Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo [RESOLVED]


  • This topic is locked This topic is locked

#1
Metin88

Metin88

    New Member

  • Member
  • Pip
  • 7 posts
Hi, I am new to this but here it goes.
I believe I have the Vundo Malware/Trojan, as a program that I have detects it and then removes it. It restarts my system searches for it again and doesn't find anything so it thinks the system is clean. BUT the next time I start the system again or sometimes even whilst I'm on the computer, somehow i'm sure Vundo comes back, i'm suspecting that it comes back because my Auto Updates turn off again, and I have also noticed that my Privacy meter on the Internet Explorer options/properties goes all the way down to No Protection (Accept all cookies) every time this happens. Internet explorer and Firefox also seem to slow down dramatically. At one stage I believe I had a ad.yieldmanager.com problem on my computer but that seems to have gone as advertisements for that don't come up on my Internet Explorer anymore. I believe I might of removed it with some clean up programs whilst running the pc on safe mode. I ran programs like CClean, Clean Up and also exterminate-it. I run Zone Alarm as my Anti-virus - Firewall - Spyware software on my pc. It sometimes detects that I have ad-ware on the pc in the folder windows/system32 as a dll file, and because of that it cannot quarantine, delete, rename nor delete it on restart. I have run both the VundoFix and VirtumundoBeGone programs both on Safe mode and normal mode and nothing seems to be detected although exterminate-it can detect them.
Here is the VBG Log from the normal mode.


[07/13/2008, 3:14:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Metincan Cakmak\Desktop\VirtumundoBeGone.exe" )
[07/13/2008, 3:14:24] - Detected System Information:
[07/13/2008, 3:14:24] - Windows Version: 5.1.2600, Service Pack 2
[07/13/2008, 3:14:24] - Current Username: Metincan Cakmak (Admin)
[07/13/2008, 3:14:24] - Windows is in NORMAL mode.
[07/13/2008, 3:14:24] - Searching for Browser Helper Objects:
[07/13/2008, 3:14:24] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[07/13/2008, 3:14:24] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[07/13/2008, 3:14:24] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)
[07/13/2008, 3:14:24] - BHO 4: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[07/13/2008, 3:14:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/13/2008, 3:14:24] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/13/2008, 3:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 3:14:24] - No filename found. Continuing.
[07/13/2008, 3:14:24] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/13/2008, 3:14:24] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/13/2008, 3:14:24] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/13/2008, 3:14:24] - BHO 10: {BD2C30E8-A1B9-4426-81A3-5DE76B0D7B36} ()
[07/13/2008, 3:14:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/13/2008, 3:14:24] - Checking for HKLM\...\Winlogon\Notify\ddccccBQ
[07/13/2008, 3:14:24] - Key not found: HKLM\...\Winlogon\Notify\ddccccBQ, continuing.
[07/13/2008, 3:14:24] - BHO 11: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)
[07/13/2008, 3:14:24] - Finished Searching Browser Helper Objects
[07/13/2008, 3:14:24] - Finishing up...
[07/13/2008, 3:14:24] - Nothing found! Exiting...


And Here is the HiJackThis Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:43 AM, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mpx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.hotmail.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {BD2C30E8-A1B9-4426-81A3-5DE76B0D7B36} - C:\WINDOWS\system32\ddccccBQ.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [acfp] c:\WINDOWS\system32\as.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180281724031
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: nnnoLCsS - nnnoLCsS.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mpx - Unknown owner - C:\WINDOWS\system32\mpx.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: perfmons Service (perfmons) - Logitech Inc. - (no file)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13592 bytes



Also --> O2 - BHO: (no name) - {BD2C30E8-A1B9-4426-81A3-5DE76B0D7B36} - C:\WINDOWS\system32\ddccccBQ.dll ddccccbq.dll is the file that comes up on Zone alarm as the adware.
Thanks in advance.
This is my first time posting for help on this forum and I have read the posts on HJT and malware before posting this so if I have done anything wrong let me know please.
Thanks again

Before I forget here is the Uninstall list from HJT.

3GP Video Converter 3
Acoustica MP3 Audio Mixer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Encore DVD FC
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Premiere Pro FC
Adobe Production Studio
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Video Suite Extras
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Avery DesignPro
Bonjour
Boris RED 4.0
Call of Duty® 4 - Modern Warfare™
Canon MP450
Canon Utilities Easy-PhotoPrint
Canopus ProCoder 2
CCleaner (remove only)
CDDRV_Installer
Celestia 1.4.1
CleanUp!
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2008-01-24
ConvertXtoDVD 3.0.0.9
Creative Media Toolbox
Creative System Information
Deer Hunter - The 2005 Season
Dream Aquarium
DVD Decrypter (Remove Only)
DVD Solution
Easy DVD Shrink
e-tax 2007
e-tax 2007 - Publications
Europa Casino
Exterminate It!
FlashGet 1.8.4.1001
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HipHop eJay 5 - Deinstallation
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
Konvertor
LightScribe System Software 1.12.37.1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LimeWire PRO 4.18.3
Logitech Desktop Messenger
Logitech G-series Keyboard Software
Logitech Internet Handset
Logitech Print Service
Logitech QuickCam Software
Logitech Registration
Logitech SetPoint
Logitech® Camera Driver
Magic ISO Maker v5.4 (build 0247)
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.15)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Native Instruments Service Center
Native Instruments Traktor DJ Studio 2.5.1
Native Instruments Traktor DJ Studio 3
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.5
Nokia Multimedia Converter Pro v2.0
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA PureVideo Decoder
OmniPage SE 2.0
Password Memory 2008 v1.0.4
PC Connectivity Solution
PowerDVD
PowerISO
QuickTime
QuickTime Alternative 1.47
Rapala Pro Fishing
Realtek High Definition Audio Driver
RegCure 1.5.0.1
Remove DivX Pro Codec
River Past Video Cleaner Pro
Satellite TV for PC Elite 4.8.8.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Skype 3.1
Skype add-on for IE
Skype Plugin Manager
Sonic UDF Reader
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Sony Picture Utility
Sony USB Driver
Sony Vegas Pro 8.0
Sound Blaster X-Fi
StuffPlug 3
SureThing CD Labeler LightScribe 5.0.581.0
Tom Clancy's Rainbow Six Vegas
TrainDB
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Service
Videora Xbox 360 Converter 2.25
Winamp
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896626
WinFast DTV
WinFast Entertainment Center
WinFast® Display Driver
WinRAR archiver
XoftSpySE
ZoneAlarm Security Suite

Reason for Edit: Merged posts.

Please don't post more than once or bump the topic as Helpers usually first look for threads with no replies.

Edited by Octagonal, 12 July 2008 - 09:01 PM.

  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Do you have Zone Alarm with Antivirus? If not you'll need to install an Antivirus, these programs are necessary in keeping your computer free of malware, without it you are very likely to get re-infected within a very short period of time.
I would like you to download one of these free programs I have listed here for you.
Note: Make sure to only install ONE program, as having more can cause confliction between these programs, which in turn lowers your protection and slows down your computer.

Now,

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.
  • 0

#3
Metin88

Metin88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Mike Thank you for your reply.
Zone Alarm I'm using on my pc comes with the anti-virus so I'm guessing i shouldn't download the other ones as per your instructions.
I have done as you requested, installed recovery console, and the combo fix and then ran it. I'm quite sure it deleted some of those files i was worried about as the HJT log doesn't have the dll files in there. I Have restarted the computer twice now and it has not turned off updates and the internet explorer privacy is on medium just like I left it. So far so good and here are the logs.


Here is the combo fix log:

ComboFix 08-07-12.4 - Metincan Cakmak 2008-07-14 1:15:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2722 [GMT 10:00]
Running from: C:\Documents and Settings\Metincan Cakmak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Metincan Cakmak\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\axtkonlk.ini
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\ddccccBQ.dll
C:\WINDOWS\system32\klnoktxa.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ouuhlbce.dll
C:\WINDOWS\system32\QBccccdd.ini
C:\WINDOWS\system32\QBccccdd.ini2
C:\WINDOWS\system32\tthaeelw.dll
C:\WINDOWS\system32\yaotsryo.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFMONS
-------\Service_perfmons


((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-13 03:16 . 2008-07-13 03:16 <DIR> d-------- C:\HJT
2008-07-11 16:06 . 2008-07-11 16:06 <DIR> d-------- C:\VundoFix Backups
2008-07-10 13:56 . 2008-07-13 02:15 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-10 03:17 . 2008-07-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-07-10 03:12 . 2008-07-10 03:12 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 02:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-10 02:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-10 02:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-10 02:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-10 02:42 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-10 02:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-10 02:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-10 02:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-10 02:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-10 02:42 . 2008-07-10 02:50 5,858 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 02:28 . 2008-07-11 12:11 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-10 02:26 . 2008-07-10 02:26 <DIR> d-------- C:\Program Files\CleanUp!
2008-07-09 11:18 . 2008-07-09 11:18 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-07-09 11:18 . 2003-06-26 10:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-07-09 11:18 . 2003-07-01 16:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll
2008-07-09 11:18 . 2003-07-01 16:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll
2008-07-09 11:18 . 2003-01-20 09:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll
2008-07-09 11:18 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax
2008-07-08 23:03 . 2008-07-13 01:15 110,419 --a------ C:\WINDOWS\BM676f9efe.xml
2008-07-07 13:44 . 2008-07-07 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-07 13:23 . 2008-07-07 13:23 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-07-07 13:21 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-07-07 13:21 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-07-07 13:21 . 2008-07-07 13:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-07 13:20 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 13:20 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 13:20 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 13:20 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-04 12:19 . 2008-07-11 11:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-02 23:49 . 2008-07-02 23:49 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-02 23:48 . 2008-07-02 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-02 18:20 . 2008-07-02 18:28 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-02 12:43 . 2008-07-02 12:43 <DIR> d-------- C:\Program Files\Native Instruments
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Canopus
2008-07-02 12:05 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-07-02 12:04 . 2008-07-02 12:04 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-02 12:02 . 2008-07-02 12:02 <DIR> d-------- C:\Program Files\DivX
2008-07-02 12:01 . 2008-07-02 12:01 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2008-07-02 12:01 . 2004-03-15 12:16 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2008-07-02 12:01 . 2002-10-31 18:11 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2008-07-02 12:01 . 2002-06-10 18:48 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2008-07-02 12:01 . 2005-04-08 18:55 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2008-07-02 12:01 . 2002-10-29 12:29 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2008-07-02 12:01 . 2001-10-04 16:16 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2008-07-02 12:01 . 2001-03-08 10:32 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2008-07-02 12:01 . 2000-02-02 17:30 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2008-07-02 10:50 . 2008-07-02 10:59 <DIR> d-------- C:\Program Files\RegCure
2008-07-01 23:52 . 2008-07-03 09:48 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Sony
2008-07-01 23:52 . 2008-07-01 23:52 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Publish Providers
2008-06-29 08:02 . 2008-06-29 08:02 41,982 --a------ C:\WINDOWS\system32\as.exe
2008-06-29 07:53 . 2008-06-29 07:53 325 --a------ C:\WINDOWS\system32\mpx.cfg
2008-06-28 15:01 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Password Memory 2008
2008-06-22 08:25 . 2008-06-22 09:28 <DIR> d-------- C:\Program Files\Crux Calculator v5
2008-06-17 06:06 . 2008-06-17 06:06 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Keynote
2008-06-17 06:06 . 2008-07-14 01:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 15:19 3,490,848 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-13 01:14 48,524 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 02:33 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\MailFrontier
2008-07-11 01:30 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-07-11 01:29 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-07-10 16:39 16,357,667 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-10 06:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Skype
2008-07-10 04:37 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\LimeWire
2008-07-09 14:37 3,743,232 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-07-09 06:34 3,741,184 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-07-09 06:34 2,986,496 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-07-09 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 23:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-07 03:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-07 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-06 15:06 3,717,632 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-07-06 08:04 73,728 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-07-05 17:05 2,809,856 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-07-05 17:04 3,716,096 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-07-04 02:51 3,714,048 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-07-04 02:51 204,800 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-07-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 20:03 2,964,992 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-07-02 13:33 3,700,736 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-07-02 13:33 2,809,344 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-07-02 03:47 3,716,608 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-07-02 03:47 3,137,024 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-07-01 14:01 3,693,568 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-06-27 18:08 3,655,168 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-06-27 18:08 2,979,328 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-06-21 07:03 3,104,256 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-06-21 06:12 3,622,912 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:03 3,485,696 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-12 02:03 3,042,816 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-11 05:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-08 16:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-08 16:23 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-08 16:23 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-07 15:26 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Teleca
2008-06-07 15:25 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Sony Ericsson
2008-06-07 08:49 3,581,440 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-06-07 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-07 05:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-07 05:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-07 05:10 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Teleca
2008-06-07 05:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Sony Ericsson
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-06-07 04:56 --------- d-----w C:\Program Files\Nokia
2008-06-07 04:55 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-07 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-06 18:50 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-06 18:47 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-06-06 18:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-06 17:09 --------- d-----w C:\Program Files\MSN Messenger
2008-06-06 17:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 17:07 --------- d-----w C:\Program Files\Windows Live
2008-06-06 17:00 3,438,592 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-06 17:00 2,967,040 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-06-05 10:03 3,519,488 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-05 10:03 3,041,792 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-04 20:15 2,994,176 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-06-04 02:36 3,518,976 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-03 13:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 11:21 3,423,232 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-29 11:21 2,793,472 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-27 23:16 2,748,416 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-24 08:05 1,107,456 ----a-w C:\WINDOWS\Internet Logs\xDBF8.tmp
2008-05-24 03:04 3,412,992 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-24 03:04 1,214,464 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-23 14:48 3,411,968 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-23 14:48 2,997,248 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-20 06:03 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Vso
2008-05-15 03:03 3,003,392 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-04-30 10:13 3,407,872 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-04-28 00:07 87,608 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\inst.exe
2008-04-28 00:07 47,360 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\pcouffin.sys
2008-04-25 22:23 3,394,048 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-04-25 22:23 2,974,208 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-04-24 21:56 3,393,536 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-04-24 21:56 2,980,864 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-04-22 16:35 3,393,024 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-04-22 16:35 2,768,896 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-04-19 20:04 3,576,320 ----a-w C:\WINDOWS\Internet Logs\xDB150.tmp
2008-04-15 22:04 3,373,568 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-04-05 05:27 22,328 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\PnkBstrK.sys
2007-11-25 09:37 90,800 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 05:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 00:33 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-27 17:49 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 17:59 2289664]
"acfp"="c:\WINDOWS\system32\as.exe" [2008-06-29 08:02 41982]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-16 23:16 81920]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 19:58 356352]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-07 01:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-07 01:14 497152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 16:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 17:15 348160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 04:20 127036]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 08:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 15:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"nwiz"="nwiz.exe" [2006-11-16 23:16 1622016 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 15:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 22:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-27 17:49:22 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 13:20:27 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Internet Handset.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Internet Handset.lnk
backup=C:\WINDOWS\pss\Logitech Internet Handset.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-16 23:16 7770112 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 09:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mpx.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 09:20]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 mpx;mpx;C:\WINDOWS\system32\mpx.exe [2003-09-27 15:34]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 09:24]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 09:25]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 09:23]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 09:21]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 09:22]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-09 02:23]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 15:32:55 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 06:08:08 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-13 15:32:54 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-07 17:00:54 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-nnnoLCsS - nnnoLCsS.dll
MSConfigStartUp-645cad62 - C:\WINDOWS\system32\klnoktxa.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 01:35:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-07-14 1:40:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-13 15:40:13

Pre-Run: 22,433,120,256 bytes free
Post-Run: 22,335,262,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

360 --- E O F --- 2008-07-11 12:09:08








Here is the HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:01 AM, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mpx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [acfp] c:\WINDOWS\system32\as.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180281724031
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: mpx - Unknown owner - C:\WINDOWS\system32\mpx.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13243 bytes

Uninstall List:
3GP Video Converter 3
Acoustica MP3 Audio Mixer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Encore DVD FC
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 1.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 2.0
Adobe Premiere Pro FC
Adobe Production Studio
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Video Suite Extras
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
Avery DesignPro
Bonjour
Boris RED 4.0
Call of Duty® 4 - Modern Warfare™
Canon MP450
Canon Utilities Easy-PhotoPrint
Canopus ProCoder 2
CCleaner (remove only)
CDDRV_Installer
Celestia 1.4.1
CleanUp!
Codec Pack - All In 1 6.0.3.0
Combined Community Codec Pack 2008-01-24
ConvertXtoDVD 3.0.0.9
Creative Media Toolbox
Creative System Information
Deer Hunter - The 2005 Season
Dream Aquarium
DVD Decrypter (Remove Only)
DVD Solution
Easy DVD Shrink
e-tax 2007
e-tax 2007 - Publications
Europa Casino
Exterminate It!
FlashGet 1.8.4.1001
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
GTA San Andreas
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HipHop eJay 5 - Deinstallation
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
Konvertor
LightScribe System Software 1.12.37.1
LightScribe Template Designs - Art Pack 1
LightScribe Template Designs - Business Pack 1
LightScribe Template Designs - Fantasy Pack 1
LightScribe Template Designs - Holiday Pack 1
LightScribe Template Designs - Special Occasion Pack 1
LightScribe Template Designs - Urban Pack 1
LightScribe Template Designs - Wedding Pack 1
LimeWire PRO 4.18.3
Logitech Desktop Messenger
Logitech G-series Keyboard Software
Logitech Internet Handset
Logitech Print Service
Logitech QuickCam Software
Logitech Registration
Logitech SetPoint
Logitech® Camera Driver
Magic ISO Maker v5.4 (build 0247)
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.15)
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Launcher
Native Instruments Service Center
Native Instruments Traktor DJ Studio 2.5.1
Native Instruments Traktor DJ Studio 3
Nero 8
neroxml
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Lifeblog 2.5
Nokia Multimedia Converter Pro v2.0
Nokia Multimedia Factory
Nokia Multimedia Factory
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA PureVideo Decoder
OmniPage SE 2.0
Password Memory 2008 v1.0.4
PC Connectivity Solution
PowerDVD
PowerISO
QuickTime
QuickTime Alternative 1.47
Rapala Pro Fishing
Realtek High Definition Audio Driver
RegCure 1.5.0.1
Remove DivX Pro Codec
River Past Video Cleaner Pro
Satellite TV for PC Elite 4.8.8.0
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Skype 3.1
Skype add-on for IE
Skype Plugin Manager
Sonic UDF Reader
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Sony Picture Utility
Sony USB Driver
Sony Vegas Pro 8.0
Sound Blaster X-Fi
StuffPlug 3
SureThing CD Labeler LightScribe 5.0.581.0
Tom Clancy's Rainbow Six Vegas
TrainDB
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update Service
Videora Xbox 360 Converter 2.25
Winamp
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (08/03/2007 3.2)
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896626
WinFast DTV
WinFast Entertainment Center
WinFast® Display Driver
WinRAR archiver
XoftSpySE
ZoneAlarm Security Suite
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
C:\WINDOWS\BM676f9efe.xml
C:\WINDOWS\system32\as.exe
C:\WINDOWS\system32\mpx.cfg

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acfp"=-
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

And,

Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs:

Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1


Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with the logs - no need for a hijack this log or uninstall list.

Edited by Mike, 13 July 2008 - 12:28 PM.

  • 0

#5
Metin88

Metin88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the logs,
Combo Fix Log:

ComboFix 08-07-12.4 - Metincan Cakmak 2008-07-14 13:27:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2603 [GMT 10:00]
Running from: C:\Documents and Settings\Metincan Cakmak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Metincan Cakmak\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\BM676f9efe.xml
C:\WINDOWS\system32\as.exe
C:\WINDOWS\system32\mpx.cfg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM676f9efe.xml
C:\WINDOWS\system32\as.exe
C:\WINDOWS\system32\mpx.cfg

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 03:16 . 2008-07-14 02:00 <DIR> d-------- C:\HJT
2008-07-11 16:06 . 2008-07-11 16:06 <DIR> d-------- C:\VundoFix Backups
2008-07-10 13:56 . 2008-07-14 02:11 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-10 03:17 . 2008-07-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-07-10 03:12 . 2008-07-10 03:12 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 02:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-10 02:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-10 02:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-10 02:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-10 02:42 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-10 02:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-10 02:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-10 02:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-10 02:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-10 02:42 . 2008-07-10 02:50 5,858 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 02:28 . 2008-07-11 12:11 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-10 02:26 . 2008-07-10 02:26 <DIR> d-------- C:\Program Files\CleanUp!
2008-07-09 11:18 . 2008-07-09 11:18 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-07-09 11:18 . 2003-06-26 10:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-07-09 11:18 . 2003-07-01 16:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll
2008-07-09 11:18 . 2003-07-01 16:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll
2008-07-09 11:18 . 2003-01-20 09:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll
2008-07-09 11:18 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax
2008-07-07 13:44 . 2008-07-07 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-07 13:23 . 2008-07-07 13:23 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-07-07 13:21 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-07-07 13:21 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-07-07 13:21 . 2008-07-07 13:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-07 13:20 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 13:20 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 13:20 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 13:20 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-04 12:19 . 2008-07-11 11:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-02 23:49 . 2008-07-02 23:49 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-02 23:48 . 2008-07-02 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-02 18:20 . 2008-07-02 18:28 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-02 12:43 . 2008-07-02 12:43 <DIR> d-------- C:\Program Files\Native Instruments
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Canopus
2008-07-02 12:05 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-07-02 12:04 . 2008-07-02 12:04 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-02 12:02 . 2008-07-02 12:02 <DIR> d-------- C:\Program Files\DivX
2008-07-02 12:01 . 2008-07-02 12:01 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2008-07-02 12:01 . 2004-03-15 12:16 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2008-07-02 12:01 . 2002-10-31 18:11 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2008-07-02 12:01 . 2002-06-10 18:48 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2008-07-02 12:01 . 2005-04-08 18:55 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2008-07-02 12:01 . 2002-10-29 12:29 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2008-07-02 12:01 . 2001-10-04 16:16 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2008-07-02 12:01 . 2001-03-08 10:32 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2008-07-02 12:01 . 2000-02-02 17:30 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2008-07-02 10:50 . 2008-07-02 10:59 <DIR> d-------- C:\Program Files\RegCure
2008-07-01 23:52 . 2008-07-03 09:48 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Sony
2008-07-01 23:52 . 2008-07-01 23:52 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Publish Providers
2008-06-28 15:01 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Password Memory 2008
2008-06-22 08:25 . 2008-06-22 09:28 <DIR> d-------- C:\Program Files\Crux Calculator v5
2008-06-17 06:06 . 2008-06-17 06:06 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Keynote
2008-06-17 06:06 . 2008-07-14 13:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 03:31 3,532,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-13 16:10 50,540 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 02:33 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\MailFrontier
2008-07-11 01:30 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-07-11 01:29 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-07-10 16:39 16,357,667 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-10 06:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Skype
2008-07-10 04:37 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\LimeWire
2008-07-09 14:37 3,743,232 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-07-09 06:34 3,741,184 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-07-09 06:34 2,986,496 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-07-09 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 23:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-08 23:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 03:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-07 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-06 15:06 3,717,632 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-07-06 08:04 73,728 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-07-05 17:05 2,809,856 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-07-05 17:04 3,716,096 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-07-04 02:51 3,714,048 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-07-04 02:51 204,800 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-07-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 20:03 2,964,992 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-07-02 13:33 3,700,736 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-07-02 13:33 2,809,344 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-07-02 03:47 3,716,608 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-07-02 03:47 3,137,024 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-07-01 14:01 3,693,568 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-06-27 18:08 3,655,168 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-06-27 18:08 2,979,328 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-06-21 07:03 3,104,256 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-06-21 06:12 3,622,912 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:03 3,485,696 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-12 02:03 3,042,816 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-11 05:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-08 16:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-08 16:23 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-08 16:23 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-07 15:26 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Teleca
2008-06-07 15:25 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Sony Ericsson
2008-06-07 08:49 3,581,440 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-06-07 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-07 05:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-07 05:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-07 05:10 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Teleca
2008-06-07 05:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Sony Ericsson
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-06-07 04:56 --------- d-----w C:\Program Files\Nokia
2008-06-07 04:55 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-07 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-06 18:50 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-06 18:47 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-06-06 18:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-06 17:09 --------- d-----w C:\Program Files\MSN Messenger
2008-06-06 17:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 17:07 --------- d-----w C:\Program Files\Windows Live
2008-06-06 17:00 3,438,592 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-06 17:00 2,967,040 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-06-05 10:03 3,519,488 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-05 10:03 3,041,792 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-04 20:15 2,994,176 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-06-04 02:36 3,518,976 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-03 13:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 11:21 3,423,232 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-29 11:21 2,793,472 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-27 23:16 2,748,416 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-24 08:05 1,107,456 ----a-w C:\WINDOWS\Internet Logs\xDBF8.tmp
2008-05-24 03:04 3,412,992 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-24 03:04 1,214,464 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-23 14:48 3,411,968 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-23 14:48 2,997,248 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-20 06:03 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Vso
2008-05-15 03:03 3,003,392 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 10:13 3,407,872 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-04-28 00:07 87,608 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\inst.exe
2008-04-28 00:07 47,360 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\pcouffin.sys
2008-04-25 22:23 3,394,048 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-04-25 22:23 2,974,208 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-04-24 21:56 3,393,536 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-04-24 21:56 2,980,864 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 16:35 3,393,024 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-04-22 16:35 2,768,896 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-04-19 20:04 3,576,320 ----a-w C:\WINDOWS\Internet Logs\xDB150.tmp
2008-04-15 22:04 3,373,568 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-04-05 05:27 22,328 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\PnkBstrK.sys
2007-11-25 09:37 90,800 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\GDIPFONTCACHEV1.DAT
2004-10-01 05:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( [email protected]_ 1.39.24.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 15:32:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 16:11:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-11 06:30:25 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
+ 2008-07-13 15:47:53 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2008-07-13 15:32:55 181,304 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2008-07-14 03:28:06 185,476 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2008-07-12 15:18:06 198,040,576 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
+ 2008-07-14 03:27:57 198,041,600 ----a-w C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
- 2008-07-13 15:32:47 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
+ 2008-07-13 16:12:00 16,384 --sha-w C:\WINDOWS\Temp\Cookies\index.dat
- 2008-07-13 15:32:47 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
+ 2008-07-13 16:12:00 16,384 --sha-w C:\WINDOWS\Temp\History\History.IE5\index.dat
- 2008-07-13 15:32:47 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-13 16:12:00 32,768 --sha-w C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 22:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 00:33 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 02:24 1694208]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-05-27 17:49 20480]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 17:59 2289664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-16 23:16 81920]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 19:58 356352]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-07 01:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-07 01:14 497152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"WinFastDTV"="C:\Program Files\WinFast\WFDTV\DTVSchdl.exe" [2006-07-11 16:10 69632]
"WinFast Schedule"="C:\Program Files\WinFast\WFDTV\WFWIZ.exe" [2006-07-07 17:15 348160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 04:20 127036]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 15:24 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 08:59 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 15:29 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"nwiz"="nwiz.exe" [2006-11-16 23:16 1622016 C:\WINDOWS\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 15:38 16384512 C:\WINDOWS\RTHDCPL.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 22:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-27 17:49:22 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-07 13:20:27 692224]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Internet Handset.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Internet Handset.lnk
backup=C:\WINDOWS\pss\Logitech Internet Handset.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-03-26 18:41 1232896 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-16 23:16 7770112 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 09:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"D:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mpx.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 wfcxacap;WinFast TV PCI Audio Capture Driver;C:\WINDOWS\system32\DRIVERS\wfcxacap.sys [2006-03-24 09:20]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 mpx;mpx;C:\WINDOWS\system32\mpx.exe [2003-09-27 15:34]
R2 wfcxatun;WinFast TV Analog Tuner Driver;C:\WINDOWS\system32\drivers\wfcxatun.sys [2006-03-24 09:24]
R2 WFCXVCAP;WinFast TV Video Capture Driver;C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-03-24 09:25]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 07:36]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-03-24 09:23]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-03-24 09:21]
R3 wfcxxbar;WinFast TV Crossbar Driver;C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-03-24 09:22]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFDTV\WFIOCTL.SYS [2005-01-06 16:55]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-09 02:23]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 15:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 15:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 15:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 15:54]

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 16:11:55 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-10 06:08:08 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-13 16:11:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-07 17:00:54 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 13:30:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-07-14 13:32:51
ComboFix-quarantined-files.txt 2008-07-14 03:31:47
ComboFix2.txt 2008-07-13 15:40:34

Pre-Run: 22,319,542,272 bytes free
Post-Run: 22,314,590,208 bytes free

331 --- E O F --- 2008-07-11 12:09:08




MBAM Log:
Malwarebytes' Anti-Malware 1.20
Database version: 948
Windows 5.1.2600 Service Pack 2

3:13:13 PM 14/07/2008
mbam-log-7-14-2008 (15-13-13).txt

Scan type: Quick Scan
Objects scanned: 46522
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mpx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpx (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mpx.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM676f9efe.txt (Trojan.Vundo) -> Quarantined and deleted successfully.



Online Scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, July 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, July 14, 2008 06:41:57
Records in database: 951268
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
J:\
K:\

Scan statistics:
Files scanned: 182416
Threat name: 4
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 04:26:44


File name / Threat name / Threats count
C:\Documents and Settings\Metincan Cakmak\My Documents\Torrents\Google.Earth.Pro.Full.Final_v4.0.1693-(August2006).rar Infected: Trojan-Dropper.Win32.Binder.c 1
C:\Downloads\DivXProInstaller.exe Infected: Backdoor.Win32.Rbot.dmk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ddccccBQ.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\klnoktxa.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ouuhlbce.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tthaeelw.dll.vir Infected: Trojan.Win32.Monderc.gen 1
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

I hope that you will stay away from cracks, that's what got you infected in the first place.

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
File::
C:\Documents and Settings\Metincan Cakmak\My Documents\Torrents\Google.Earth.Pro.Full.Final_v4.0.1693-(August2006).rar 
C:\Downloads\DivXProInstaller.exe 
C:\WINDOWS\system32\mpx.exe
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

Post a new Hijack This log and tell me how your pc is running, everything good?

Edited by Mike, 14 July 2008 - 07:23 AM.

  • 0

#7
Metin88

Metin88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for your reply Mike.
The pc is running much better now. My auto updates don't turn off and the privacy option on internet explorer don't turn off by themselves either.
And also no ads pop up while i'm browsing websites and the browsers don't slow down either. The problems seem to have been fixed.
Thanks to your help, you have saved me a lot of headaches and a lot of restarts. Finally ehre are the logs that you have requested if you can have a look at them and tell me that it's all ok it'd be great.

Here is the ComboFix Log:



ComboFix 08-07-12.4 - Metincan Cakmak 2008-07-15 0:02:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2612 [GMT 10:00]
Running from: C:\Documents and Settings\Metincan Cakmak\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Metincan Cakmak\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\Documents and Settings\Metincan Cakmak\My Documents\Torrents\Google.Earth.Pro.Full.Final_v4.0.1693-(August2006).rar
C:\Downloads\DivXProInstaller.exe
C:\WINDOWS\system32\mpx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Metincan Cakmak\Application Data\inst.exe
C:\Documents and Settings\Metincan Cakmak\My Documents\Torrents\Google.Earth.Pro.Full.Final_v4.0.1693-(August2006).rar
C:\Downloads\DivXProInstaller.exe
C:\WINDOWS\system32\tmp0_320733188272.bk
C:\WINDOWS\system32\tmp0_412226434717.bk
C:\WINDOWS\system32\tmp1_247991342479.bk
C:\WINDOWS\system32\tmp1_87776442274.bk
C:\WINDOWS\system32\tmp3_282992209591.bk
C:\WINDOWS\system32\tmp3_445424514562.bk

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 23:40 . 2008-07-14 23:40 <DIR> d-------- C:\WINDOWS\LastGood
2008-07-14 16:52 . 2008-07-14 16:52 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\dwhelper
2008-07-14 16:28 . 2008-07-14 16:29 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-14 16:28 . 2008-07-14 16:28 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-14 16:28 . 2008-07-14 16:28 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-14 16:28 . 2008-07-14 16:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-14 16:26 . 2008-07-14 16:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-14 16:05 . 2008-04-14 10:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-07-14 15:32 . 2008-07-14 15:32 <DIR> d-------- C:\Program Files\Sun
2008-07-14 14:49 . 2008-07-14 15:29 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\.SunDownloadManager
2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Malwarebytes
2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-14 13:43 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 13:43 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-13 03:16 . 2008-07-14 02:00 <DIR> d-------- C:\HJT
2008-07-11 16:06 . 2008-07-11 16:06 <DIR> d-------- C:\VundoFix Backups
2008-07-10 13:56 . 2008-07-14 02:11 <DIR> d-------- C:\Program Files\Exterminate It!
2008-07-10 03:17 . 2008-07-10 03:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Ericsson
2008-07-10 03:12 . 2008-07-10 03:12 <DIR> d-------- C:\Program Files\CCleaner
2008-07-10 02:42 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-10 02:42 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-10 02:42 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-10 02:42 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-10 02:42 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-10 02:42 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-10 02:42 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-10 02:42 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-10 02:42 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-10 02:42 . 2008-07-10 02:50 5,858 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-10 02:28 . 2008-07-11 12:11 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-10 02:26 . 2008-07-10 02:26 <DIR> d-------- C:\Program Files\CleanUp!
2008-07-09 11:18 . 2008-07-09 11:18 <DIR> d-------- C:\Program Files\Boris FX, Inc
2008-07-09 11:18 . 2003-06-26 10:04 237,568 -ra------ C:\WINDOWS\system32\qtmlClient.dll
2008-07-09 11:18 . 2003-07-01 16:49 69,632 --a------ C:\WINDOWS\system32\MtxPreview.dll
2008-07-09 11:18 . 2003-07-01 16:49 49,152 --a------ C:\WINDOWS\system32\MtxParhBFXPreview.dll
2008-07-09 11:18 . 2003-01-20 09:08 49,152 --a------ C:\WINDOWS\system32\CvoAPI.dll
2008-07-09 11:18 . 2003-07-09 10:43 45,056 --a------ C:\WINDOWS\system32\BFXSrcFilter.ax
2008-07-07 13:44 . 2008-07-07 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-07-07 13:23 . 2008-07-07 13:23 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-07-07 13:21 . 2007-04-11 15:32 36,112 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-07-07 13:21 . 2007-04-11 15:32 34,832 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-07-07 13:21 . 2008-07-07 13:21 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-07-07 13:20 . 2007-04-23 04:00 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-07-07 13:20 . 2007-04-23 04:00 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-07-07 13:20 . 2007-04-23 04:00 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-07-07 13:20 . 2007-04-23 04:00 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-07-04 12:19 . 2008-07-11 11:56 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-02 23:49 . 2008-07-02 23:49 <DIR> d-------- C:\Program Files\Vstplugins
2008-07-02 23:48 . 2008-07-02 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-07-02 18:20 . 2008-07-02 18:28 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-02 12:43 . 2008-07-02 12:43 <DIR> d-------- C:\Program Files\Native Instruments
2008-07-02 12:22 . 2008-07-02 12:22 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Canopus
2008-07-02 12:05 . 2003-03-15 22:15 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-07-02 12:04 . 2008-07-02 12:04 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-02 12:02 . 2008-07-02 12:02 <DIR> d-------- C:\Program Files\DivX
2008-07-02 12:01 . 2008-07-02 12:01 <DIR> d-------- C:\Program Files\Common Files\Canopus Shared
2008-07-02 12:01 . 2004-03-15 12:16 1,089,625 --a------ C:\WINDOWS\system32\csedvh.dll
2008-07-02 12:01 . 2002-10-31 18:11 385,108 --a------ C:\WINDOWS\system32\csedv.dll
2008-07-02 12:01 . 2002-06-10 18:48 376,832 --a------ C:\WINDOWS\system32\hlcdvc.dll
2008-07-02 12:01 . 2005-04-08 18:55 188,482 -ra------ C:\WINDOWS\system32\helixprodctrl.dll
2008-07-02 12:01 . 2002-10-29 12:29 159,832 --a------ C:\WINDOWS\system32\csccdvc.dll
2008-07-02 12:01 . 2001-10-04 16:16 147,456 --a------ C:\WINDOWS\system32\csccdvcx.dll
2008-07-02 12:01 . 2001-03-08 10:32 32,256 --a------ C:\WINDOWS\system32\cdvccodc.dll
2008-07-02 12:01 . 2000-02-02 17:30 22,528 --a------ C:\WINDOWS\system32\csthread.dll
2008-07-02 10:50 . 2008-07-02 10:59 <DIR> d-------- C:\Program Files\RegCure
2008-07-01 23:52 . 2008-07-03 09:48 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Sony
2008-07-01 23:52 . 2008-07-01 23:52 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Publish Providers
2008-06-28 15:01 . 2008-06-28 15:09 <DIR> d-------- C:\Program Files\Password Memory 2008
2008-06-22 08:25 . 2008-06-22 09:28 <DIR> d-------- C:\Program Files\Crux Calculator v5
2008-06-21 03:46 . 2008-06-21 03:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-21 03:46 . 2008-06-21 03:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 21:51 . 2008-06-20 21:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 21:40 . 2008-06-20 21:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 21:08 . 2008-06-20 21:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 06:06 . 2008-06-17 06:06 <DIR> d-------- C:\Documents and Settings\Metincan Cakmak\Application Data\Keynote
2008-06-17 06:06 . 2008-07-14 13:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 13:55 3,986,432 ----a-w C:\WINDOWS\Internet Logs\xDB6D.tmp
2008-07-14 13:55 3,229,696 ----a-w C:\WINDOWS\Internet Logs\xDB6C.tmp
2008-07-14 13:51 13,147,936 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-14 06:39 81,740 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-14 05:41 --------- d-----w C:\Program Files\Java
2008-07-11 02:33 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\MailFrontier
2008-07-11 01:30 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6A.tmp
2008-07-11 01:29 3,792,896 ----a-w C:\WINDOWS\Internet Logs\xDB6B.tmp
2008-07-10 16:39 16,357,667 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-10 06:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Skype
2008-07-10 04:37 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\LimeWire
2008-07-09 14:37 3,743,232 ----a-w C:\WINDOWS\Internet Logs\xDB69.tmp
2008-07-09 06:34 3,741,184 ----a-w C:\WINDOWS\Internet Logs\xDB68.tmp
2008-07-09 06:34 2,986,496 ----a-w C:\WINDOWS\Internet Logs\xDB67.tmp
2008-07-09 01:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 23:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2008-07-08 23:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-07 03:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-07-07 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-06 15:06 3,717,632 ----a-w C:\WINDOWS\Internet Logs\xDB66.tmp
2008-07-06 08:04 73,728 ----a-w C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-07-05 17:05 2,809,856 ----a-w C:\WINDOWS\Internet Logs\xDB64.tmp
2008-07-05 17:04 3,716,096 ----a-w C:\WINDOWS\Internet Logs\xDB65.tmp
2008-07-04 02:51 3,714,048 ----a-w C:\WINDOWS\Internet Logs\xDB63.tmp
2008-07-04 02:51 204,800 ----a-w C:\WINDOWS\Internet Logs\xDB62.tmp
2008-07-04 01:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-03 20:03 2,964,992 ----a-w C:\WINDOWS\Internet Logs\xDB61.tmp
2008-07-02 13:33 3,700,736 ----a-w C:\WINDOWS\Internet Logs\xDB60.tmp
2008-07-02 13:33 2,809,344 ----a-w C:\WINDOWS\Internet Logs\xDB5F.tmp
2008-07-02 03:47 3,716,608 ----a-w C:\WINDOWS\Internet Logs\xDB5E.tmp
2008-07-02 03:47 3,137,024 ----a-w C:\WINDOWS\Internet Logs\xDB5D.tmp
2008-07-01 14:01 3,693,568 ----a-w C:\WINDOWS\Internet Logs\xDB5C.tmp
2008-06-27 18:08 3,655,168 ----a-w C:\WINDOWS\Internet Logs\xDB5B.tmp
2008-06-27 18:08 2,979,328 ----a-w C:\WINDOWS\Internet Logs\xDB5A.tmp
2008-06-21 07:03 3,104,256 ----a-w C:\WINDOWS\Internet Logs\xDB7C.tmp
2008-06-21 06:12 3,622,912 ----a-w C:\WINDOWS\Internet Logs\xDB59.tmp
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 02:03 3,485,696 ----a-w C:\WINDOWS\Internet Logs\xDB54.tmp
2008-06-12 02:03 3,042,816 ----a-w C:\WINDOWS\Internet Logs\xDB53.tmp
2008-06-11 05:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-08 16:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-08 16:23 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-08 16:23 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-07 15:26 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Teleca
2008-06-07 15:25 --------- d-----w C:\Documents and Settings\Sadik Cakmak\Application Data\Sony Ericsson
2008-06-07 08:49 3,581,440 ----a-w C:\WINDOWS\Internet Logs\xDB58.tmp
2008-06-07 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-07 05:17 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-07 05:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-06-07 05:10 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Teleca
2008-06-07 05:09 --------- d-----w C:\Program Files\Common Files\Sony Ericsson Shared
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Sony Ericsson
2008-06-07 05:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2008-06-07 04:56 --------- d-----w C:\Program Files\Nokia
2008-06-07 04:55 --------- d-----w C:\Program Files\Common Files\Nokia
2008-06-07 04:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-07 04:35 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\LightScribe
2008-06-06 18:50 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-06-06 18:47 --------- d-----w C:\Program Files\SureThing CD Labeler 5
2008-06-06 18:46 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-06-06 17:09 --------- d-----w C:\Program Files\MSN Messenger
2008-06-06 17:07 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-06 17:07 --------- d-----w C:\Program Files\Windows Live
2008-06-06 17:00 3,438,592 ----a-w C:\WINDOWS\Internet Logs\xDB52.tmp
2008-06-06 17:00 2,967,040 ----a-w C:\WINDOWS\Internet Logs\xDB51.tmp
2008-06-05 10:03 3,519,488 ----a-w C:\WINDOWS\Internet Logs\xDB57.tmp
2008-06-05 10:03 3,041,792 ----a-w C:\WINDOWS\Internet Logs\xDB56.tmp
2008-06-04 20:15 2,994,176 ----a-w C:\WINDOWS\Internet Logs\xDB50.tmp
2008-06-04 02:36 3,518,976 ----a-w C:\WINDOWS\Internet Logs\xDB55.tmp
2008-06-03 13:07 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-29 11:21 3,423,232 ----a-w C:\WINDOWS\Internet Logs\xDB4F.tmp
2008-05-29 11:21 2,793,472 ----a-w C:\WINDOWS\Internet Logs\xDB4E.tmp
2008-05-27 23:16 2,748,416 ----a-w C:\WINDOWS\Internet Logs\xDB4D.tmp
2008-05-24 08:05 1,107,456 ----a-w C:\WINDOWS\Internet Logs\xDBF8.tmp
2008-05-24 03:04 3,412,992 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2008-05-24 03:04 1,214,464 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2008-05-23 14:48 3,411,968 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2008-05-23 14:48 2,997,248 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2008-05-20 06:03 --------- d-----w C:\Documents and Settings\Metincan Cakmak\Application Data\Vso
2008-05-15 03:03 3,003,392 ----a-w C:\WINDOWS\Internet Logs\xDB7B.tmp
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 10:13 3,407,872 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2008-04-28 00:07 47,360 ----a-w C:\Documents and Settings\Metincan Cakmak\Application Data\pcouffin.sys
2008-04-25 22:23 3,394,048 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2008-04-25 22:23 2,974,208 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2008-04-24 21:56 3,393,536 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2008-04-24 21:56 2,980,864 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 16:35 3,393,024 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2008-04-22 16:35 2,768,896 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2008-04-19 20:04 3,576,320 ----a-w C:\WINDOWS\Internet Logs\xDB150.tmp
2008-04-15 22:04 3,373,568 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
.

((((((((((((((((((((((((((((( [email protected]_ 1.39.24.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\rmcast.sys
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB950762_0$\spuninst\updspapi.dll
- 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys
+ 2008-04-14 11:01:02 272,128 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\bthport.sys
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376-v2_0$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB951376_0$\spuninst\updspapi.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\quartz.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951698_0$\spuninst\updspapi.dll
- 2006-02-28 12:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys
- 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll
- 2006-02-28 12:00:00 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
- 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
- 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys
+ 2006-02-28 12:00:00 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
+ 2008-02-20 05:32:43 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\dnsapi.dll
+ 2006-02-28 12:00:00 245,248 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\spuninst\updspapi.dll
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
+ 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748_0$\tcpip6.sys
- 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
+ 2008-04-14 00:11:48 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
- 2006-02-28 12:00:00 1,852,416 ----a-w C:\WINDOWS\AppPatch\AcGenral.dll
+ 2008-04-14 00:11:48 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2006-02-28 12:00:00 450,048 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2008-04-14 00:11:48 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2006-02-28 12:00:00 137,728 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2008-04-14 00:11:48 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2006-02-28 12:00:00 244,736 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2008-04-14 00:11:48 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2006-02-28 12:00:00 116,224 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2008-04-14 00:11:48 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2008-07-13 15:32:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 13:56:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-13 13:10:50 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
+ 2008-04-14 00:12:19 1,033,728 ----a-w C:\WINDOWS\explorer.exe
- 2006-02-28 12:00:00 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2008-04-14 00:12:06 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2006-02-28 12:00:00 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2008-04-14 00:12:07 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2006-02-28 12:00:00 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2008-04-14 00:12:07 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2008-04-14 00:12:21 10,752 ----a-w C:\WINDOWS\hh.exe
- 2006-02-28 12:00:00 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2008-04-14 00:11:58 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2006-02-28 12:00:00 130,048 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2008-04-14 00:12:06 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2006-02-28 12:00:00 62,976 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2008-04-13 16:43:18 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2006-02-28 12:00:00 250,880 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2008-04-14 00:12:06 250,368 ----a-w C:\WINDOWS\ime\sptip.dll
- 2008-06-06 17:08:21 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-07-14 06:45:16 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2008-01-18 15:13:09 2,247 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscdsbl.bat
+ 2007-12-12 10:33:51 18,917 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscinst.vbs
+ 2007-10-30 10:06:46 13,801 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscuinst.vbs
+ 2008-04-14 00:11:31 25,600 ------w C:\WINDOWS\Installer\tsclientmsitrans\tscupdc.dll
- 2006-02-28 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2006-02-28 12:00:00 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2008-04-14 00:11:48 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2008-04-14 00:11:48 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2008-04-14 00:11:48 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2006-02-28 12:00:00 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2008-04-14 00:11:48 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2006-02-28 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2008-04-14 00:11:48 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2006-02-28 12:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2008-04-14 00:11:48 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2008-04-14 00:12:12 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2006-02-28 12:00:00 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2008-04-14 00:11:49 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0405.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
+ 2007-04-02 18:25:59 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0406.dll
- 2006-02-28 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt0407.dll
- 2006-02-28 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
+ 2007-04-02 18:26:00 22,016 ----a-w C:\WINDOWS\msagent\intl\agt0408.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
+ 2008-04-13 17:32:28 19,968 ----a-w C:\WINDOWS\msagent\intl\agt0409.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
+ 2007-04-02 18:26:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040b.dll
- 2006-02-28 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
+ 2007-04-02 18:26:00 21,504 ----a-w C:\WINDOWS\msagent\intl\agt040c.dll
- 2006-02-28 12:00:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
+ 2007-04-02 18:26:00 19,968 ----a-w C:\WINDOWS\msagent\intl\agt040e.dll
- 2006-02-28 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
+ 2007-04-02 18:26:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0410.dll
- 2006-02-28 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
+ 2007-04-02 18:26:01 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0413.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0414.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0415.dll
- 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
+ 2007-04-02 18:26:01 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0416.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0419.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041d.dll
- 2006-02-28 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
+ 2007-04-02 18:26:01 19,456 ----a-w C:\WINDOWS\msagent\intl\agt041f.dll
- 2006-02-28 12:00:00 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
+ 2007-04-02 18:26:02 20,992 ----a-w C:\WINDOWS\msagent\intl\agt0816.dll
- 2006-02-28 12:00:00 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
+ 2007-04-02 18:26:02 20,480 ----a-w C:\WINDOWS\msagent\intl\agt0c0a.dll
- 2006-02-28 12:00:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2008-04-14 00:12:00 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2006-02-28 12:00:00 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
+ 2008-04-14 00:12:29 90,624 ----a-w C:\WINDOWS\mui\muisetup.exe
- 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2008-04-14 00:11:51 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
- 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
+ 2008-04-13 18:53:32 558,080 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2006-02-28 12:00:00 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2008-04-14 00:12:29 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2006-02-28 12:00:00 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
+ 2008-04-14 00:12:21 769,024 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
- 2006-02-28 12:00:00 743,936 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe
+ 2008-04-14 00:12:21 744,448 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
- 2006-02-28 12:00:00 18,944 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe
+ 2008-04-14 00:12:21 18,432 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe
- 2006-02-28 12:00:00 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-04-14 00:12:27 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
- 2006-02-28 12:00:00 376,320 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
+ 2008-04-14 00:11:59 376,832 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msinfo.dll
- 2006-02-28 12:00:00 102,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
+ 2008-04-14 00:12:02 102,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchshell.dll
- 2006-02-28 12:00:00 38,912 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
+ 2008-04-14 00:12:02 38,400 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
- 2007-05-27 08:37:26 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
+ 2008-07-14 06:33:09 86,327 ----a-w C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
- 2007-05-27 08:37:26 2,722 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-07-14 06:33:10 3,460 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
- 2006-02-28 12:00:00 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe
+ 2008-04-14 00:12:38 150,528 ----a-w C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe
- 2006-02-28 12:00:00 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
+ 2008-04-14 00:12:06 151,552 ----a-w C:\WINDOWS\PeerNet\sqldb20.dll
- 2006-02-28 12:00:00 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
+ 2008-04-14 00:12:06 462,848 ----a-w C:\WINDOWS\PeerNet\sqlqp20.dll
- 2006-02-28 12:00:00 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
+ 2008-04-14 00:12:06 110,592 ----a-w C:\WINDOWS\PeerNet\sqlse20.dll
- 2006-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-14 00:12:32 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2008-04-13 18:46:18 53,376 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2008-04-13 18:40:50 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2008-04-13 18:46:20 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2008-04-14 00:11:48 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2008-04-14 00:11:48 136,192 ------w C:\WINDOWS\ServicePackFiles\i386\aaclient.dll
+ 2004-08-03 12:32:22 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2004-08-03 12:32:32 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2008-04-14 00:11:48 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\acadproc.dll
+ 2008-04-14 00:12:11 184,320 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2008-04-14 00:11:48 1,852,928 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2008-04-14 00:11:48 451,072 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2008-04-14 00:11:48 141,312 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2008-04-14 00:11:48 115,712 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2008-04-13 18:36:35 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2008-04-14 00:11:48 245,248 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2008-04-14 00:11:48 193,536 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2008-04-14 00:12:12 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2008-04-14 00:11:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2008-04-14 00:11:48 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2008-04-14 00:11:48 29,696 ------w C:\WINDOWS\ServicePackFiles\i386\admexs.dll
+ 2008-04-14 00:11:48 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2004-08-03 12:32:24 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2008-04-14 00:11:48 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2008-04-14 00:11:48 43,520 ------w C:\WINDOWS\ServicePackFiles\i386\admwprox.dll
+ 2008-04-14 00:11:48 290,816 ------w C:\WINDOWS\ServicePackFiles\i386\adsiis51.dll
+ 2008-04-14 00:11:48 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2008-04-14 00:11:48 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2008-04-14 00:11:48 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2008-04-14 00:11:48 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2008-04-14 00:11:48 123,392 ------w C:\WINDOWS\ServicePackFiles\i386\adsnw.dll
+ 2007-04-02 13:10:44 85,813 ------w C:\WINDOWS\ServicePackFiles\i386\adsutil.vbs
+ 2008-04-14 00:11:48 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2008-04-14 00:11:48 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2008-04-14 00:11:48 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2008-04-14 00:11:48 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2008-04-14 00:11:48 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2008-04-14 00:11:48 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2008-04-14 00:11:48 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2008-04-14 00:11:48 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2008-04-14 00:11:48 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2008-04-13 16:39:23 142,592 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2008-04-13 19:19:23 138,112 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2008-04-14 00:11:48 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2008-04-14 00:11:48 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2008-04-14 00:11:48 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2008-04-14 00:11:48 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2008-04-14 00:11:48 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2008-04-14 00:11:48 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2008-04-14 00:12:12 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2008-04-13 18:36:38 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2008-04-13 18:36:39 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0401.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0404.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0405.dll
+ 2007-04-02 18:25:59 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0406.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt0407.dll
+ 2007-04-02 18:26:00 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\agt0408.dll
+ 2008-04-13 17:32:28 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt0409.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040b.dll
+ 2007-04-02 18:26:00 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\agt040c.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt040d.dll
+ 2007-04-02 18:26:00 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\agt040e.dll
+ 2007-04-02 18:26:00 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0410.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0411.dll
+ 2007-04-02 18:26:00 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0412.dll
+ 2007-04-02 18:26:01 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0413.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0414.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0415.dll
+ 2007-04-02 18:26:01 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0416.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0419.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041d.dll
+ 2007-04-02 18:26:01 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt041f.dll
+ 2007-04-02 18:26:02 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\agt0804.dll
+ 2007-04-02 18:26:02 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\agt0816.dll
+ 2007-04-02 18:26:02 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\agt0c0a.dll
+ 2008-04-14 00:11:49 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2008-04-14 00:12:12 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2008-04-14 00:12:12 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2008-04-13 18:36:38 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2008-04-14 00:11:49 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2008-04-13 18:36:39 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2008-04-13 18:31:32 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2008-04-13 18:31:33 37,760 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2008-04-14 00:11:49 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2004-08-03 12:31:20 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2008-04-14 00:11:49 108,544 ------w C:\WINDOWS\ServicePackFiles\i386\appconf.dll
+ 2008-04-14 00:11:49 125,952 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2008-04-14 00:11:49 167,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgmts.dll
+ 2008-04-14 00:11:49 295,936 ------w C:\WINDOWS\ServicePackFiles\i386\appmgr.dll
+ 2008-04-14 00:11:49 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2008-04-13 18:51:25 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2008-04-14 00:11:49 369,664 ------w C:\WINDOWS\ServicePackFiles\i386\asp51.dll
+ 2008-04-13 16:09:58 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_filter.dll
+ 2008-04-13 16:09:59 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_isapi.dll
+ 2008-04-13 16:10:01 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe
+ 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_state.exe
+ 2008-04-13 16:10:01 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\aspnet_wp.exe
+ 2008-04-14 00:12:12 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\asr_fmt.exe
+ 2008-04-14 00:12:12 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\asr_pfu.exe
+ 2008-04-14 00:11:49 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2008-04-13 18:57:27 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2008-04-14 00:12:12 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2008-04-13 18:40:30 96,512 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-03 12:29:30 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-03 12:29:30 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-03 12:29:30 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-03 12:29:32 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-03 12:29:32 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-03 12:29:32 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-03 12:29:32 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-03 12:29:32 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-03 12:29:32 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-03 12:29:32 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2008-04-14 00:11:49 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2008-04-14 00:11:49 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2008-04-14 00:11:49 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-03 12:29:28 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-03 12:29:28 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2008-04-14 00:11:49 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2008-04-14 00:11:49 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2008-04-14 00:11:50 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-03 12:29:28 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-03 12:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-03 12:29:30 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-03 12:29:30 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-03 12:29:32 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-03 12:29:32 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-03 12:29:32 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-03 12:29:32 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-03 12:29:32 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-03 12:29:32 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2008-04-14 00:11:50 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2008-04-14 00:11:50 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2008-04-14 00:11:50 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2008-04-14 00:12:12 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2008-04-13 18:51:25 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2008-04-14 00:09:01 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2008-04-13 18:51:30 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2008-04-14 00:12:12 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\attrib.exe
+ 2008-04-14 00:11:50 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2008-04-14 00:11:50 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2008-04-14 00:11:50 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2008-04-14 00:11:50 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2008-04-14 00:11:50 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2008-04-14 00:11:50 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2008-04-14 00:12:12 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2008-04-14 00:11:50 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2008-04-14 00:12:12 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2008-04-14 00:11:50 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2008-04-14 00:12:12 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2008-04-14 00:12:12 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2008-04-14 00:12:13 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2008-04-14 00:12:13 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2008-04-13 18:46:20 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2008-04-13 18:46:07 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2008-04-14 00:11:50 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2008-04-14 00:11:50 233,472 ------w C:\WINDOWS\ServicePackFiles\i386\azroles.dll
+ 2008-04-14 00:11:50 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2008-04-14 00:11:50 29,184 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2008-04-14 00:11:50 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2008-04-13 18:36:32 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\battc.sys
+ 2008-04-13 18:46:21 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2008-04-14 00:11:50 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2008-04-14 00:11:50 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2008-04-14 00:11:50 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx4.dll
+ 2008-04-14 00:12:13 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2008-04-14 00:12:13 142,848 ------w C:\WINDOWS\ServicePackFiles\i386\bootcfg.exe
+ 2008-04-13 18:53:23 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2008-04-13 17:03:24 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2008-04-14 00:11:50 1,025,024 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2008-04-14 00:11:50 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2008-04-14 00:11:50 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2008-04-13 18:46:33 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2008-04-13 18:46:33 37,888 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2008-04-13 18:51:34 101,120 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2008-04-13 18:46:32 273,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2008-04-13 18:46:31 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2008-04-14 00:11:50 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2008-04-13 18:46:29 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2008-04-14 00:11:50 218,112 ------w C:\WINDOWS\ServicePackFiles\i386\c_g18030.dll
+ 2008-04-14 00:11:50 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2008-04-14 00:11:50 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2008-04-14 00:12:13 19,968 ------w C:\WINDOWS\ServicePackFiles\i386\cacls.exe
+ 2008-04-14 00:11:50 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2008-04-14 00:11:50 121,856 ------w C:\WINDOWS\ServicePackFiles\i386\camext30.dll
+ 2008-04-14 00:11:50 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2008-04-14 00:11:50 150,016 ------w C:\WINDOWS\ServicePackFiles\i386\capesnpn.dll
+ 2007-06-27 12:53:18 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\caspol.exe
+ 2008-04-14 00:11:50 226,304 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2008-04-14 00:11:50 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2008-04-14 00:11:50 625,664 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2008-04-13 18:46:23 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2008-04-13 19:14:21 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2008-04-14 00:11:50 151,040 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2008-04-14 00:11:50 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2008-04-14 00:11:50 2,091,520 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2008-04-13 18:40:46 62,976 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2008-04-14 00:11:50 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2008-04-14 00:11:50 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2008-04-14 00:11:50 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2008-04-14 00:09:05 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2008-04-14 00:12:14 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2008-04-14 00:11:50 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2008-04-13 18:40:58 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2008-04-14 00:11:50 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\cic.dll
+ 2008-04-14 00:11:50 1,358,848 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2008-04-14 00:11:50 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2008-04-14 00:12:14 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\cipher.exe
+ 2008-04-14 00:12:14 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2008-04-13 19:16:22 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2008-04-14 00:11:50 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2008-04-14 00:11:50 498,688 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2008-04-14 00:12:14 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2008-04-14 00:11:50 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2008-04-14 00:12:14 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2008-04-14 00:12:14 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2008-04-14 00:12:14 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2008-04-14 00:11:50 58,368 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2008-04-13 18:36:37 13,952 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2008-04-14 00:11:50 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2008-04-14 00:12:14 389,120 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2008-04-14 00:11:50 344,064 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2008-04-14 00:12:14 25,600 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2008-04-14 00:12:15 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2008-04-14 00:11:50 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2008-04-14 00:11:50 13,312 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2008-04-14 00:12:15 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2008-04-14 00:11:50 39,424 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2008-04-14 00:11:50 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2008-04-14 00:11:50 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2008-04-14 00:11:51 46,592 ------w C:\WINDOWS\ServicePackFiles\i386\coadmin.dll
+ 2008-04-13 16:44:16 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\cobramsg.dll
+ 2008-04-14 00:11:51 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2008-04-14 00:11:51 28,160 ------w C:\WINDOWS\ServicePackFiles\i386\comaddin.dll
+ 2008-04-14 00:11:51 195,072 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2008-04-14 00:11:51 617,472 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2008-04-14 00:11:51 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2008-04-14 00:11:51 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2008-04-13 18:36:37 10,240 ------w C:\WINDOWS\ServicePackFiles\i386\compbatt.sys
+ 2008-04-14 00:11:51 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\compfilt.dll
+ 2008-04-14 00:11:51 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2008-04-14 00:11:51 97,792 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.dll
+ 2008-04-14 00:12:15 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2008-04-14 00:12:15 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\comrereg.exe
+ 2008-04-14 00:11:51 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2008-04-13 18:43:32 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comsdupd.exe
+ 2008-04-14 00:11:51 274,944 ------w C:\WINDOWS\ServicePackFiles\i386\comsetup.dll
+ 2008-04-14 00:11:51 167,424 ------w C:\WINDOWS\ServicePackFiles\i386\comsnap.dll
+ 2008-04-14 00:11:51 1,267,200 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2008-04-14 00:11:51 539,648 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2008-04-14 00:12:15 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2008-04-14 00:11:51 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2008-04-14 00:11:51 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\confmsp.dll
+ 2008-04-14 00:12:15 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2008-04-13 16:10:05 69,632 ------w C:\WINDOWS\ServicePackFiles\i386\corperfmonext.dll
+ 2008-04-14 00:11:51 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2008-04-14 00:11:51 12,800 ------w C:\WINDOWS\ServicePackFiles\i386\credssp.dll
+ 2008-04-14 00:11:51 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2008-04-13 18:31:32 36,736 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2008-04-14 00:11:51 599,040 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2008-04-14 00:11:51 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2008-04-14 00:11:51 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2008-04-14 00:11:51 53,760 ------w C:\WINDOWS\
  • 0

#8
Metin88

Metin88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
And Here is the HJT Log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:50 AM, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download All with FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1180281724031
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13354 bytes
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

You can fix this item with Hijack This:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


And your logs look clean :)

Click START then RUN
Now type Combofix /u in the runbox and click OK
Posted Image
Notice the space between the x and / -- That needs to be there.

&

Now please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer.


Now that your are clean, you'll want to stay that way.

Some important things that you should keep in mind in order to protect yourself:
  • Use common sense. This is the big one! Don't download programs from suspicious sites and be careful where you browse.
    Things you can do to avoid downloading bad programs:
    • Google the program. Read reviews and opinions from other people on the internet, if you dont see any reports of foul play - then there more than likely is none.
    • Stay away from Cracks! However luring the thought of free software can be it's not worth the hassle and potential danger of getting infected.
    • Download the program directly from the website of the developer - then you can be certain you haven't downloaded a bogus copy.
    • Read the EULA (End User License Agreement) - Find out exactly what you are downloading. A good tool to aid you in this would be EULAyzer.
  • Keep your programs updated! Software such as JAVA update their programs to patch possible security risks. Do a scan once in a while for outdated programs using Secunia's Software Inspector
  • Keep your protection programs up to date! No matter how good your Antivirus or Antispyware program is, without an updated set of definitions it will do you no good against the new infections. If you run a free program make sure to update them at least once a week.
  • Make sure that windows updates is enabled. Keeping your system up to date is a must - to turn on automatic updates take a look at this article by Microsoft.
I have listed two programs to boost your security while using no resources.
  • SpywareBlaster Take a look at the tutorial here.
  • ZonedOut Adds thousands of websites to your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Also consider using an alternative web browser. Two big named ones, both far superior to Internet Explorer in terms of security and performance, would be Firefox and Opera.

Make a habit of scanning your computer for viruses every week or so and backing up important files regularly.

Please also read Expert Tony Klein's excellent article: How I got Infected in the First Place

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.

Thanks for uploading those files for me.
  • 0

#10
Metin88

Metin88

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks Mike,
I have done as you instructed and my pc is running good.
No Pop-ups and the auto updates stay on.
I'm also using Firefox 3.0 as well.
Thanks for all your help and for your time.
  • 0

#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Glad to hear everything is running well :)

Take care and have a great still!

Mike
  • 0

#12
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP