SYSTEM32\LZ32.DLL
+ 2002-08-29 04:00:00 2,032 -c--a-w C:\WINDOWS\SYSTEM32\MOUSE.DRV
- 2008-02-04 15:09:48 18,214,008 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
- 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
- 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
- 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2008-03-01 17:36:30 3,591,680 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
- 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2008-03-01 13:06:29 102,912 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2008-03-02 19:10:50 41,508 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2008-03-30 13:55:15 41,624 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2008-03-02 19:10:50 315,850 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2008-03-30 13:55:15 316,158 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
- 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
- 2008-03-03 10:48:40 1,751,300 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2008-04-30 10:13:58 321,424 -c--a-w C:\WINDOWS\SYSTEM32\Restore\rstrlog.dat
+ 2002-08-29 04:00:00 1,744 -c--a-w C:\WINDOWS\SYSTEM32\SOUND.DRV
- 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 1994-11-17 23:00:00 1,984 -c--a-w C:\WINDOWS\SYSTEM32\VBAJET.DLL
+ 2002-08-29 04:00:00 2,176 -c--a-w C:\WINDOWS\SYSTEM32\VGA.DRV
- 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
- 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2008-03-01 13:06:31 826,368 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2002-08-29 04:00:00 2,864 ----a-w C:\WINDOWS\SYSTEM32\WINSOCK.DLL
+ 2002-08-29 04:00:00 2,112 -c--a-w C:\WINDOWS\SYSTEM32\WINSPOOL.EXE
+ 2002-08-29 04:00:00 2,736 -c--a-w C:\WINDOWS\SYSTEM32\WOWDEB.EXE
+ 2003-03-26 21:06:26 2,560 -c----w C:\WINDOWS\TWAIN_32\CoachTW\CoachTW.dll
+ 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51 57344]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18 443968]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-10-01 21:03 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-30 20:21 155648]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50 40960]
"Miniphone"="C:\WINDOWS\glophone.exe" [ ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45 278528]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-03-29 20:12 290816]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"alyfkhex"="C:\WINDOWS\alyfkhex.exe" [ ]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-11 03:23 1838592]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"HostManager"="C:\Program Files\Common Files\AOL\1173454572\ee\AOLSoftware.exe" [2006-11-17 14:21 50736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 22:57 36640]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-09 15:59:58 156784]
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-12-01 18:08:39 303104]
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2006-05-17 17:05:52 2297856]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyaaYs]
hgGyaaYs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~ 1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NSVI"= NSVIDEO.DLL
"VIDC.NTN1"= NUVision.ax
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1173454572\\ee\\aolsoftware.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R0 Achernar;Achernar - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Achernar.sys [2004-02-11 15:34]
R1 SSHDRV82;SSHDRV82;C:\WINDOWS\system32\drivers\SSHD RV82.sys [2005-10-31 17:00]
R3 Aldebaran;Aldebaran - SCSI Command Filters;C:\WINDOWS\system32\Drivers\Aldebaran.sys [2004-02-11 15:34]
R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 18:53]
S2 0324531209902974mcinstcleanup;McAfee Application Installer Cleanup (0324531209902974);C:\WINDOWS\TEMP\032453~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 gsplittm;gsplittm;C:\DOCUME~1\GLYNDA~1\LOCALS~1\Te mp\gsplittm.sys [2002-07-19 18:06]
S3 GT890x;Fashion Cam 21 Dual-Mode DSC (Still Camera);C:\WINDOWS\system32\Drivers\GT890x.SYS []
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2 K.sys [2004-09-12 21:11]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV53 2AV.SYS [2003-09-04 11:38]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
*Newly Created Service* - 0324531209902974MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-05-04 13:05:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2004-10-05 16:24:33 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
"2008-04-24 15:19:18 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-04-24 15:19:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-26 12:27:40 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 14:01:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SiteAdvisor\6172\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSK\msksrver.exe
C:\WINDOWS\SYSTEM32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\fxssvc.exe
C:\WINDOWS\SYSTEM32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
************************************************** ************************
.
Completion time: 2008-05-04 14:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 13:06:06
ComboFix2.txt 2008-03-06 18:13:28
Pre-Run: 111,898,513,408 bytes free
Post-Run: 111,950,295,040 bytes free
463 --- E O F --- 2008-04-09 13:58:00

SDFix: Version 1.177
Run by Peter Eriksson on 01/05/2008 at 11:58
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\PETERE~1\MYDOCU~1\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value
Rebooting

Checking Files :
Trojan Files Found:
C:\smp.bat - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\Web\def.htm - Deleted

Removing Temp Files
ADS Check :

Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-01 12:10:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*

isabled:R ealPlayer"
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYS TEM32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"="C:\\WINDOWS \\SYSTEM32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\SYSTEM32\\rundll32.exe"="C:\\WINDOWS \\SYSTEM32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1173454572\\ee\\aolsoftware.exe"="C:\\ Program Files\\Common Files\\AOL\\1173454572\\ee\\aolsoftware.exe:*:Enab led:AOL Services"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :

File Backups: - C:\DOCUME~1\PETERE~1\MYDOCU~1\SDFix\backups\backup s.zip
Files with Hidden Attributes :
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 7 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Wed 22 Dec 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Apr 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Fri 25 Apr 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Mon 3 Mar 2008 1,287 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc642f40 169f98e3642fab98abc47d75\BIT527.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e 70c80a1e476f1abf49afecb1\BIT526.tmp"
Sat 19 Aug 2006 516,096 A.SH. --- "C:\Documents and Settings\All Users\Documents\My Pictures\Alison's wedding\SIVDD7.tmp"
Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:39, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1173454572\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud