I would be grateful for any help offered on the problem described below. I have spent a number of days working to resolve this continuing problem following the advice and solutions that appeared relevant on your forum, and in the process I believe eradicated a number of other problems such as browser hijacking, popups, viruses, trojans, and keystroke loggers. I also managed to resolve my Task Manager being hijacked using a very handy utility from your forum if memory serves me correctly.
The Current Unresolved Problem: The following message in yellow and white text has forced itself onto my desktop, and also turned my desktop background plain skyblue, (which is different from the default XP background)
" Warning: Spyware threat has been detected on your pc
Your computer has several fatal errors due to spyware activity.
It is strongly recommended to install an antispyware software to close all security vulnerabilities
Anttispyware software helps protect your PC against spyware and other security threats.
click here to scan your pc for spyware..."
Incidentally it appears similar to the problem recounted by jsharrison Mar 24 2008, 12:58 PM, on this forum but has not been resolved by my running SDFix, nor Kaspersky (I used a locally installed verion of Kaspersky Anti virus Ver. 7.0.1.325) nor Deckard's System Scanner downloaded and run today.
Actions taken so far.
Read your forum instructions and preposting advice, and done my level best to follow them and action them.
Data fully backed up.
XP recovery console installed.
ATF Cleaner run
cccleaner run
System Restore point created using XP system tools & older ones flushed.
Zone Alarm installed and running
AVG Anti-Spyware for XP installed locally and running, and scan also run in safe mode rebooted to normal mode.
Kaspersky Antivirus installed locally and running
SuperAntispyware Home Edition and complete scan done.
Pandasoftware's Activescan Pro run
Windows Update and all security patches installed for SP2
Latest version of Java installed, old versions uninstalled.
SDFix run.
Reboot tests...quite a lot after all the above.
HijackThis installed
Deckard's System Scanner v20071014.68 (The partial log is shown at the bottom of this post, but is truncated, as whilst I can paste it in full, it does not appear in full once I have pressed 'complete edit' in this post. I tried a number of times without getting the full paste to stick)
Downloaded Combifix and installed it on desktop, and it appears as a red button with an X. Before double clicking it to run, I disabled Kaspersky, ZoneAlarm, and AVG from running. CombiFix ran only for a brief second, putting up a small command style screen for a few seconds. Then did not appear to do much. My PC did not go off or reboot itself. Tried running it from safe mode, and again a brief command screen appeared, and disappeared in about 2 seconds. As nothing appeared to be happening, I restarted in normal mode.
I hope the foregoing helps you help me resolve the issue, and I apologise in advance of any varience in your recommended procedure. I notice that conflicts can occur with different antivirus protections, and I point out that I have AVG, Kaspersky,and ZoneAlarm currently installed and running alongside each other, as well as SuperAntispyware. I guess you might soon be needing me to disable or uninstall at least one or two of these.
Finally I should point ot that the following directories C:XPCD and C:XPSP2 contain XP 'install' files downloaded AFTER the current infection, so as to allow me to create an XP Recovery Console, and as such I do not know if they can yet be deleted, but unfortunately they have added considerably to my malware scanning times since their creation.
Thanks in advance.
So here is the Hijack log (updated using forum edit 08/04/2008 09:56:00)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51:10, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneyam.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {72C7F75B-B10B-4477-A687-EF10300DE5DD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140454521275
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup163.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...203/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: AlrtCD - {c1ffb664-3e69-4682-86b5-d3b58c3a6b35} - C:\WINDOWS\Installer\{c1ffb664-3e69-4682-86b5-d3b58c3a6b35}\AlrtCD.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9514 bytes
********************************************************************************
*********
Hijack Uninstall List
4oD
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AVG Anti-Spyware 7.5
Capture Express
CCleaner (remove only)
Cimaware OfficeFIX 6
C-Media WDM Audio Driver
Download Accelerator Plus (DAP)
E*TRADE Professional V2
FinePixViewer Ver.3.2
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Intel® 536EP Modem
Intel® Extreme Graphics 2 Driver
IObit SmartDefrag Beta4.03
Java 6 Update 5
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Kaspersky Online Scanner
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player
Malwarebytes' Anti-Malware
Marketmaker CFD-FX Client
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nikon Message Center
Panda ActiveScan
Panda ActiveScan 2.0
Panda ActiveScan Pro
PE Builder 3.1.10a
Picture Package
PictureProject
PictureProject In Touch Downloader 1.0
Realtek AC'97 Audio
RegistryCleanFixer2008
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sony USB Driver
SpeedBit Video Accelerator
SUPERAntiSpyware Free Edition
Temperature Converter
TuneUp Utilities 2008
Updata Application Suite
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ZoneAlarm Pro
********************************************************************************
***
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/07/2008 at 00:46 AM
Application Version : 4.0.1154
Core Rules Database Version : 3432
Trace Rules Database Version: 1424
Scan type : Complete Scan
Total Scan Time : 01:06:21
Memory items scanned : 353
Memory threats detected : 1
Registry items scanned : 5228
Registry threats detected : 1
File items scanned : 91099
File threats detected : 21
Trojan.Unclassified/Multi-Dropper (Packed)
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\HOZGHKTE\BOXYZORI.EXE
[tWLWGwTiEi] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\HOZGHKTE\BOXYZORI.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\HOZGHKTE\BOXYZORI.EXE
Adware.Tracking Cookie
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\new_user@atdmt[2].txt
C:\Documents and Settings\New User\Cookies\[email protected][2].txt
C:\Documents and Settings\New User\Cookies\new_user@questionmarket[2].txt
C:\Documents and Settings\New User\Cookies\new_user@doubleclick[2].txt
C:\Documents and Settings\New User\Cookies\[email protected][2].txt
C:\Documents and Settings\New User\Cookies\new_user@mediaplex[1].txt
C:\Documents and Settings\New User\Cookies\new_user@serving-sys[2].txt
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\new_user@adviva[1].txt
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\new_user@tribalfusion[1].txt
C:\Documents and Settings\New User\Cookies\new_user@adtech[1].txt
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\new_user@overture[1].txt
C:\Documents and Settings\New User\Cookies\[email protected][1].txt
C:\Documents and Settings\New User\Cookies\new_user@advertising[1].txt
C:\Documents and Settings\New User\Cookies\new_user@tradedoubler[1].txt
Trojan.Unclassified/Multi-Dropper
C:\SYSTEM VOLUME INFORMATION\_RESTORE{882E65C6-9F8F-4959-8664-44854799AA57}\RP13\A0007047.EXE
********************************************************************************
******************************
AVG Anti-spyware (Strangely no reports available under their 'reports' menu). This does not seem right, although status shows 14 detected malware, with 0 in quarantine, and the message 'Everything OK'
********************************************************************************
******************************************
Panda Activescan Infection report. The last scan took around 4 hours, and involved more than 600K items. I am using the Pro version, and awaiting help with logging back in from panda support.
[Sorry the formating of the Panda text below is not very good or that easy to read....hope that is not a problem for you]
ANALYSIS: 2008-04-07 15:42:47
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\New User\Cookies\new_user@mediaplex[1].txt
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location
VULNERABILITIES
Id Severity Description
182048 HIGH MS07-69 qw
176382 HIGH MS07-057 qw
170906 HIGH MS07-045 qw
170904 HIGH MS07-043 qw
164913 HIGH MS07-033 qw
160623 HIGH MS07-027 qw
150253 HIGH MS07-016
********************************************************************************
*********************************************
SDFix: Version 1.167
Run by New User on 07/04/2008 at 19:37
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\Program Files\akl\akl.dll - Deleted
C:\Program Files\akl\akl.exe - Deleted
C:\Program Files\akl\uninstall.exe - Deleted
C:\Program Files\akl\unsetup.exe - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
Folder C:\Program Files\akl - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 19:52:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Abacast\\Abaclient.exe"="C:\\Program Files\\Abacast\\Abaclient.exe:*:Enabled:Abaclient"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\kav\\kav7.0\\english\\setup.exe"="C:\\kav\\kav7.0\\english\\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 27 Mar 2008 211 A.SH. --- "C:\BOOT.BAK"
[Added Note by 'fast learner' there are a number of very old data files around 50 which precede this infection by many months which were reported as files with hidden attributes, but have been excluded from this report for privacy reasons as they have identifying file names]
********************************************************************************
********************************************
Deckard's System Scanner v20071014.68
Run by New User on 2008-04-07 19:11:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-04-07 18:11:38 UTC - RP20 - Deckard's System Scanner Restore Point
1: 2008-04-07 06:50:27 UTC - RP19 - System Restore Point 7th April 2008
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as New User.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:32, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mgabg.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\New User\My Documents\My Completed Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\New User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.moneyam.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - (no file)
O2 - BHO: (no name) - {72C7F75B-B10B-4477-A687-EF10300DE5DD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase2895.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140454521275
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup163.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...203/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: AlrtCD - {c1ffb664-3e69-4682-86b5-d3b58c3a6b35} - C:\WINDOWS\Installer\{c1ffb664-3e69-4682-86b5-d3b58c3a6b35}\AlrtCD.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 9577 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 sbbotdi - c:\program files\speedbit video accelerator\sbbotdi.sys <Not Verified; SpeedBit Ltd.; Speedbit TDI Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 AC2003 - c:\windows\system32\drivers\ac2003.sys <Not Verified; ABIT Computer Corp.; AC2003 Device Driver>
S3 AmeAtmPc - c:\windows\system32\drivers\ameatmpc.sys (file missing)
S3 CnxTrLan (Zoom USB Network Adapter Driver) - c:\windows\system32\drivers\cnxtrlan.sys (file missing)
S3 CnxTrUsb (Zoom USB Network Interface Device Driver) - c:\windows\system32\drivers\cnxtrusb.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel® 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_25721849&REV_02\3&267A616A&0&10
Manufacturer: Intel Corporation
Name: Intel® 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_25721849&REV_02\3&267A616A&0&10
Service: ialm
-- Scheduled Tasks -------------------------------------------------------------
2008-04-07 18:00:09 448 --a------ C:\WINDOWS\Tasks\ParetoLogic Registration.job
2008-04-07 15:38:16 370 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-04-07 03:30:00 416 --a------ C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job
2008-03-30 22:00:02 352 --a------ C:\WINDOWS\Tasks\SmartDefrag.job
2008-03-07 18:58:02 382 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
-- Files created between 2008-03-07 and 2008-04-07 -----------------------------
2008-04-07 11:49:36 0 d-------- C:\Program Files\Panda Security
2008-04-07 07:35:01 0 dr-h----- C:\Documents and Settings\New User\Recent
2008-03-30 01:36:19 69632 --a------ C:\WINDOWS\system32\asprouni.exe <Not Verified; Panda Software; Panda Software ASPRODesinstalador>
2008-03-30 01:35:38 0 d-------- C:\WINDOWS\system32\ASPRO
2008-03-29 12:31:42 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-28 21:43:37 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 21:43:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-28 21:43:25 0 d-------- C:\Documents and Settings\New User\Application Data\SUPERAntiSpyware.com
2008-03-28 18:02:50 0 d-------- C:\Documents and Settings\New User\Application Data\Grisoft
2008-03-28 16:31:59 0 d-------- C:\Program Files\Java
2008-03-28 16:31:57 0 d-------- C:\Program Files\Common Files\Java
2008-03-28 11:22:26 0 d-------- C:\Program Files\Trend Micro
2008-03-28 02:11:35 0 d-------- C:\Documents and Settings\New User\Application Data\Malwarebytes
2008-03-28 02:11:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-28 02:11:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-28 01:40:08 0 dr-hs---- C:\cmdcons
2008-03-28 01:39:45 0 d-------- C:\WINDOWS\setupupd
2008-03-27 20:30:52 0 d-------- C:\WINDOWS\Prefetch
2008-03-27 19:48:12 0 d-------- C:\WINDOWS\setup.pss
2008-03-27 16:53:23 0 d-------- C:\XPCD
2008-03-27 15:22:24 0 d-------- C:\XPSP2
2008-03-27 12:45:03 0 d-------- C:\Program Files\IObit
2008-03-27 12:12:06 0 d-------- C:\Program Files\CCleaner
2008-03-26 21:49:48 0 d-------- C:\pebuilder3110a
2008-03-26 01:40:04 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-03-26 01:40:04 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-03-26 01:39:12 421920 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-26 01:39:12 10502944 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-26 01:39:12 0 d-------- C:\Program Files\Kaspersky Lab
2008-03-26 01:28:57 0 d-------- C:\kav
2008-03-26 00:15:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-26 00:15:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-25 23:26:07 0 d-------- C:\Program Files\RegistryCleanFixer2008
2008-03-25 21:26:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-25 17:19:15 4096 --a------ C:\WINDOWS\system32winlogonpc.exe
2008-03-25 17:19:14 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-03-25 17:19:14 4096 --a------ C:\WINDOWS\system32hoproxy.dll
2008-03-25 17:19:14 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32taack.exe
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32sncntr.exe
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32mwin32.exe
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32hxiwlgpm.exe
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-25 17:19:13 4096 --a------ C:\WINDOWS\a.bat
2008-03-25 17:19:12 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-03-25 17:19:12 0 d-------- C:\Documents and Settings\New User\Desktopvirii
2008-03-25 17:19:11 4096 --a------ C:\WINDOWS\system32psoft1.exe
2008-03-25 17:19:11 4096 --a------ C:\WINDOWS\system32psof1.exe
2008-03-25 17:19:11 4096 --a------ C:\WINDOWS\system32ps1.exe
2008-03-25 17:19:11 4096 --a------ C:\WINDOWS\system32msnbho.dll
2008-03-25 17:19:11 4096 --a------ C:\WINDOWS\system32bsva-egihsg52.exe
2008-03-25 17:19:10 4096 --a------ C:\WINDOWS\system32ssurf022.dll
2008-03-25 17:19:10 0 d-------- C:\WINDOWS\system32smp
2008-03-25 17:19:10 4096 --a------ C:\WINDOWS\system32netode.exe
2008-03-25 17:19:10 4096 --a------ C:\WINDOWS\system32medup020.dll
2008-03-25 17:19:10 4096 --a------ C:\WINDOWS\system32medup012.dll
2008-03-25 17:19:09 4096 --a------ C:\WINDOWS\system32temp#01.exe
2008-03-25 17:19:09 4096 --a------ C:\WINDOWS\system32mtr2.exe
2008-03-25 17:19:09 4096 --a------ C:\WINDOWS\system32msgp.exe
2008-03-25 17:19:08 4096 --a------ C:\WINDOWS\system32h@tkeysh@@k.dll
2008-03-25 17:19:08 4096 --a------ C:\WINDOWS\system32dpcproxy.exe
2008-03-25 17:19:07 4096 --a------ C:\WINDOWS\system32ssvchost.exe
2008-03-25 17:19:07 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-25 17:19:07 4096 --a------ C:\WINDOWS\system32regm64.dll
2008-03-25 17:19:07 4096 --a------ C:\WINDOWS\system32regc64.dll
2008-03-25 17:19:07 4096 --a------ C:\WINDOWS\system32msvchost.exe
2008-03-25 17:19:07 4096 --a------ C:\Documents and Settings\New User\Desktopfilemanagerclient.exe
2008-03-25 17:19:06 4096 --a------ C:\WINDOWS\system32thun32.dll
2008-03-25 17:19:06 4096 --a------ C:\WINDOWS\system32thun.dll
2008-03-25 17:19:06 4096 --a------ C:\WINDOWS\system32Rundl1.exe
2008-03-25 17:19:06 4096 --a------ C:\Documents and Settings\New User\DesktopFWebdEditor.exe
2008-03-25 17:19:06 4096 --a------ C:\Documents and Settings\New User\Desktopfwebd.exe
2008-03-25 17:19:05 4096 --a------ C:\WINDOWS\system32vcatchpi.dll
2008-03-25 17:19:05 4096 --a------ C:\WINDOWS\system32newsd32.exe
2008-03-25 17:19:05 4096 --a------ C:\WINDOWS\system32emesx.dll
2008-03-25 17:19:05 4096 --a------ C:\WINDOWS\system32anticipator.dll
2008-03-25 17:19:05 4096 --a------ C:\WINDOWS\system32akttzn.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\winsystem.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32WINWGPX.EXE
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32winsystem.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32sysreq.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32mssecu.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\system32awtoolb.dll
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\mssecu.exe
2008-03-25 17:19:04 4096 --a------ C:\WINDOWS\bdn.com
2008-03-25 17:19:03 4096 --a------ C:\WINDOWS\system32vbsys2.dll
2008-03-25 17:19:03 0 d-------- C:\Program Files\akl
2008-03-25 17:17:23 0 d-------- C:\Documents and Settings\All Users\Application Data\hozghkte
-- Find3M Report ---------------------------------------------------------------
2008-03-30 09:55:13 0 d-------- C:\Program Files\SpeedBit Video Accelerator
2008-03-30 09:50:38 0 d-------- C:\Program Files\Kontiki
2008-03-30 09:48:51 0 d-------- C:\Program Files\Google
2008-03-30 09:48:40 0 d-------- C:\Program Files\DAP
2008-03-30 02:01:59 0 d-------- C:\Program Files\MSN Messenger
2008-03-28 21:42:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-28 16:31:57 0 d-------- C:\Program Files\Common Files
2008-03-28 14:34:38 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-27 20:19:05 23348 --a------ C:\WINDOWS\sy
Edited by learning fast, 08 April 2008 - 06:34 AM.