Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware need to get rid of it! [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
notsoperfect187

notsoperfect187

    Member

  • Member
  • PipPip
  • 34 posts
my computer apparantly is full of adware and i keep running spyware doctor and it keeps fixing it but it just keeps coming back....here is my hijack this log please help???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:15 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skra\Skra.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL3.tmp
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [BM4f715580] Rundll32.exe "C:\WINDOWS\system32\oweuauba.dll",s
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skra] C:\Program Files\Skra\Skra.exe
O4 - HKUS\S-1-5-18\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SpeedRunner] C:\Documents and Settings\Jenn\Application Data\SpeedRunner\SpeedRunner.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SfKg6wIP] C:\Documents and Settings\Jenn\Application Data\Microsoft\Windows\lebgf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ffzo] C:\PROGRA~1\COMMON~1\ffzo\ffzom.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cuos] "C:\WINDOWS\YSTEM~1\smss.exe" -vt yazb (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Pzq] C:\WINDOWS\?icrosoft\n?tepad.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mjc] C:\Program Files\mjc\mjc.exe (User 'Default user')
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O20 - Winlogon Notify: hgGyywTl - hgGyywTl.dll (file missing)
O20 - Winlogon Notify: wvuuttt - wvuuttt.dll (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6888 bytes
  • 0

Advertisements


#2
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hello and Welcome to Geeks To Go.

My name is SpySentinel and I will be assisting you with your malware problem today.

You may wish to Subscribe to this thread (Options --> Track this topic) so that you are notified when you receive a reply.

Please give me some time to analyze your log, and I will post back with instructions ASAP.
  • 0

#3
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ok thank you soo much
  • 0

#4
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Your welcome!
  • 0

#5
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i am using my boyfriends computer because with mine i cant even access the internet since all this stuff is going on...i can get to the main pages of certain sites but no further....i really need to figure this out!! :-(
  • 0

#6
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
any1 there??
  • 0

#7
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i think i may have fixed if you could just compare my hijack this logs :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:31 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6654 bytes
  • 0

#8
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Sorry for the delay. In the future, please do not bump your thread. We are very busy, and it sometimes may take some time for a response.

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.

Edited by SpySentinel, 30 July 2008 - 04:59 PM.

  • 0

#9
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ComboFix 08-07-29.1 - Jenn 2008-07-30 20:14:05.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.519 [GMT -5:00]
Running from: C:\Documents and Settings\Jenn\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 00:57 . 2008-07-30 00:57 <DIR> d-------- C:\Deckard
2008-07-30 00:00 . 2008-07-30 00:00 <DIR> d-------- C:\Documents and Settings\Jenn\DoctorWeb
2008-07-29 23:33 . 2008-07-29 23:35 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-29 23:29 . 2005-01-13 21:41 11,254 --a------ C:\WINDOWS\system32\locate.com
2008-07-29 22:39 . 2008-07-29 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-29 22:39 . 2008-07-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 21:47 . 2008-07-29 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 21:47 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 21:46 . 2008-07-29 23:36 <DIR> d-------- C:\MGtools
2008-07-29 21:46 . 2008-07-29 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 21:46 . 2008-07-29 23:36 54,116 --a------ C:\MGlogs.zip
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\SUPERAntiSpyware.com
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Program Files\Uniblue
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Uniblue
2008-07-28 23:19 . 2008-07-28 23:19 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-07-28 21:06 . 2008-07-29 10:32 <DIR> d--hs---- C:\WINDOWS\SmVubg
2008-07-28 08:47 . 2008-07-28 08:47 <DIR> d-------- C:\Program Files\Fashion Dash
2008-07-27 20:28 . 2008-07-27 20:28 <DIR> d-------- C:\Program Files\Oberon Games
2008-07-27 20:25 . 2008-07-27 20:25 <DIR> d-------- C:\Program Files\Real Arcade
2008-07-27 19:59 . 2008-07-27 20:22 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-27 19:48 . 2008-07-27 20:24 <DIR> d---s---- C:\Documents and Settings\Jenni
2008-07-27 10:07 . 2008-07-27 20:04 16,384 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll
2008-07-24 08:44 . 2008-07-27 20:27 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\BeachPartyCraze
2008-07-24 08:28 . 2008-07-24 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-07-24 08:27 . 2008-07-24 08:27 <DIR> d-------- C:\Program Files\Five BN Studio
2008-07-23 12:20 . 2008-07-23 12:20 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Amaranth Games
2008-07-22 10:33 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Crazy Machines II
2008-07-22 10:32 . 2008-01-29 05:53 782,336 -ra------ C:\WINDOWS\system32\tmp23E.tmp
2008-07-22 10:32 . 2008-01-29 05:53 782,336 -ra------ C:\WINDOWS\system32\tmp23D.tmp
2008-07-22 10:25 . 2008-01-29 05:53 782,336 -ra------ C:\WINDOWS\system32\tmp200.tmp
2008-07-22 10:25 . 2008-01-29 05:53 782,336 -ra------ C:\WINDOWS\system32\tmp1FF.tmp
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gold Casual Games
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-22 08:44 . 2008-07-22 08:44 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Total Eclipse
2008-07-22 08:27 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\The Mysterious City Golden Prague
2008-07-22 08:26 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-07-19 09:44 . 2008-07-19 09:55 <DIR> d-------- C:\Nancy Drew
2008-07-17 09:10 . 2008-07-19 00:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\ForgottenRiddles2
2008-07-17 08:40 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Forgotten Riddles - The Moonlight Sonatas
2008-07-16 22:28 . 2001-04-07 16:43 65,536 --a------ C:\WINDOWS\system32\FoxCBmp3.dl
2008-07-16 22:25 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Aurora The Secret Within
2008-07-12 08:14 . 2008-07-12 10:01 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\FarmerJane
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\blg
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\blg
2008-07-11 13:01 . 2008-07-11 13:02 <DIR> d-------- C:\Program Files\Spa Mania
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Leadertech
2008-07-10 15:51 . 2008-07-10 16:52 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-10 15:46 . 2008-07-10 15:46 <DIR> d-------- C:\Program Files\Buena Vista Games
2008-07-10 15:45 . 2008-07-10 15:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\InstallShield
2008-07-10 15:45 . 2008-07-10 15:51 1,175 --a------ C:\WINDOWS\disney.ini
2008-07-10 15:45 . 2008-07-10 15:45 185 --a------ C:\WINDOWS\disneysy.ini
2008-07-10 12:02 . 2008-07-10 12:02 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gamelab
2008-07-10 12:01 . 2008-07-10 12:01 <DIR> d-------- C:\Program Files\iWin.com
2008-07-08 12:03 . 2008-07-08 12:03 <DIR> d-------- C:\Program Files\Sunshine Acres by downTURK
2008-07-06 10:33 . 2008-07-13 20:12 <DIR> d-------- C:\Program Files\Build in Time
2008-07-04 09:16 . 2008-07-04 09:16 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\SulusGames
2008-07-03 21:22 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-07-03 21:09 . 2008-07-28 08:50 <DIR> d-------- C:\Program Files\Alawar
2008-06-29 11:22 . 2008-06-29 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-27 08:35 . 2008-06-27 08:35 <DIR> d-------- C:\Documents and Settings\Jenn\Saved Games
2008-06-26 17:46 . 2008-06-26 17:46 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Dress Up Rush TAC CM
2008-06-24 23:41 . 2008-06-24 23:41 0 --a------ C:\WINDOWS\PhantomOfVenice.INI
2008-06-21 12:55 . 2008-06-21 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fitn17
2008-06-20 20:53 . 2008-06-20 20:53 <DIR> d-------- C:\Program Files\DropBox
2008-06-20 20:28 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-20 20:28 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 20:28 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-17 08:49 . 2008-06-17 08:49 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\BigFish
2008-06-17 08:49 . 2008-06-17 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-16 17:25 . 2008-06-21 15:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-06-13 22:30 . 2008-06-13 22:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-11 06:14 . 2008-06-13 08:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 06:14 . 2008-06-13 08:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 13:55 . 2008-06-09 13:55 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\cerasus
2008-06-09 13:26 . 2008-06-09 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-07 08:45 . 2008-06-07 09:40 <DIR> d-------- C:\Program Files\The Secret of Margrave Manor
2008-06-04 18:00 . 2008-06-12 19:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-03 23:07 . 2008-06-03 23:07 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Sudden Games
2008-06-03 22:32 . 2008-06-03 22:32 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Meridian93
2008-06-03 16:04 . 2008-06-03 16:11 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 00:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-30 05:41 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Azureus
2008-07-30 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-28 02:03 --------- d-----w C:\Program Files\LeeGTs Games
2008-07-28 01:35 --------- d-----w C:\Program Files\bfgclient
2008-07-28 01:25 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-28 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-26 00:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\FrostWire
2008-07-23 17:33 --------- d-----w C:\Documents and Settings\Jenn\Application Data\PlayFirst
2008-07-19 15:12 --------- d-----w C:\Program Files\Java
2008-07-19 14:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-10 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 01:42 --------- d-----w C:\Program Files\Azureus
2008-06-21 20:09 --------- d-----w C:\Program Files\DivX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 22:25 --------- d-----w C:\Program Files\FrostWire
2008-06-16 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-09 18:56 --------- d-----w C:\Documents and Settings\Jenn\Application Data\cerasus.media
2008-05-31 04:23 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-29 15:49 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Ludia
2008-05-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-05-22 22:22 532,480 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 13:30 0 ----a-w C:\Program Files\temp01
2008-02-25 02:40 18,587 ----a-w C:\Documents and Settings\All Users\Application Data\iqaperu.bin
2008-02-25 02:40 18,481 ----a-w C:\Program Files\Common Files\dofyxiroky._dl
2008-02-25 02:40 18,266 ----a-w C:\Program Files\Common Files\tela.scr
2008-02-25 02:40 12,329 ----a-w C:\Program Files\Common Files\zigi.sys
2008-02-25 02:40 11,625 ----a-w C:\Documents and Settings\All Users\Application Data\pekuq.scr
2008-02-25 02:40 10,730 ----a-r C:\Documents and Settings\Jenn\Application Data\goda.exe
.

------- Sigcheck -------

2007-06-13 05:23 1039360 34a53f2bd782392586a3deb7f4d2cc1b C:\WINDOWS\explorer.exe
2007-06-13 06:26 1039360 8445aababf3df257bac6e18e0393491e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 07:00 1038336 5d5b12d7723f9a81ceb31ca3b719387a C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1039360 16c3d08bc4b632ea8e43b80f222ff8f0 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 07:00 21504 93d3d86fdb7ad879f8147c00ea967b88 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 07:00 21504 5ec6a8c2b577671bf605baddd3605163 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( [email protected]_20.03.11.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 168,448 ----a-w C:\WINDOWS\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1380352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 147456]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 21504]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 13:16 1927448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 02:35 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 02:35 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 18:51 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" [2008-02-09 19:53 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"nwiz"="nwiz.exe" [2006-08-16 02:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 15:00 16056832 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2882560 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\
Desperate Housewives Registration.lnk - C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe [2008-07-10 15:50:48 443392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 20:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-30 20:17:16
ComboFix-quarantined-files.txt 2008-07-31 01:17:13
ComboFix2.txt 2008-07-31 01:04:16
ComboFix3.txt 2008-07-30 04:26:28

Pre-Run: 41,046,011,904 bytes free
Post-Run: 41,001,578,496 bytes free

236 --- E O F --- 2008-07-09 08:00:53


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:51 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6569 bytes
  • 0

#10
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Your logs are looking better!

Step #1

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.


You are using peer-to-peer programs, specifically FrostWire.
These are what we call an optional removal. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to, please at least refrain from using any peer-to-peer programs for the remainder of my fix.
For more information about infections as a result of p2p programs, take a look here: http://p2p.malwareremoval.com/


Step #2


Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Application Data\iqaperu.bin
C:\WINDOWS\system32\locate.com
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\WinCtrl32(2).dll
C:\Program Files\Common Files\dofyxiroky._dl
C:\Program Files\Common Files\tela.scr
C:\Program Files\Common Files\zigi.sys
C:\Documents and Settings\All Users\Application Data\pekuq.scr
C:\Documents and Settings\Jenn\Application Data\goda.exe
C:\WINDOWS\system32\tmp23E.tmp
C:\WINDOWS\system32\tmp23D.tmp
C:\WINDOWS\system32\tmp200.tmp
C:\WINDOWS\system32\tmp1FF.tmp
C:\WINDOWS\17PHolmes1001186.exe

Folder::
C:\Program Files\temp01
C:\Program Files\Viewpoint
C:\WINDOWS\SmVubg



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements


#11
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:08 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DropBox\DropBox\DropBox.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skra\Skra.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'Default user')
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6808 bytes


ComboFix 08-07-29.1 - Jenn 2008-08-03 15:52:47.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT -5:00]
Running from: C:\Documents and Settings\Jenn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenn\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\iqaperu.bin
C:\Documents and Settings\All Users\Application Data\pekuq.scr
C:\Documents and Settings\Jenn\Application Data\goda.exe
C:\Program Files\Common Files\dofyxiroky._dl
C:\Program Files\Common Files\tela.scr
C:\Program Files\Common Files\zigi.sys
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\locate.com
C:\WINDOWS\system32\tmp1FF.tmp
C:\WINDOWS\system32\tmp200.tmp
C:\WINDOWS\system32\tmp23D.tmp
C:\WINDOWS\system32\tmp23E.tmp
C:\WINDOWS\system32\WinCtrl32(2).dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\iqaperu.bin
C:\Documents and Settings\All Users\Application Data\pekuq.scr
C:\Documents and Settings\Jenn\Application Data\goda.exe
C:\Documents and Settings\Jenn\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Program Files\Common Files\dofyxiroky._dl
C:\Program Files\Common Files\tela.scr
C:\Program Files\Common Files\zigi.sys
C:\Program Files\inetget2
C:\Program Files\temp01\
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\b103.exe
C:\WINDOWS\b104.exe
C:\WINDOWS\b116.exe
C:\WINDOWS\b152.exe
C:\WINDOWS\b155.exe
C:\WINDOWS\b156.exe
C:\WINDOWS\b157.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp
C:\WINDOWS\SmVubg
C:\WINDOWS\system32\crtdl.dll
C:\WINDOWS\system32\Jamster.ico
C:\WINDOWS\system32\locate.com
C:\WINDOWS\system32\tmp1FF.tmp
C:\WINDOWS\system32\tmp200.tmp
C:\WINDOWS\system32\tmp23D.tmp
C:\WINDOWS\system32\tmp23E.tmp
C:\WINDOWS\system32\WinCtrl32(2).dll

.
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-08-01 21:25 . 2008-08-01 21:25 <DIR> d-------- C:\Program Files\Webtools
2008-08-01 21:25 . 2008-08-01 21:25 <DIR> d-------- C:\Program Files\Skra
2008-07-30 00:57 . 2008-07-30 00:57 <DIR> d-------- C:\Deckard
2008-07-30 00:00 . 2008-07-30 00:00 <DIR> d-------- C:\Documents and Settings\Jenn\DoctorWeb
2008-07-29 23:33 . 2008-07-29 23:35 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-29 22:39 . 2008-07-29 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-29 22:39 . 2008-07-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 21:47 . 2008-07-29 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 21:47 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 21:46 . 2008-07-29 23:36 <DIR> d-------- C:\MGtools
2008-07-29 21:46 . 2008-07-29 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 21:46 . 2008-07-29 23:36 54,116 --a------ C:\MGlogs.zip
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\SUPERAntiSpyware.com
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Program Files\Uniblue
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Uniblue
2008-07-28 08:47 . 2008-07-28 08:47 <DIR> d-------- C:\Program Files\Fashion Dash
2008-07-27 20:28 . 2008-07-27 20:28 <DIR> d-------- C:\Program Files\Oberon Games
2008-07-27 20:25 . 2008-07-27 20:25 <DIR> d-------- C:\Program Files\Real Arcade
2008-07-27 19:59 . 2008-07-27 20:22 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-27 19:48 . 2008-07-27 20:24 <DIR> d---s---- C:\Documents and Settings\Jenni
2008-07-24 08:44 . 2008-07-27 20:27 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\BeachPartyCraze
2008-07-24 08:28 . 2008-07-24 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-07-24 08:27 . 2008-07-24 08:27 <DIR> d-------- C:\Program Files\Five BN Studio
2008-07-23 12:20 . 2008-07-23 12:20 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Amaranth Games
2008-07-22 10:33 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Crazy Machines II
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gold Casual Games
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-22 08:44 . 2008-07-22 08:44 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Total Eclipse
2008-07-22 08:27 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\The Mysterious City Golden Prague
2008-07-22 08:26 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-07-19 09:44 . 2008-07-19 09:55 <DIR> d-------- C:\Nancy Drew
2008-07-17 09:10 . 2008-07-19 00:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\ForgottenRiddles2
2008-07-17 08:40 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Forgotten Riddles - The Moonlight Sonatas
2008-07-16 22:28 . 2001-04-07 16:43 65,536 --a------ C:\WINDOWS\system32\FoxCBmp3.dl
2008-07-16 22:25 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Aurora The Secret Within
2008-07-12 08:14 . 2008-07-12 10:01 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\FarmerJane
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\blg
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\blg
2008-07-11 13:01 . 2008-07-11 13:02 <DIR> d-------- C:\Program Files\Spa Mania
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Leadertech
2008-07-10 15:51 . 2008-07-10 16:52 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-10 15:46 . 2008-07-10 15:46 <DIR> d-------- C:\Program Files\Buena Vista Games
2008-07-10 15:45 . 2008-07-10 15:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\InstallShield
2008-07-10 15:45 . 2008-07-10 15:51 1,175 --a------ C:\WINDOWS\disney.ini
2008-07-10 15:45 . 2008-07-10 15:45 185 --a------ C:\WINDOWS\disneysy.ini
2008-07-10 12:02 . 2008-07-10 12:02 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gamelab
2008-07-10 12:01 . 2008-07-10 12:01 <DIR> d-------- C:\Program Files\iWin.com
2008-07-08 12:03 . 2008-07-08 12:03 <DIR> d-------- C:\Program Files\Sunshine Acres by downTURK
2008-07-06 10:33 . 2008-07-13 20:12 <DIR> d-------- C:\Program Files\Build in Time
2008-07-04 09:16 . 2008-07-04 09:16 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\SulusGames
2008-07-03 21:22 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-07-03 21:09 . 2008-07-28 08:50 <DIR> d-------- C:\Program Files\Alawar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 20:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-30 05:41 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Azureus
2008-07-30 03:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-28 02:03 --------- d-----w C:\Program Files\LeeGTs Games
2008-07-28 01:35 --------- d-----w C:\Program Files\bfgclient
2008-07-28 01:25 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-28 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-26 00:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\FrostWire
2008-07-23 17:33 --------- d-----w C:\Documents and Settings\Jenn\Application Data\PlayFirst
2008-07-19 15:12 --------- d-----w C:\Program Files\Java
2008-07-19 14:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-10 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 01:42 --------- d-----w C:\Program Files\Azureus
2008-06-29 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-26 22:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Dress Up Rush TAC CM
2008-06-21 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-06-21 20:09 --------- d-----w C:\Program Files\DivX
2008-06-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-06-21 01:53 --------- d-----w C:\Program Files\DropBox
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 13:49 --------- d-----w C:\Documents and Settings\Jenn\Application Data\BigFish
2008-06-17 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-16 22:25 --------- d-----w C:\Program Files\FrostWire
2008-06-16 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-14 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 18:56 --------- d-----w C:\Documents and Settings\Jenn\Application Data\cerasus.media
2008-06-09 18:55 --------- d-----w C:\Documents and Settings\Jenn\Application Data\cerasus
2008-06-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-07 14:40 --------- d-----w C:\Program Files\The Secret of Margrave Manor
2008-06-04 04:07 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Sudden Games
2008-06-04 03:32 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Meridian93
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 532,480 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-02-28 13:30 0 ----a-w C:\Program Files\temp01
.

------- Sigcheck -------

2007-06-13 05:23 1039360 34a53f2bd782392586a3deb7f4d2cc1b C:\WINDOWS\explorer.exe
2007-06-13 06:26 1039360 8445aababf3df257bac6e18e0393491e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 07:00 1038336 5d5b12d7723f9a81ceb31ca3b719387a C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1039360 16c3d08bc4b632ea8e43b80f222ff8f0 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 07:00 21504 93d3d86fdb7ad879f8147c00ea967b88 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 07:00 21504 5ec6a8c2b577671bf605baddd3605163 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( [email protected]_20.03.11.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-30 04:34:03 7,168 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-07-31 08:01:45 8,192 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2008-07-30 04:34:01 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-07-31 08:01:46 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
- 2008-07-30 04:33:57 716,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-07-31 08:01:53 720,896 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2008-07-30 04:33:57 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-07-31 08:01:47 299,008 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2008-07-30 04:34:03 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-07-31 08:01:51 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
- 2008-07-30 04:34:05 299,008 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-07-31 08:01:49 303,104 ----a-w C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2008-07-30 04:34:01 1,290,240 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-07-31 08:01:51 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
- 2008-07-30 04:34:02 1,699,840 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-07-31 08:01:45 1,703,936 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
- 2008-07-30 04:34:02 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-07-31 08:01:52 90,112 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2008-07-30 04:34:02 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-07-31 08:01:49 466,944 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2008-07-30 04:34:02 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-07-31 08:01:47 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2008-07-30 04:34:02 64,000 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-07-31 08:01:47 66,560 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
- 2008-07-30 04:34:02 368,640 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-07-31 08:01:51 372,736 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
- 2008-07-30 04:34:02 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-07-31 08:01:53 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2008-07-30 04:34:02 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-07-31 08:01:50 323,584 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2008-07-30 04:34:02 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-07-31 08:01:48 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2008-07-30 04:34:02 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-07-31 08:01:49 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
- 2008-07-30 04:34:02 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-07-31 08:01:52 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2008-07-30 04:34:04 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-07-31 08:01:44 819,200 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2008-07-30 04:34:03 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-07-31 08:01:47 57,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2008-07-30 04:34:03 569,344 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-07-31 08:01:46 573,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2008-07-30 04:34:02 1,245,184 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-01 08:00:59 1,265,664 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2008-07-30 04:34:03 2,039,808 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-07-31 08:01:48 2,052,096 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
- 2008-07-30 04:34:03 1,335,296 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-07-31 08:01:50 1,339,392 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
- 2008-07-30 04:34:02 1,216,512 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-01 08:00:59 1,232,896 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-08-01 08:01:10 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_f818cacf\CustomMarshalers.dll
+ 2008-08-01 08:01:25 3,391,488 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e5b379d2\mscorlib.dll
+ 2008-08-01 08:01:21 1,470,464 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_98c3dbfa\System.Design.dll
+ 2008-08-01 08:01:12 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_f8bb6a2d\System.Drawing.Design.dll
+ 2008-08-01 08:01:22 835,584 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_86cf15a8\System.Drawing.dll
+ 2008-08-01 08:01:16 3,018,752 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_d577c66c\System.Windows.Forms.dll
+ 2008-08-01 08:01:19 2,088,960 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_9a70bd0a\System.Xml.dll
+ 2008-08-01 08:01:09 1,966,080 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_4310bac1\System.dll
- 2003-02-21 00:19:32 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2007-04-14 02:30:52 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2003-02-21 00:19:34 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 06:49:18 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2003-02-21 00:19:38 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49:26 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2003-02-21 00:19:36 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2007-04-14 02:30:52 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 00:09:08 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2007-04-14 01:57:52 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2003-02-21 15:20:44 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-15 16:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 15:21:00 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2004-07-15 16:23:44 626,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
- 2003-02-21 00:06:20 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-10-08 19:30:14 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 12:24:38 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2004-07-15 19:31:00 8,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
- 2003-02-21 12:24:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2004-07-15 19:31:04 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
- 2003-02-21 00:09:40 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 12:26:36 716,800 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 19:28:58 720,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
- 2003-02-21 12:26:38 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28:56 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
- 2003-02-21 12:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2003-02-21 12:25:04 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2003-02-21 00:09:12 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 05:32:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
- 2003-02-21 00:09:12 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 05:32:46 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
- 2003-02-21 00:09:14 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2007-04-14 01:57:58 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 00:06:32 311,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2007-04-14 01:56:30 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2003-02-21 00:09:16 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:58:00 102,400 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2003-02-21 12:26:34 2,088,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2007-04-14 01:50:46 2,142,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2003-02-21 00:09:18 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2004-07-15 05:33:22 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
- 2003-02-21 00:09:18 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2004-07-15 05:33:24 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
- 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2007-04-14 01:58:02 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 00:07:34 2,494,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:57:00 2,523,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2003-02-21 00:08:32 2,482,176 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57:28 2,514,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-01-15 21:11:26 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 00:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 00:09:46 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
- 2003-02-21 00:09:30 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
- 2003-02-21 12:26:46 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 19:28:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2004-07-15 06:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_mscorlib.dll
+ 2003-02-21 00:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_mscorwks.dll
+ 2003-02-21 09:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3252\_PerfCounter.dll
- 2003-02-21 00:09:34 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2004-07-15 05:35:04 319,488 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SOS.dll
- 2003-02-21 12:26:38 1,290,240 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 19:32:00 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
- 2003-02-21 12:25:42 299,008 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 19:31:14 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
- 2003-02-21 12:26:42 1,699,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:29:02 1,703,936 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
- 2003-02-21 12:26:44 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2004-07-15 19:28:54 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
- 2003-02-21 12:26:46 1,216,512 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2007-04-14 02:35:38 1,232,896 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2003-02-21 12:26:50 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:28:58 466,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
- 2003-02-21 12:26:50 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28:56 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
- 2003-02-21 00:09:36 64,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2004-07-15 05:35:12 66,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
- 2003-02-21 12:26:52 368,640 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:31:58 372,736 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
- 2003-02-21 12:26:54 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31:12 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
- 2003-02-21 12:26:56 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:28:58 323,584 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
- 2003-02-21 12:26:56 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:31:54 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
- 2003-02-21 12:26:58 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 19:28:52 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
- 2003-02-21 12:27:00 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:28:54 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
- 2003-02-21 12:27:02 1,245,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35:46 1,265,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2003-02-21 12:27:06 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28:58 819,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
- 2003-02-21 12:24:18 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:28:52 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
- 2003-02-21 12:27:06 569,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:31:16 573,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
- 2003-02-21 12:27:08 2,039,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2004-07-15 19:32:02 2,052,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
- 2003-02-21 12:27:10 1,335,296 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:29:00 1,339,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-06-22 18:51:38 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2003-02-21 15:20:38 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 16:23:20 745,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2003-02-21 10:04:18 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2004-07-15 13:15:14 1,032,192 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
- 2003-02-21 01:10:40 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-07-15 07:11:56 31,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 13:00:00 168,448 ----a-w C:\WINDOWS\swreg.exe
- 2003-02-21 00:06:24 155,648 ----a-w C:\WINDOWS\system32\mscoree.dll
+ 2006-12-22 17:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
- 2003-02-20 23:43:38 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2004-07-15 04:34:06 16,896 ----a-w C:\WINDOWS\system32\mscorier.dll
+ 2006-12-22 18:02:36 6,144 ----a-w C:\WINDOWS\system32\mui\0409\mscorees.dll
- 2008-07-30 04:35:28 64,334 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-31 08:01:39 64,334 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-30 04:35:28 420,156 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-31 08:01:39 420,156 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-04 12:00:00 33,280 ----a-w C:\WINDOWS\system32\rundll32.exe
+ 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\rundll32.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1380352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 147456]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 21504]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 13:16 1927448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 02:35 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 02:35 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 18:51 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" [2008-02-09 19:53 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"nwiz"="nwiz.exe" [2006-08-16 02:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 15:00 16056832 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2882560 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skra"="C:\Program Files\Skra\Skra.exe" [2008-08-01 21:25 33280]

C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\
Desperate Housewives Registration.lnk - C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe [2008-07-10 15:50:48 443392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca086c2a-0f33-11dd-8a96-001d7d9842b9}]
\Shell\AutoRun\command - E:\autoplay.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 15:55:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-03 15:57:21
ComboFix-quarantined-files.txt 2008-08-03 20:57:08
ComboFix2.txt 2008-07-31 01:17:17
ComboFix3.txt 2008-07-31 01:04:16
ComboFix4.txt 2008-07-30 04:26:28

Pre-Run: 40,216,588,288 bytes free
Post-Run: 40,184,246,272 bytes free

447 --- E O F --- 2008-08-01 08:01:03
  • 0

#12
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i still cant seem to get rid of 17pholmes....what is that??
  • 0

#13
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\temp01


Folder::
C:\Program Files\Skra
C:\Program Files\FrostWire

DirLook::
C:\Documents and Settings\All Users\Application Data\Fitn17

Registry::
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKUS\S-1-5-18\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skra] C:\Program Files\Skra\Skra.exe (User 'Default user')
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca086c2a-0f33-11dd-8a96-001d7d9842b9}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by SpySentinel, 04 August 2008 - 02:02 PM.

  • 0

#14
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
ComboFix 08-07-29.1 - Jenn 2008-08-04 21:05:28.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.570 [GMT -5:00]
Running from: C:\Documents and Settings\Jenn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenn\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Program Files\temp01
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenn\Application Data\macromedia\Flash Player\#SharedObjects\B5R8Y62L\interclick.com
C:\Documents and Settings\Jenn\Application Data\macromedia\Flash Player\#SharedObjects\B5R8Y62L\interclick.com\ud.sol
C:\Documents and Settings\Jenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Jenn\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Program Files\FrostWire
C:\Program Files\FrostWire\clink.jar
C:\Program Files\FrostWire\commons-httpclient.jar
C:\Program Files\FrostWire\commons-logging.jar
C:\Program Files\FrostWire\commons-net.jar
C:\Program Files\FrostWire\commons-pool.jar
C:\Program Files\FrostWire\daap.jar
C:\Program Files\FrostWire\EULA.txt
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\FrostWire\FrostWire.ico
C:\Program Files\FrostWire\FrostWire.jar
C:\Program Files\FrostWire\GPL2.txt
C:\Program Files\FrostWire\hashes
C:\Program Files\FrostWire\hs_err_pid1772.log
C:\Program Files\FrostWire\hs_err_pid2136.log
C:\Program Files\FrostWire\hs_err_pid2744.log
C:\Program Files\FrostWire\hs_err_pid3016.log
C:\Program Files\FrostWire\hs_err_pid344.log
C:\Program Files\FrostWire\hs_err_pid3812.log
C:\Program Files\FrostWire\hs_err_pid4036.log
C:\Program Files\FrostWire\hs_err_pid608.log
C:\Program Files\FrostWire\i18n.jar
C:\Program Files\FrostWire\icu4j.jar
C:\Program Files\FrostWire\id3v2.jar
C:\Program Files\FrostWire\irc.jar
C:\Program Files\FrostWire\jcraft.jar
C:\Program Files\FrostWire\jdic.dll
C:\Program Files\FrostWire\jdic.jar
C:\Program Files\FrostWire\jdic_stub.jar
C:\Program Files\FrostWire\jl011.jar
C:\Program Files\FrostWire\jmdns.jar
C:\Program Files\FrostWire\jython.jar
C:\Program Files\FrostWire\log.txt
C:\Program Files\FrostWire\log4j.jar
C:\Program Files\FrostWire\log4j.properties
C:\Program Files\FrostWire\looks.jar
C:\Program Files\FrostWire\MessagesBundle.properties
C:\Program Files\FrostWire\MessagesBundles.jar
C:\Program Files\FrostWire\mp3sp14.jar
C:\Program Files\FrostWire\pmf.ico
C:\Program Files\FrostWire\ProgressTabs.jar
C:\Program Files\FrostWire\seenMessages.dat
C:\Program Files\FrostWire\SystemUtilities.dll
C:\Program Files\FrostWire\themes.jar
C:\Program Files\FrostWire\tray.dll
C:\Program Files\FrostWire\tritonus.jar
C:\Program Files\FrostWire\Uninstall.exe
C:\Program Files\FrostWire\update.ver
C:\Program Files\FrostWire\vorbis.jar
C:\Program Files\FrostWire\xml-apis.jar
C:\Program Files\FrostWire\xml.war
C:\Program Files\Skra
C:\Program Files\Skra\Skra.exe
C:\Program Files\temp01
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu1001186.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-03 22:27 . 2008-08-03 22:27 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Valusoft
2008-08-03 22:27 . 2008-08-03 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Valusoft
2008-08-03 21:29 . 2008-08-03 22:25 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Jane s Realty hitzwarez net
2008-08-03 21:27 . 2008-08-04 08:28 <DIR> d-------- C:\Program Files\Beach Party Craze
2008-08-03 20:34 . 2008-08-03 20:34 <DIR> d-------- C:\WINDOWS\Secv
2008-08-01 21:25 . 2008-08-01 21:25 <DIR> d-------- C:\Program Files\Webtools
2008-07-30 00:57 . 2008-07-30 00:57 <DIR> d-------- C:\Deckard
2008-07-30 00:00 . 2008-07-30 00:00 <DIR> d-------- C:\Documents and Settings\Jenn\DoctorWeb
2008-07-29 23:33 . 2008-07-29 23:35 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-29 22:39 . 2008-07-29 22:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-29 22:39 . 2008-07-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-29 21:47 . 2008-07-29 23:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-29 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-29 21:47 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 21:47 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 21:46 . 2008-07-29 23:36 <DIR> d-------- C:\MGtools
2008-07-29 21:46 . 2008-07-29 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-29 21:46 . 2008-07-29 23:36 54,116 --a------ C:\MGlogs.zip
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 21:45 . 2008-07-29 21:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\SUPERAntiSpyware.com
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Program Files\Uniblue
2008-07-29 13:26 . 2008-07-29 13:26 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Uniblue
2008-07-28 08:47 . 2008-07-28 08:47 <DIR> d-------- C:\Program Files\Fashion Dash
2008-07-27 20:28 . 2008-07-27 20:28 <DIR> d-------- C:\Program Files\Oberon Games
2008-07-27 20:25 . 2008-07-27 20:25 <DIR> d-------- C:\Program Files\Real Arcade
2008-07-27 19:59 . 2008-07-27 20:22 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-27 19:48 . 2008-07-27 20:24 <DIR> d---s---- C:\Documents and Settings\Jenni
2008-07-24 08:44 . 2008-08-04 08:28 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\BeachPartyCraze
2008-07-24 08:28 . 2008-07-24 08:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TheRace_dev
2008-07-24 08:27 . 2008-07-24 08:27 <DIR> d-------- C:\Program Files\Five BN Studio
2008-07-23 12:20 . 2008-07-23 12:20 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Amaranth Games
2008-07-22 10:33 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Crazy Machines II
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gold Casual Games
2008-07-22 09:04 . 2008-07-22 09:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gold Casual Games
2008-07-22 08:44 . 2008-07-22 08:44 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Total Eclipse
2008-07-22 08:27 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\The Mysterious City Golden Prague
2008-07-22 08:26 . 2008-07-27 20:31 <DIR> d-------- C:\Program Files\Fashion Boutique
2008-07-19 09:44 . 2008-07-19 09:55 <DIR> d-------- C:\Nancy Drew
2008-07-17 09:10 . 2008-07-19 00:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\ForgottenRiddles2
2008-07-17 08:40 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Forgotten Riddles - The Moonlight Sonatas
2008-07-16 22:28 . 2001-04-07 16:43 65,536 --a------ C:\WINDOWS\system32\FoxCBmp3.dl
2008-07-16 22:25 . 2008-07-27 20:35 <DIR> d-------- C:\Program Files\Aurora The Secret Within
2008-07-12 08:14 . 2008-07-12 10:01 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\FarmerJane
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\blg
2008-07-11 13:03 . 2008-07-11 13:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\blg
2008-07-11 13:01 . 2008-07-11 13:02 <DIR> d-------- C:\Program Files\Spa Mania
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Leadertech
2008-07-10 15:51 . 2008-07-10 16:52 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2008-07-10 15:51 . 2008-07-10 15:51 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-07-10 15:46 . 2008-07-10 15:46 <DIR> d-------- C:\Program Files\Buena Vista Games
2008-07-10 15:45 . 2008-07-10 15:45 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\InstallShield
2008-07-10 15:45 . 2008-07-10 15:51 1,175 --a------ C:\WINDOWS\disney.ini
2008-07-10 15:45 . 2008-07-10 15:45 185 --a------ C:\WINDOWS\disneysy.ini
2008-07-10 12:02 . 2008-07-10 12:02 <DIR> d-------- C:\Documents and Settings\Jenn\Application Data\Gamelab
2008-07-10 12:01 . 2008-07-10 12:01 <DIR> d-------- C:\Program Files\iWin.com
2008-07-08 12:03 . 2008-07-08 12:03 <DIR> d-------- C:\Program Files\Sunshine Acres by downTURK
2008-07-06 10:33 . 2008-08-03 18:47 <DIR> d-------- C:\Program Files\Build in Time

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 01:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-03 23:36 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Azureus
2008-08-03 23:11 --------- d-----w C:\Documents and Settings\Jenn\Application Data\PlayFirst
2008-08-03 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-03 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-28 13:50 --------- d-----w C:\Program Files\Alawar
2008-07-28 02:03 --------- d-----w C:\Program Files\LeeGTs Games
2008-07-28 01:35 --------- d-----w C:\Program Files\bfgclient
2008-07-28 01:25 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-28 01:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-26 00:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\FrostWire
2008-07-19 15:12 --------- d-----w C:\Program Files\Java
2008-07-19 14:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-10 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 01:42 --------- d-----w C:\Program Files\Azureus
2008-07-04 14:16 --------- d-----w C:\Documents and Settings\Jenn\Application Data\SulusGames
2008-07-04 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\FarmFrenzy2
2008-06-29 16:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreshGames
2008-06-26 22:46 --------- d-----w C:\Documents and Settings\Jenn\Application Data\Dress Up Rush TAC CM
2008-06-21 20:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-06-21 20:09 --------- d-----w C:\Program Files\DivX
2008-06-21 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fitn17
2008-06-21 01:53 --------- d-----w C:\Program Files\DropBox
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 13:49 --------- d-----w C:\Documents and Settings\Jenn\Application Data\BigFish
2008-06-17 13:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFish
2008-06-16 02:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-06-14 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 18:56 --------- d-----w C:\Documents and Settings\Jenn\Application Data\cerasus.media
2008-06-09 18:55 --------- d-----w C:\Documents and Settings\Jenn\Application Data\cerasus
2008-06-09 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-06-07 14:40 --------- d-----w C:\Program Files\The Secret of Margrave Manor
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 532,480 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\Fitn17 ----

2008-07-05 23:11 2971 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\1save.dat
2008-07-05 22:25 3 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\SoundVolume.dat
2008-07-05 22:25 3 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\MusicVolume.dat
2008-07-05 22:25 1 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\displayMode.dat
2008-07-05 22:25 1 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\autoPause.dat
2008-06-21 12:55 9 --a------ C:\Documents and Settings\All Users\Application Data\Fitn17\BigFish\data\lastProfile.dat


------- Sigcheck -------

2007-06-13 05:23 1039360 34a53f2bd782392586a3deb7f4d2cc1b C:\WINDOWS\explorer.exe
2007-06-13 06:26 1039360 8445aababf3df257bac6e18e0393491e C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 07:00 1038336 5d5b12d7723f9a81ceb31ca3b719387a C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 05:23 1039360 16c3d08bc4b632ea8e43b80f222ff8f0 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 07:00 21504 93d3d86fdb7ad879f8147c00ea967b88 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 07:00 21504 5ec6a8c2b577671bf605baddd3605163 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1380352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 147456]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 08:08 136136]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 21504]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 13:16 1927448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 02:35 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 02:35 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 18:51 241664]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"DropBoxUtility"="C:\Program Files\DropBox\DropBox\DropBox.exe" [2008-02-09 19:53 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"nwiz"="nwiz.exe" [2006-08-16 02:35 1617920 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 15:00 16056832 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2882560 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\Jenn\Start Menu\Programs\Startup\
Desperate Housewives Registration.lnk - C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe [2008-07-10 15:50:48 443392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=

S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-23 20:21]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 21:08:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-04 21:09:49
ComboFix-quarantined-files.txt 2008-08-05 02:09:33
ComboFix2.txt 2008-08-03 20:57:22
ComboFix3.txt 2008-07-31 01:17:17
ComboFix4.txt 2008-07-31 01:04:16
ComboFix5.txt 2008-08-05 02:05:01

Pre-Run: 38,945,361,920 bytes free
Post-Run: 38,953,533,440 bytes free

276 --- E O F --- 2008-08-01 08:01:03


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:20 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Desperate Housewives Registration.lnk = C:\Program Files\Buena Vista Games\Desperate Housewives\eReg\DSN1.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) - http://www.worldwinn...h/dinerdash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6310 bytes
  • 0

#15
notsoperfect187

notsoperfect187

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
17pholmes is still showing up on my task manager... :-(
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP