Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help! [RESOLVED]


  • This topic is locked This topic is locked

#1
fthful2

fthful2

    Member

  • Member
  • PipPipPip
  • 162 posts
My wife and my computer is acting just a little strange. Both HJT logs look clean. But having trouble getting to castlecop and some of the other websites where we go to get info for our studies. The computers we giving me trouble getting to GTG but that has changed and now it is like I said other sites that help with our studies. Also when I make a new word document, and later want to delete it. It won't let me. This has never happened before.
Just strange things going on.

I ran DSS and would like some help if I may ask for it? Both files are below the main.txt and the extra.txt

thanks
fthful2





Deckard's System Scanner v20071014.68
Run by tammie on 2008-05-13 23:35:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-05-14 05:35:56 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-05-13 06:43:08 UTC - RP29 - System Checkpoint
28: 2008-05-12 05:43:08 UTC - RP28 - System Checkpoint
27: 2008-05-11 05:20:40 UTC - RP27 - System Checkpoint
26: 2008-05-10 04:55:43 UTC - RP26 - Installed SUPERAntiSpyware Free Edition


-- First Restore Point --
1: 2008-04-22 02:43:19 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as tammie.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:13 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\tammie\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\tammie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "tammie"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....ek_sys_ctrl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Mystery P.I. - The Lottery Ticket\Images\stg_drm.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156248255265
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=19588
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Agatha Christie - Peril at End House\Images\armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10009 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080501-233347-668 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080501-233347-751 O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 MaVctrl - c:\windows\system32\drivers\mavc2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 MaRdPnp - c:\windows\system32\drivers\mardp2k.sys <Not Verified; Mobile Action Technology Inc.; Handset Manager>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 22:05:53 516 --a------ C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as tammie at 9 05 PM.job


-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 22:36:44 0 dr-h----- C:\Documents and Settings\Tammie\Recent
2008-05-09 22:55:25 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 23:24:29 90668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-05-01 23:24:29 0 d-------- C:\Documents and Settings\Tammie\Application Data\IObit
2008-04-29 23:30:39 0 d-------- C:\Program Files\RegCleaner
2008-04-29 23:26:20 0 d-------- C:\Program Files\IObit
2008-04-29 21:26:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 21:26:27 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 21:23:07 0 --a------ C:\Documents and Settings\Tammie\core
2008-04-29 21:05:03 0 d-------- C:\Program Files\Common Files\Scanner
2008-04-29 21:04:54 0 d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-04-29 21:04:53 0 d-------- C:\Program Files\CA
2008-04-29 20:20:01 0 d-------- C:\Documents and Settings\Tammie\Application Data\Yahoo!
2008-04-29 20:19:59 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-04-29 20:15:40 0 d-------- C:\WINDOWS\network diagnostic
2008-04-21 20:00:19 0 d-------- C:\Documents and Settings\Tammie\Application Data\Comodo
2008-04-19 23:47:56 0 d-------- C:\Program Files\Alwil Software
2008-04-19 23:07:41 0 d-------- C:\Program Files\COMODO


-- Find3M Report ---------------------------------------------------------------

2008-05-13 22:45:52 0 d-------- C:\Documents and Settings\tammie\Application Data\SiteAdvisor
2008-05-13 22:40:32 0 d-------- C:\Program Files\SpywareBlaster
2008-05-09 22:55:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-09 22:55:44 0 d-------- C:\Documents and Settings\tammie\Application Data\SUPERAntiSpyware.com
2008-05-09 22:55:25 0 d-------- C:\Program Files\Common Files
2008-05-04 12:55:18 0 d-------- C:\Documents and Settings\tammie\Application Data\FUJIFILM
2008-05-04 12:55:17 0 d-------- C:\Program Files\FinePixViewer
2008-04-29 20:20:13 0 d-------- C:\Program Files\Yahoo!
2008-04-19 23:32:27 0 d-------- C:\Program Files\SpywareGuard
2008-04-02 23:02:02 0 d-------- C:\Documents and Settings\tammie\Application Data\Adobe
2008-04-02 22:54:25 0 d-------- C:\Program Files\Java
2008-04-02 22:53:35 0 d-------- C:\Program Files\Common Files\Java
2008-04-02 22:51:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-02 22:20:23 0 d-------- C:\Documents and Settings\tammie\Application Data\Help
2008-04-02 21:09:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-02 19:27:40 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-02 19:26:38 0 d-------- C:\Program Files\Windows Mobile Device Handbook
2008-03-29 00:46:20 0 d-------- C:\Documents and Settings\tammie\Application Data\Malwarebytes
2008-03-28 22:24:44 0 d-------- C:\Program Files\PopCap Games
2008-03-20 13:44:39 0 d-------- C:\Program Files\DeathOnTheNile_at
2008-03-20 09:35:33 0 d-------- C:\Program Files\Trend Micro
2008-02-13 21:48:27 2528 --a------ C:\Documents and Settings\tammie\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [08/03/2004 11:56 PM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [11/11/2005 12:47 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [08/03/2004 11:56 PM C:\WINDOWS\system32\rundll32.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [03/30/2007 09:42 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 08:34 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 09:32 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [04/29/2008 09:17 PM]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [04/29/2008 09:17 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [04/29/2008 09:17 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [04/29/2008 09:17 PM]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [04/29/2008 09:17 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [06/10/2005 09:43 AM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 01:39 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "tammie"

C:\Documents and Settings\Tammie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 01:30 PM 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8394 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-13 23:39:20 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3200+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.48 MiB / 536.94 MiB
Pagefile Memory (total/avail): 2461.28 MiB / 2041.8 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.51 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 19.57 GiB free.
D: is Fixed (NTFS) - 119.75 GiB total, 119.66 GiB free.
E: is Fixed (NTFS) - 138.76 GiB total, 106.85 GiB free.
F: is Fixed (FAT32) - 10.28 GiB total, 7.81 GiB free.
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00REA0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 119.75 GiB - D:

\\.\PHYSICALDRIVE1 - WDC WD1600JB-00REA0 - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 138.76 GiB - E:
\PARTITION1 - Extended w/Extended Int 13 - 10.29 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

UpdatesDisableNotify is set.

FW: CA Personal Firewall v9.1.0.36 (CA)
AV: CA Anti-Virus v8.3.0.3 (CA, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\tammie\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COOLER-TAULSOP3
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\tammie
LOGONSERVER=\\COOLER-TAULSOP3
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\tammie\LOCALS~1\Temp
TMP=C:\DOCUME~1\tammie\LOCALS~1\Temp
USERDOMAIN=COOLER-TAULSOP3
USERNAME=tammie
USERPROFILE=C:\Documents and Settings\tammie
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

dave (admin)
tammie (admin)
ruth (admin)
Karol (admin)
Admin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
Agatha Christie Peril at End House --> "C:\Program Files\Oberon Media\Agatha Christie Peril at End House\Uninstall.exe" "C:\Program Files\Oberon Media\Agatha Christie Peril at End House\install.log"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{C317FE54-A82F-475A-8B92-FDE3C6E14660}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 9.0 --> C:\Program Files\HP\Digital Imaging\{AA057FD9-0CFC-47e4-8AB4-E0F7EC85631D}\setup\hpzscr01.exe -datfile hpiscr06.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
IObit SmartDefrag --> "C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Luxor 2 (remove only) --> "C:\Program Files\Yahoo! Games\Luxor 2\Uninstall.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Multimedia Samples --> MsiExec.exe /I{A918DE8A-98C8-0900-0001-000000000000}
Mystery Case Files - Madame Fate --> C:\Program Files\Mystery Case Files - Madame Fate\uninstall.exe
Mystery P.I. - The Lottery Ticket 1.0.0.5 --> C:\Program Files\PopCap Games\Mystery PI\PopUninstall.exe "C:\Program Files\PopCap Games\Mystery PI\Install.log"
Mystery Solitaire --> C:\Program Files\Mystery Solitaire\uninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Ghost --> MsiExec.exe /I{A4409609-BC39-49BD-8D28-0F19AF6122C6}
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Palm --> MsiExec.exe /X{D2DEA1ED-F9D0-401D-9714-6FA8E89EF9D7}
Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Super Collapse! 3 --> C:\PROGRA~1\YAHOO!~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\SUPERC~1\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Mobile® Device Handbook --> C:\Program Files\Windows Mobile Device Handbook\Windows Mobile Device Handbook\Bin\DHUninstall.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Suggest Add-on for IE7 --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type238 / Error
Event Submitted/Written: 05/13/2008 11:37:46 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type237 / Error
Event Submitted/Written: 05/13/2008 11:37:46 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type236 / Error
Event Submitted/Written: 05/13/2008 11:37:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This network connection does not exist.

Event Record #/Type235 / Error
Event Submitted/Written: 05/13/2008 11:37:30 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type234 / Success
Event Submitted/Written: 05/13/2008 10:36:12 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3147 / Warning
Event Submitted/Written: 05/12/2008 07:39:19 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3113 / Warning
Event Submitted/Written: 05/11/2008 00:05:47 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type3111 / Error
Event Submitted/Written: 05/10/2008 10:26:30 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.103 on the
Network Card with network address 0015F29DBC05.

Event Record #/Type3110 / Warning
Event Submitted/Written: 05/10/2008 10:26:30 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F29DBC05. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type3109 / Warning
Event Submitted/Written: 05/10/2008 10:26:26 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0015F29DBC05. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-05-13 23:39:20 ------------
  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi Dave,

Well I'm not seeing anything malicious in your log, so lets run Combofix and see if there is anything hiding in there. Install the recovery console first though.

Download Combofix from Here, Here or Here and save it to your Desktop.

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System.

Posted Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Posted Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Save that to your desktop so you can post it to me later.

Now run Combofix.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" in your next reply.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.
Regards,
RatHat
  • 0

#3
fthful2

fthful2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Thanks RatHat,

I will try to do that when I get home tonight, and also try to post back to you.


dave :)
  • 0

#4
fthful2

fthful2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Here are the logs you requested.

One from ComboFix and the other from Kaspersky Online Scanner.



ComboFix 08-05-15.2 - tammie 2008-05-15 22:06:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT -5:00]
Running from: C:\Documents and Settings\tammie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tammie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-14 06:39 . 2008-05-14 06:39 880,432 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-05-14 06:39 . 2008-05-14 06:39 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-14 00:35 . 2008-05-14 00:35 <DIR> d-------- C:\Deckard
2008-05-14 00:16 . 2008-05-14 00:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-14 00:16 . 2008-05-14 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 23:55 . 2008-05-14 00:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 00:24 . 2008-05-02 00:46 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\IObit
2008-05-02 00:24 . 2008-04-17 17:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-30 00:30 . 2008-04-30 00:34 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-30 00:26 . 2008-05-02 00:24 <DIR> d-------- C:\Program Files\IObit
2008-04-29 22:26 . 2008-04-29 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 22:26 . 2008-04-29 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 22:19 . 2008-05-14 10:09 65,506 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-04-29 22:05 . 2008-04-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-29 22:05 . 2008-04-29 22:17 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2008-04-29 22:05 . 2008-04-29 22:17 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-04-29 22:05 . 2008-04-29 22:17 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2008-04-29 22:05 . 2008-04-29 22:17 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-04-29 22:05 . 2008-04-29 22:17 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-04-29 22:05 . 2008-04-29 22:17 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-04-29 22:05 . 2008-04-29 22:17 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-04-29 22:04 . 2008-04-29 22:05 <DIR> d-------- C:\Program Files\CA
2008-04-29 22:04 . 2008-04-29 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-04-29 21:20 . 2008-04-29 21:20 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\Yahoo!
2008-04-29 21:19 . 2008-04-29 21:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-29 21:14 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-29 21:14 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-29 21:14 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-29 21:14 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-29 21:14 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-29 21:14 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-29 21:14 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-29 21:14 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-29 21:14 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-29 21:14 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 21:00 . 2008-04-29 21:59 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\Comodo
2008-04-20 00:48 . 2003-03-18 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-20 00:07 . 2008-04-29 21:59 <DIR> d-------- C:\Program Files\COMODO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 03:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-15 17:20 --------- d-----w C:\Documents and Settings\tammie\Application Data\SiteAdvisor
2008-05-14 04:41 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-05-14 04:40 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-10 04:55 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-10 04:55 --------- d-----w C:\Documents and Settings\tammie\Application Data\SUPERAntiSpyware.com
2008-05-04 18:55 --------- d-----w C:\Program Files\FinePixViewer
2008-05-04 18:55 --------- d-----w C:\Documents and Settings\tammie\Application Data\FUJIFILM
2008-04-30 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-30 02:20 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 05:32 --------- d-----w C:\Program Files\SpywareGuard
2008-04-03 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 05:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-03 05:06 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-03 04:54 --------- d-----w C:\Program Files\Java
2008-04-03 04:53 --------- d-----w C:\Program Files\Common Files\Java
2008-04-03 04:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 03:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 01:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-03 01:26 --------- d-----w C:\Program Files\Windows Mobile Device Handbook
2008-03-29 06:46 --------- d-----w C:\Documents and Settings\tammie\Application Data\Malwarebytes
2008-03-29 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-29 04:24 --------- d-----w C:\Program Files\PopCap Games
2008-03-25 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-20 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-20 19:44 --------- d-----w C:\Program Files\DeathOnTheNile_at
2008-03-20 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-20 15:35 --------- d-----w C:\Program Files\Trend Micro
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-02-26 12:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( [email protected]_ 6.59.14.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 14:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2008-05-14 15:10:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-04 05:56:42 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 05:56:42 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2006-06-23 11:02:49 1,022,976 -c--a-w C:\WINDOWS\ie7\browseui.dll
+ 2004-08-04 05:56:42 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2006-06-23 11:02:50 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2006-06-23 11:02:50 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2006-06-23 11:02:50 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 05:56:44 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 05:56:52 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 05:56:44 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 05:56:44 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-08-23 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 05:56:44 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2006-06-23 08:35:52 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 05:56:44 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2006-06-23 11:02:50 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 05:56:44 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 05:56:44 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 05:56:52 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 05:56:44 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2006-06-23 11:02:50 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2006-06-23 11:02:50 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 05:56:44 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 05:56:54 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2006-07-28 11:28:54 3,054,080 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2006-06-23 11:02:51 448,512 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 05:56:16 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-08-23 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2006-06-23 11:02:51 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2006-06-23 11:02:51 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 05:56:46 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2006-06-23 11:02:51 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-06-23 11:02:51 1,494,016 -c--a-w C:\WINDOWS\ie7\shdocvw.dll
+ 2006-06-23 11:02:51 474,112 -c--a-w C:\WINDOWS\ie7\shlwapi.dll
+ 2007-08-14 00:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 00:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 23:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 23:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 05:56:48 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2006-07-25 20:33:39 613,888 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 05:56:48 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2004-08-04 05:56:48 848,384 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 05:56:48 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2006-06-23 11:02:52 658,944 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2007-08-14 00:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-08-14 00:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-08-14 00:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-08-14 00:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe.000
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll.000
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll.000
+ 2007-08-13 23:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-02-12 22:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-07-11 18:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll.000
+ 2007-08-14 00:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll.000
+ 2007-08-14 00:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-08-14 00:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-08-14 00:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-08-14 00:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-08-14 00:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-08-14 00:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-08-14 00:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-08-14 00:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-08-14 00:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000
+ 2007-08-14 00:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-08-14 00:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-08-14 00:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 16:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 16:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2008-04-30 03:05:07 10,134 ----a-r C:\WINDOWS\Installer\{609B0E8F-0E98-46BF-85F9-7123D1022D84}\ARPPRODUCTICON.exe
+ 2007-06-27 14:59:20 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-02-14 03:47:41 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2008-04-03 01:27:42 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
- 2008-02-14 03:47:41 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2008-04-03 01:27:42 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2008-04-03 04:51:43 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-04-30 03:18:59 10,134 ----a-r C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
- 2008-03-20 15:36:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-10 04:55:51 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-03-20 15:36:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-10 04:55:51 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-14 05:16:57 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-14 05:16:57 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-14 05:16:57 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-14 05:16:57 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2006-08-21 02:36:29 2,722 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 06:07:22 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 04:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2004-08-04 05:56:42 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-14 00:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 05:56:42 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-06-23 11:02:49 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 19:12:50 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-04 06:07:22 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2007-08-14 00:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-03-01 13:06:20 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-06-23 11:02:49 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2006-09-23 19:12:50 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-14 00:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2006-06-23 11:02:50 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-06-23 11:02:50 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-06-23 11:02:50 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-03-01 13:06:21 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-14 00:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-02-29 08:55:23 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-03-01 13:06:21 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-03-01 13:06:21 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2001-08-23 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-02-15 05:44:25 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-03-01 13:06:22 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2006-06-23 08:35:52 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 00:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-14 00:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2006-06-23 11:02:50 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-14 00:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-03-01 13:06:24 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-14 00:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-02-29 08:55:46 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-14 00:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2006-06-23 11:02:50 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-14 00:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-14 00:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-06-23 11:02:50 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2001-08-23 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2007-08-14 00:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2001-08-23 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2001-08-23 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-08-14 00:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2006-07-28 11:28:54 3,054,080 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-06-23 11:02:51 448,512 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-14 00:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2001-08-23 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-14 00:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2006-06-23 11:02:51 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-03-01 13:06:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-06-23 11:02:51 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-03-01 13:06:29 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2001-08-23 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2008-03-01 13:06:29 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2006-06-23 11:02:51 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-06-23 11:02:51 1,494,016 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 19:12:50 1,497,088 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-06-23 11:02:51 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2006-09-23 19:12:50 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2001-08-23 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2008-03-01 13:06:29 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2006-07-25 20:33:39 613,888 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-14 00:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2001-08-23 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2007-08-14 00:54:10 765,952 -c----w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-03-01 13:06:30 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2006-06-23 11:02:52 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-01 13:06:31 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2001-08-23 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2001-08-23 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2001-08-23 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2007-07-11 19:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 18:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2004-08-04 04:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2007-05-18 19:30:00 61,960 ----a-w C:\WINDOWS\system32\drivers\KmxAgent.sys
+ 2007-10-18 16:24:46 134,672 ----a-w C:\WINDOWS\system32\drivers\KmxCF.sys
+ 2007-09-13 21:15:06 88,840 ----a-w C:\WINDOWS\system32\drivers\KmxCfg.sys
+ 2007-05-18 19:30:00 45,064 ----a-w C:\WINDOWS\system32\drivers\KmxFile.sys
+ 2007-10-18 20:21:02 114,704 ----a-w C:\WINDOWS\system32\drivers\KmxFw.sys
+ 2007-11-02 18:09:10 65,552 ----a-w C:\WINDOWS\system32\drivers\KmxSbx.sys
+ 2007-10-18 16:24:46 93,712 ----a-w C:\WINDOWS\system32\drivers\KmxStart.sys
+ 2001-08-17 14:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys
+ 2007-08-07 18:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2001-08-23 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2006-06-23 11:02:50 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-03-01 13:06:21 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2006-06-23 11:02:50 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-03-01 13:06:21 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2006-06-23 11:02:50 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-03-01 13:06:21 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2006-10-10 16:29:44 94,720 ----a-w C:\WINDOWS\system32\HPcam_02.dll
+ 2008-03-01 13:06:21 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 14:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 05:56:52 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-02-29 08:55:23 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 05:56:44 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-03-01 13:06:21 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 05:56:44 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-03-01 13:06:21 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2001-08-23 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-02-15 05:44:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2008-03-01 13:06:22 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 05:56:44 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-03-01 13:06:22 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-04 05:56:44 81,920 ------w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-14 00:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2008-03-01 13:06:24 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2006-06-23 11:02:50 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-14 00:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 05:56:44 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:24 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-03-01 13:06:25 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-04 05:56:44 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-14 00:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2008-02-22 10:00:51 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-14 00:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-04 05:56:44 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-14 00:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2006-06-23 11:02:50 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-14 00:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-09-25 04:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-02-22 07:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-09-25 04:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-02-22 07:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-09-25 05:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-02-22 08:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-14 00:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-06-23 11:02:50 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-03-01 13:06:25 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
- 2004-08-04 05:56:44 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-14 00:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-12-14 17:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
+ 2001-08-23 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
- 2006-08-09 17:03:06 8,325,544 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-06 04:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-01 13:06:26 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-03-01 13:06:26 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-14 00:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-04 05:56:54 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-14 00:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2006-07-28 11:28:54 3,054,080 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-03-02 00:36:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-06-23 11:02:51 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-03-01 13:06:28 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 05:56:16 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-14 00:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2001-08-23 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-14 00:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2006-06-23 11:02:51 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-03-01 13:06:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2006-06-23 11:02:51 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-03-01 13:06:29 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2003-02-06 16:37:54 1,230,336 ----a-w C:\WINDOWS\system32\MSXML4.dll
+ 2003-04-18 22:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2003-02-06 16:37:54 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2003-04-18 22:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2001-08-23 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2006-06-28 23:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 14:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 05:56:46 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-03-01 13:06:29 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-02-15 03:04:36 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-05-14 12:09:55 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-02-15 03:04:36 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-05-14 12:09:55 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-06-23 11:02:51 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-03-01 13:06:29 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2006-06-23 11:02:51 1,494,016 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2006-09-23 19:12:50 1,497,088 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-06-23 11:02:51 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2006-09-23 19:12:50 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
- 2005-10-12 23:12:25 14,048 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:22:33 14,048 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 23:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2007-08-02 15:09:40 117,264 ----a-w C:\WINDOWS\system32\UmxSbxExw.dll
+ 2007-08-02 15:09:40 256,528 ----a-w C:\WINDOWS\system32\UmxSbxw.dll
+ 2007-05-18 19:30:00 79,368 ----a-w C:\WINDOWS\system32\UmxWNP.dll
- 2004-08-04 05:56:48 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-03-01 13:06:29 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2006-07-25 20:33:39 613,888 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-03-01 13:06:30 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 05:56:48 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-14 00:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
- 2004-08-04 05:56:48 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 05:56:48 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-03-01 13:06:30 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-14 00:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2001-08-23 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2001-08-23 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2001-08-23 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2006-06-23 08:34:35 24,576 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-10-10 06:12:10 214,528 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2008-04-30 03:18:57 1,233,920 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2008-04-30 03:18:57 82,432 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2000-08-31 13:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2005-06-10 10:43 1095680]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2005-11-11 13:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 00:56 33280 C:\WINDOWS\system32\rundll32.exe]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-30 10:42 36904]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-04-29 22:17 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-04-29 22:17 230928]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-04-29 22:17 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-04-29 22:17 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-04-29 22:17 259336]

C:\Documents and Settings\Tammie\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 20:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 14:30 79368 C:\WINDOWS\system32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=

R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 11:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 14:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 14:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 15:21]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 11:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 13:09]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 11:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 11:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 14:30]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-10-03 10:23]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 16:15]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 22:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-30 04:05:53 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as tammie at 9 05 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 22:08:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 22:09:01
ComboFix-quarantined-files.txt 2008-05-16 03:08:58

Pre-Run: 20,809,994,240 bytes free
Post-Run: 20,779,859,968 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

566


========================================================================


KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 11:21:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 777153


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 73927
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:50:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01268260c25eff22b19ec1235f390ec2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0198e0ddbc328fb3d7f172c7a1dffcbd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01ae071c11a37ccdad5fb8f3bafd0009_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01b48ae54f1fba0cb03af28f94991abb_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05006f45785b52eaa6f740230e91e790_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09745ed1032d5b7b05fbf0aa8755155f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b916ef8d7498ee3a10ed8b217e0dc56_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0deb41e6b3f3b9e771d84e3fc07a7d4a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\123e6fbce798184e324f03392d108bf4_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18474e3cb72e8dcae2c14b464a8df372_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a8a85646d7945e4307a41d3890efdfe_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c81910319be4b43f1346c9c0b73bc21_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1cfbc8d90f318d5c686b68ef6682472a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e42229737062a532a646fc926e859fd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ec98201c2ddcbdd06c23b16cc70c908_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2262b90f718c868bcb63ad2292734c66_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2282e702b29ee5a0ecf9ec73fced1218_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\259aa4484ba44f23ede5449770ab046f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25c93724aa5decb8b9f5be1caff27822_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b4cadf1d5be072d2e1d306d7e52d1ab_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e4e03487b5d8093622008977bff3a2b_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33876fc5eb072b11c7e0a9fc0862a181_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36a070fd18ebb07cd5f85419f79b1d47_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d2c5a047992c383177c4cf9952ebcc_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37f4286ed6b926fad92bc70fd9f3ba5f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\386a7e89f0cd788c6829e30540f9c55c_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a7609a561dfa82b92c40defc8725c36_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fb3dd5a9c7333d74c7b7353cb230254_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fbca56c3fcda87a197df16540feb6b8_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40d3497f1a8bb8ff601e77e4e6dc3d9f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\415a03fefcf06fbad382b1a983aae211_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e506a02ea67a8f6398e595560ad2f99_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f8f874706ad365ff7177a4526219f26_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fb2319d47ffefc744d9dcd3b90defa1_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\518b0dfadfa8b8997827c221a2e3eec9_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\521aef91439eb2b1a8f1df4782e8bb26_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\
  • 0

#5
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
The Kaspersky log is incomplete, could you turn off word wrap and post it again please.

Cheers,
RatHat
  • 0

#6
fthful2

fthful2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
RatHat,


Word wrap was not on. But I will post the logs again just to be certain. This time I will place the kaspersky.txt log first and then the CF_RC.txt log.


KASPERSKY ONLINE SCANNER REPORT
Thursday, May 15, 2008 11:21:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/05/2008
Kaspersky Anti-Virus database records: 777153


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 73927
Number of viruses found 2
Number of infected objects 4
Number of suspicious objects 0
Duration of the scan process 00:50:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01268260c25eff22b19ec1235f390ec2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0198e0ddbc328fb3d7f172c7a1dffcbd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01ae071c11a37ccdad5fb8f3bafd0009_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\01b48ae54f1fba0cb03af28f94991abb_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05006f45785b52eaa6f740230e91e790_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\09745ed1032d5b7b05fbf0aa8755155f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b916ef8d7498ee3a10ed8b217e0dc56_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0deb41e6b3f3b9e771d84e3fc07a7d4a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\123e6fbce798184e324f03392d108bf4_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\18474e3cb72e8dcae2c14b464a8df372_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1a8a85646d7945e4307a41d3890efdfe_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1c81910319be4b43f1346c9c0b73bc21_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1cfbc8d90f318d5c686b68ef6682472a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1e42229737062a532a646fc926e859fd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ec98201c2ddcbdd06c23b16cc70c908_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2262b90f718c868bcb63ad2292734c66_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2282e702b29ee5a0ecf9ec73fced1218_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\259aa4484ba44f23ede5449770ab046f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\25c93724aa5decb8b9f5be1caff27822_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b4cadf1d5be072d2e1d306d7e52d1ab_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2e4e03487b5d8093622008977bff3a2b_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33876fc5eb072b11c7e0a9fc0862a181_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36a070fd18ebb07cd5f85419f79b1d47_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37d2c5a047992c383177c4cf9952ebcc_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37f4286ed6b926fad92bc70fd9f3ba5f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\386a7e89f0cd788c6829e30540f9c55c_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3a7609a561dfa82b92c40defc8725c36_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fb3dd5a9c7333d74c7b7353cb230254_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3fbca56c3fcda87a197df16540feb6b8_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\40d3497f1a8bb8ff601e77e4e6dc3d9f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\415a03fefcf06fbad382b1a983aae211_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e506a02ea67a8f6398e595560ad2f99_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f8f874706ad365ff7177a4526219f26_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4fb2319d47ffefc744d9dcd3b90defa1_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\518b0dfadfa8b8997827c221a2e3eec9_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\521aef91439eb2b1a8f1df4782e8bb26_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\54d742eeb92c6e5ebd4f592bfb608263_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\57662961b3261cdce989b08c05264f3e_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\583c1dc023c0703a4c2531e97aeab426_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5856735654c7f278353c26d5c90d99a8_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cf790b6b069a1c17fa08651051ff544_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5ef09aa6e313715b676ad413bbf9074a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\60690d136b118973897232f93db1154a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\612fe3ce359f58f25a60e9f3e46492a2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6241c7091cc6c0c08d7f7efda1d892b8_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\639fb21ec987470f9ff22db035d5bc16_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\641e6a61f42ea4941f7dce45b824af13_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6791c6731c2bc9e0d7145d21e6eba722_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6a499e5262cb82b739c5622b9a5b2055_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6c44dbf957e7728f453b78ee27528a96_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ef70ef5a0dc12e1711d04e35e813489_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74a0c0719a42b7c4cfc0b223700393f5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\74b25abcb8ed4918d065f8581127b3fb_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\757e43217d1f5461f8933bb8e3376a13_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fa1b79874b911bc24342923e5a0c7b7_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81a9611c9b4fa679ae2814bbec146f4d_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8480b9b48c7ec4257df8f7449cdbcd7e_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86219ddbb269c2f0f2cd73263d0a3ca8_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86631d0829681d7b2dbbc4a50b004acd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\866fba8f87dcdabb0095867289ccc1bd_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\86cc22f303465293d0da87e4a247ed06_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8b9a2493c3c07a06914865012c419688_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8cb1b38c3fe7c897d009b99a4d2d0365_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\91a1dc05bb91766dd237afbcae4a77e5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\94dec68d450093efc14a217b95e69827_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\965932b48c7b982f895d6a1c920598a3_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\988fb3a7d985041c7a6645f1e01219fa_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\98e0c76d8ef2870d355e5c28d7436c6f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6255d7e582008c3d3542abdc1d21fc5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a8fc2e1b897ababd77789a273564e67f_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aa9a041733ce233c3cbd91507756d2ca_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ad381a3e2688fa03cb303df5d7d55be2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ae0137fc442b9e4476a3c4d283dfc778_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aec013c857aa22a6c13cdc9232f3776a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b46594c03f20963338856bf305e43696_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b83c030034b4c5f25706391ca61a8808_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b9cec7f37333d48268f4a1172399f54c_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba9ade74423cec65ed54f55abea515d1_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd6fbb5b6ff87e164870ed4fa503ef74_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bdfc1b7e886ac6b740f68d09cc814c7d_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bfcd226a64118d72e68429b4ba1791d2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1b2ece46b37d9a241432c2b6e041ee2_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c2c68346546f71cbce14c34dc3413ef9_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c471be1ccf938fcdb3b20ee25219b6b6_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c617a07e5286c52a7d52cad269256fe5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c72db6668fdc9d50b9729d42518c6689_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca94f81067a788b51dfad2db30953151_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfd650d868a32fb935a01a753be8c48b_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d2da147deca9afd123262d27c21be1b0_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d425116135ba6c93506da7c9e1de4788_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6f4afad54e2ea9f6e815283138e5e84_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9c123b18371dec974a8b9cc163d5ec0_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd7f99973c8622336e81bca3170ec437_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddb5c5a133b79e4a388f131eea1f754d_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dea90fa08c37727d21804cf1cde3589d_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfc07411d09228c73071843bf150fc1e_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1b5f619def70dc8ccc35e73a99bf1c5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e1ecf2b83314ed07f36d1ee061981ba5_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3226565fe7d3c56ebc8beb5456bbf1a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e59411a9e7167640de4bff8871e73a80_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e62f98d8d7f3f2adb71ecc80e5d80931_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7e82afc288f68fdf56bbc8b4167695a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e93336c7dd969e6fbe77ddbc15751931_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea0405336924b4b10ce01bb49abe52ed_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed44e21de9f3da410e89b609e3ce155e_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\edb33c757669311e3a67d6b8ee925a34_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1bdfc5f9b622ce24b38c955a875237c_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f28fd56ef2c8c385fa69c7ab7c52b622_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f34963d1dfb02975d1c003de60f465d3_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3dca066ece6d80eb117e348b9303a03_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7d119b8cad5ce313f79c0acc1cb168a_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f87395d273042d19c18b0ddd9ed90050_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f88b8817a84eac8eb3d8b6c5d5ca899d_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fa84a322076ae8bc3692f23b8380142b_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc27712ced6b93235cba769a1aec3203_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd8bf7008f3087b2650db871204b2a57_c0c8182d-832a-4497-80f4-b90d08a9d134 Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Tammie\Application Data\$_hpcst$.hpc Object is locked skipped

C:\Documents and Settings\Tammie\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\WCESLog.log Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DF39DA.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DF698C.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DF8A26.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DF900E.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DF9B29.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temp\~DFD840.tmp Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Tammie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Tammie\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Tammie\ntuser.dat.LOG Object is locked skipped

C:\Program Files\CA\SharedComponents\PPRT\logs\2008-05-14.csv Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3D59BB86-2949-44AB-9040-CE67237E9DF6}\RP33\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{3D59BB86-2949-44AB-9040-CE67237E9DF6}\RP33\change.log Object is locked skipped

E:\downloads\Computer Diagnostic Tools\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

E:\downloads\Computer Diagnostic Tools\SmitfraudFix.exe RAR: infected - 1 skipped

E:\Pics and Stuff from Dave's computer\Programs\Downloads\Reatogo PE\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 skipped

E:\Pics and Stuff from Dave's computer\Programs\Downloads\Reatogo PE\REATOGO-240.exe RAR: infected - 1 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{3D59BB86-2949-44AB-9040-CE67237E9DF6}\RP33\change.log Object is locked skipped

F:\System Volume Information\_restore{3D59BB86-2949-44AB-9040-CE67237E9DF6}\RP33\change.log Object is locked skipped

Scan process completed.



ComboFix 08-05-15.2 - tammie 2008-05-15 22:06:30.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT -5:00]
Running from: C:\Documents and Settings\tammie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\tammie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-14 06:39 . 2008-05-14 06:39 880,432 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-05-14 06:39 . 2008-05-14 06:39 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-05-14 00:35 . 2008-05-14 00:35 <DIR> d-------- C:\Deckard
2008-05-14 00:16 . 2008-05-14 00:16 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-14 00:16 . 2008-05-14 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-09 23:55 . 2008-05-14 00:16 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 00:24 . 2008-05-02 00:46 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\IObit
2008-05-02 00:24 . 2008-04-17 17:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-04-30 00:30 . 2008-04-30 00:34 <DIR> d-------- C:\Program Files\RegCleaner
2008-04-30 00:26 . 2008-05-02 00:24 <DIR> d-------- C:\Program Files\IObit
2008-04-29 22:26 . 2008-04-29 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-29 22:26 . 2008-04-29 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 22:19 . 2008-05-14 10:09 65,506 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-04-29 22:19 . 2008-05-14 10:09 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-04-29 22:05 . 2008-04-29 22:20 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-04-29 22:05 . 2008-04-29 22:17 99,904 --a------ C:\WINDOWS\system32\isafeif.dll
2008-04-29 22:05 . 2008-04-29 22:17 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-04-29 22:05 . 2008-04-29 22:17 75,280 --a------ C:\WINDOWS\system32\isafprod.dll
2008-04-29 22:05 . 2008-04-29 22:17 32,528 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-04-29 22:05 . 2008-04-29 22:17 26,640 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-04-29 22:05 . 2008-04-29 22:17 21,648 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-04-29 22:05 . 2008-04-29 22:17 21,392 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-04-29 22:04 . 2008-04-29 22:05 <DIR> d-------- C:\Program Files\CA
2008-04-29 22:04 . 2008-04-29 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-04-29 21:20 . 2008-04-29 21:20 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\Yahoo!
2008-04-29 21:19 . 2008-04-29 21:21 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-29 21:14 . 2008-03-01 08:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-29 21:14 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-29 21:14 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-29 21:14 . 2008-03-01 08:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-29 21:14 . 2008-03-01 08:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-29 21:14 . 2008-03-01 08:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-29 21:14 . 2008-03-01 08:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-29 21:14 . 2008-03-01 08:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-29 21:14 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-29 21:14 . 2008-02-22 05:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-21 21:00 . 2008-04-29 21:59 <DIR> d-------- C:\Documents and Settings\Tammie\Application Data\Comodo
2008-04-20 00:48 . 2003-03-18 15:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-04-20 00:47 . 2008-04-20 00:47 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-20 00:07 . 2008-04-29 21:59 <DIR> d-------- C:\Program Files\COMODO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 03:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-16 02:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-15 17:20 --------- d-----w C:\Documents and Settings\tammie\Application Data\SiteAdvisor
2008-05-14 04:41 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-05-14 04:40 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-10 04:55 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-10 04:55 --------- d-----w C:\Documents and Settings\tammie\Application Data\SUPERAntiSpyware.com
2008-05-04 18:55 --------- d-----w C:\Program Files\FinePixViewer
2008-05-04 18:55 --------- d-----w C:\Documents and Settings\tammie\Application Data\FUJIFILM
2008-04-30 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-30 02:20 --------- d-----w C:\Program Files\Yahoo!
2008-04-20 05:32 --------- d-----w C:\Program Files\SpywareGuard
2008-04-03 05:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 05:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-03 05:06 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-03 04:54 --------- d-----w C:\Program Files\Java
2008-04-03 04:53 --------- d-----w C:\Program Files\Common Files\Java
2008-04-03 04:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-03 03:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-03 01:27 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-03 01:26 --------- d-----w C:\Program Files\Windows Mobile Device Handbook
2008-03-29 06:46 --------- d-----w C:\Documents and Settings\tammie\Application Data\Malwarebytes
2008-03-29 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-29 04:24 --------- d-----w C:\Program Files\PopCap Games
2008-03-25 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-03-20 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-20 19:44 --------- d-----w C:\Program Files\DeathOnTheNile_at
2008-03-20 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-20 15:35 --------- d-----w C:\Program Files\Trend Micro
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-02-26 12:45 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( [email protected]_ 6.59.14.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-17 14:01:16 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2008-05-14 15:10:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-04 05:56:42 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 05:56:42 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2006-06-23 11:02:49 1,022,976 -c--a-w C:\WINDOWS\ie7\browseui.dll
+ 2004-08-04 05:56:42 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2006-06-23 11:02:50 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2006-06-23 11:02:50 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2006-06-23 11:02:50 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 05:56:44 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 05:56:52 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 05:56:44 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 05:56:44 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2001-08-23 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 05:56:44 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2006-06-23 08:35:52 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 05:56:44 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2006-06-23 11:02:50 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 05:56:44 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 05:56:44 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 05:56:52 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 05:56:44 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2006-06-23 11:02:50 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2006-06-23 11:02:50 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 05:56:44 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 05:56:54 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2006-07-28 11:28:54 3,054,080 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2006-06-23 11:02:51 448,512 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 05:56:16 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2001-08-23 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2006-06-23 11:02:51 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2006-06-23 11:02:51 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 05:56:46 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2006-06-23 11:02:51 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2006-06-23 11:02:51 1,494,016 -c--a-w C:\WINDOWS\ie7\shdocvw.dll
+ 2006-06-23 11:02:51 474,112 -c--a-w C:\WINDOWS\ie7\shlwapi.dll
+ 2007-08-14 00:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-14 00:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 23:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 23:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 05:56:48 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2006-07-25 20:33:39 613,888 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 05:56:48 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2004-08-04 05:56:48 848,384 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 05:56:48 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2006-06-23 11:02:52 658,944 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll
+ 2007-08-14 00:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll.000
+ 2007-08-14 00:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll
+ 2007-08-14 00:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll
+ 2007-08-14 00:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll
+ 2007-08-14 00:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe
+ 2007-08-14 00:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe.000
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll
+ 2007-08-14 00:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll.000
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll
+ 2007-08-14 00:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll.000
+ 2007-08-13 23:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll
+ 2007-02-12 22:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dat
+ 2007-07-11 18:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll
+ 2007-08-14 00:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll.000
+ 2007-08-14 00:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll
+ 2007-08-14 00:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll.000
+ 2007-08-14 00:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll
+ 2007-08-14 00:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
+ 2007-08-14 00:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe.000
+ 2007-08-14 00:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll
+ 2007-08-14 00:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll
+ 2007-08-14 00:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll
+ 2007-08-14 00:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll
+ 2007-08-14 00:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll
+ 2007-08-14 00:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll
+ 2007-08-14 00:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll
+ 2007-08-14 00:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll.000
+ 2007-08-14 00:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll
+ 2007-08-14 00:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll.000
+ 2007-08-14 00:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll
+ 2007-08-14 00:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll.000
+ 2007-08-14 00:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll
+ 2007-12-07 02:21:45 124,928 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\advpack.dll.000
+ 2007-12-19 23:01:06 347,136 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtmsft.dll
+ 2007-12-07 02:21:45 214,528 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\dxtrans.dll
+ 2007-12-07 02:21:45 133,120 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\extmgr.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll
+ 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\icardie.dll.000
+ 2007-12-06 11:00:57 70,656 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ie4uinit.exe
+ 2007-12-07 02:21:45 153,088 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakeng.dll
+ 2007-12-07 02:21:45 230,400 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieaksie.dll
+ 2007-12-06 04:59:51 161,792 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dat
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll
+ 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieapfltr.dll.000
+ 2007-12-07 02:21:45 384,512 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iedkcs32.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll
+ 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieframe.dll.000
+ 2007-12-07 02:21:46 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iernonce.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll
+ 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iertutil.dll.000
+ 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\ieudinit.exe
+ 2007-12-06 11:01:25 625,664 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
+ 2007-12-07 02:21:47 27,648 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\jsproxy.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll
+ 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeeds.dll.000
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll
+ 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msfeedsbs.dll.000
+ 2007-12-08 16:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll
+ 2007-12-08 16:51:48 3,592,192 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtml.dll.000
+ 2007-12-07 02:21:47 478,208 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mshtmled.dll
+ 2007-12-07 02:21:48 193,024 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\msrating.dll
+ 2007-12-07 02:21:48 671,232 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\mstime.dll
+ 2007-12-07 02:21:48 102,912 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\occache.dll
+ 2008-01-11 05:53:32 44,544 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\updspapi.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll
+ 2007-12-07 02:21:48 105,984 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\url.dll.000
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll
+ 2007-12-07 02:21:48 1,159,680 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\urlmon.dll.000
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll
+ 2007-12-07 02:21:48 233,472 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\webcheck.dll.000
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
+ 2007-12-07 02:21:48 824,832 -c----w C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll.000
+ 2008-04-30 03:05:07 10,134 ----a-r C:\WINDOWS\Installer\{609B0E8F-0E98-46BF-85F9-7123D1022D84}\ARPPRODUCTICON.exe
+ 2007-06-27 14:59:20 2,560 ----a-r C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-02-14 03:47:41 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2008-04-03 01:27:42 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
- 2008-02-14 03:47:41 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2008-04-03 01:27:42 22,486 ----a-r C:\WINDOWS\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2008-04-03 04:51:43 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2008-04-30 03:18:59 10,134 ----a-r C:\WINDOWS\Installer\{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}\ARPPRODUCTICON.exe
- 2008-03-20 15:36:46 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-05-10 04:55:51 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-03-20 15:36:46 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-10 04:55:51 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-14 05:16:57 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-05-14 05:16:57 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-05-14 05:16:57 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-05-14 05:16:57 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2006-08-21 02:36:29 2,722 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
+ 2000-08-31 13:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 06:07:22 1,788 ------w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 04:07:58 2,944 ------w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 13:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2001-08-23 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2001-08-23 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2001-08-23 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2001-08-23 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
- 2004-08-04 05:56:42 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-14 00:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-04 05:56:42 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-03-01 13:06:20 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-06-23 11:02:49 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2006-09-23 19:12:50 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2004-08-04 06:07:22 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2007-08-14 00:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008
  • 0

#7
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, you didn't need to post the CF log again, as that came through in your earlier post, and you will notice that it was cut off in this last one.

Now all that Kaspersky found were these two lines:

E:\downloads\Computer Diagnostic Tools\SmitfraudFix.exe/SmitfraudFix/Reboot.exe --> RiskTool.Win32.Reboot.f
E:\Pics and Stuff from Dave's computer\Programs\Downloads\Reatogo PE\REATOGO-240.exe/REATOGO-240/plugin/AUTOHELP/Files/pskill.exe --> RiskTool.Win32.PsKill.1101

Smitfraud we know is OK, the other one is something to do with Reatogo Bart PE. Did you download this and are you using it?

The rest of your log is clean, so all I cna think of that may be affecting it are your AV and AS's. What was the last thing you installed? Try uninstalling it, then see if it makes a difference, as I have a feeling that a conflict is what's causing your problems.

Regards,
RatHat
  • 0

#8
fthful2

fthful2

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
RatHat,

Yes I did download Reatogo and was using it a year or so ago to recover a forgotten password or somthing, I can't remember.

I will look at programs installed and try to find the culprit.


Thanks again RatHat
fthful2
  • 0

#9
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Keep me posted here OK :)
  • 0

#10
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP