Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Need help removing WIN32:TratBHO [CLOSED]

Started by jerryrs , Mar 28 2008 11:50 PM

This topic is locked

#1
jerryrs

Posted 28 March 2008 - 11:50 PM

New Member

Member
5 posts

Hi, I need help removing this nasty virus. I have Avast antivirus running and it continually pops
up everytime I try to delete the found dll. It appears the dll keeps regenerating with a random filename.
Here is my current hijack this log. I appreciate any assistance you all can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:31 AM, on 3/29/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\ScanSoft OmniPage\OpwareSE4.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Avast4\ashWebSv.exe
C:\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1D09B027-6D0D-4AFA-BDE1-8C525AC6284B} - (no file)
O2 - BHO: (no name) - {2172CBA4-E65F-4C96-9D12-D1B05DAE25F7} - (no file)
O2 - BHO: (no name) - {58370A60-34DD-4079-91B9-686175B7DD8D} - (no file)
O2 - BHO: (no name) - {60DE4262-E05B-4451-AE18-4BFFF720E4B2} - (no file)
O2 - BHO: (no name) - {702BD21F-FC5B-4E27-8AD3-85553C1B24A6} - (no file)
O2 - BHO: (no name) - {853D1456-5889-471E-A703-F15876708007} - (no file)
O2 - BHO: (no name) - {8872426E-97B6-43C7-99B1-892F0C20F323} - (no file)
O2 - BHO: (no name) - {93E09F9A-C778-4D20-A46A-69E7C878A620} - (no file)
O2 - BHO: (no name) - {970CD056-2166-487B-BFB4-B78874FA7D69} - (no file)
O2 - BHO: (no name) - {9CA35F08-BF12-41CA-A5A2-914818A10AB6} - (no file)
O2 - BHO: (no name) - {A8ADC84F-C81E-474C-9125-5308687DDDD2} - (no file)
O2 - BHO: (no name) - {AE1F8CEF-261A-4864-A127-3D208E752089} - (no file)
O2 - BHO: (no name) - {B15BAE40-0807-471C-9045-D28F483D4C22} - C:\WINDOWS\System32\wvwwu.dll
O2 - BHO: (no name) - {B40A7E50-A94F-4AD6-9C47-64AB066B7108} - (no file)
O2 - BHO: (no name) - {C629D1C0-00CA-4004-A787-289697A324FB} - (no file)
O2 - BHO: (no name) - {EBE6C99C-6EE5-4C47-8332-72994F659316} - (no file)
O2 - BHO: (no name) - {FAF13D4E-8FC4-4CDF-BB1C-8315DA01B07A} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft OmniPage\OpwareSE4.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [MapEDC] C:\Program Files\MapEDC\MapEDC.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.6.0.6.cab
O20 - Winlogon Notify: fccyxxw - fccyxxw.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 9182 bytes

#2
miekiemoes

Posted 29 March 2008 - 09:04 AM

Malware Expert

Member
5,503 posts

Hi,

* Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#3
jerryrs

Posted 30 March 2008 - 09:27 AM

New Member

Topic Starter
Member
5 posts

Thanks Miekiemoes, It took me several tries to get mbam to finish because it kept stalling but finally I got it to run all the way through. Here's my mbam log:

Scan type: Quick Scan
Objects scanned: 26597
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\xb8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ff3 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cms4 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi\nvcoi.exe.lzma (Trojan.Stars) -> Quarantined and deleted successfully.

>>>>>>>>>>>>>>>>>>>
Here's a fresh hijack this log. Item 20 looks like it may be a little fishy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:10 AM, on 3/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Avast4\ashDisp.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\ScanSoft OmniPage\OpwareSE4.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\ICO.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft OmniPage\OpwareSE4.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.6.0.6.cab
O20 - Winlogon Notify: fccyxxw - fccyxxw.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8001 bytes

Thanks so much for your help. Please let me know if there is anything I need to do next.

#4
miekiemoes

Posted 30 March 2008 - 11:23 AM

Malware Expert

Member
5,503 posts

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

#5
jerryrs

Posted 30 March 2008 - 01:16 PM

New Member

Topic Starter
Member
5 posts

Ok, here is my combofix log:

ComboFix 08-03-30.2 - Samara 2008-03-30 14:06:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.650 [GMT -5:00]
Running from: C:\Documents and Settings\Samara\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\{B8E7A79E-CAA4-4C59-A212-780FC2D1B0A8}.exe
C:\WINDOWS\system32\{EF7F68B2-0A49-4C46-BBB6-0A085C9B764F}.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 11:23 . 2008-03-30 11:23 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Grisoft
2008-03-30 11:23 . 2008-03-30 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 11:23 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-30 10:51 . 2008-03-30 10:51 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-30 10:51 . 2008-03-30 14:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-30 10:51 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-30 10:51 . 2008-03-30 10:51 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-30 10:48 . 2004-07-01 17:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-30 10:48 . 2004-06-30 18:59 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2008-03-30 10:48 . 2004-07-01 17:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-30 10:48 . 2004-07-01 17:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-03-30 10:48 . 2004-07-01 17:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-30 10:48 . 2004-07-01 17:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-03-30 10:48 . 2004-07-01 17:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-30 10:44 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-30 10:44 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-30 10:44 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-30 10:44 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-30 10:44 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-30 10:44 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-30 10:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-30 10:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-30 10:44 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-30 10:40 . 2008-03-30 10:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-30 10:40 . 2008-03-30 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 10:02 . 2008-03-29 13:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Malwarebytes
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-29 09:33 . 2008-03-29 09:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 09:33 . 2008-03-29 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 09:22 . 2002-08-29 03:41 286,720 --a------ C:\WINDOWS\system32\msh263.drv
2008-03-29 09:22 . 2002-08-29 03:41 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 09:22 . 2002-08-29 03:41 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-03-29 09:22 . 2001-08-17 22:36 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-03-29 09:22 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2008-03-29 09:22 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-29 09:22 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-29 09:22 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-03-29 09:22 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-03-29 09:21 . 2003-04-07 13:22 424,143 --a------ C:\WINDOWS\system32\drivers\SonyVcc.sys
2008-03-29 09:21 . 2003-04-07 13:22 43,984 --a------ C:\WINDOWS\system32\drivers\snyluvcc.sys
2008-03-29 09:06 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-03-29 09:06 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2008-03-29 00:48 . 2008-03-29 00:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 21:36 . 2008-03-28 22:12 <DIR> d-------- C:\VundoFix Backups
2008-03-28 06:41 . 2008-03-28 06:42 1,488,236 --ahs---- C:\WINDOWS\system32\jksfught.ini
2008-03-27 23:08 . 2008-03-30 11:36 <DIR> d-------- C:\found.001
2008-03-26 07:27 . 2008-03-26 07:27 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 07:24 . 2008-03-26 07:24 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-03-24 07:26 . 2008-03-28 05:42 1,488,176 --ahs---- C:\WINDOWS\system32\mhlsvrfh.ini
2008-03-24 00:02 . 2008-03-24 07:18 1,541,923 --ahs---- C:\WINDOWS\system32\vuqplewf.ini
2008-03-23 19:44 . 2008-03-28 21:06 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Sunbelt Software
2008-03-17 20:21 . 2008-03-17 20:21 <DIR> d-------- C:\found.000
2008-03-17 16:38 . 2008-03-23 23:53 1,775,968 --ahs---- C:\WINDOWS\system32\lhnlmtmq.ini
2008-03-14 08:54 . 2008-03-14 08:54 1,304,536 --ahs---- C:\WINDOWS\system32\gbqmpknk.ini
2008-03-12 23:39 . 2008-03-13 23:41 1,383,775 --ahs---- C:\WINDOWS\system32\ohmmgigi.ini
2008-03-10 16:53 . 2008-03-11 14:45 1,318,223 --ahs---- C:\WINDOWS\system32\dydbwaqo.ini
2008-03-09 13:44 . 2008-03-10 16:45 1,318,043 --ahs---- C:\WINDOWS\system32\gpsavdqk.ini
2008-03-08 13:41 . 2008-03-09 13:42 1,307,801 --ahs---- C:\WINDOWS\system32\hgkcxill.ini
2008-03-07 12:31 . 2008-03-08 13:36 1,307,681 --ahs---- C:\WINDOWS\system32\mortikbi.ini
2008-03-06 10:36 . 2008-03-06 10:36 1,306,943 --ahs---- C:\WINDOWS\system32\useedfoc.ini
2008-03-05 10:27 . 2008-03-05 10:27 1,306,943 --ahs---- C:\WINDOWS\system32\pxtbaoaq.tmp
2008-03-05 10:27 . 2008-03-05 10:27 1,306,883 --ahs---- C:\WINDOWS\system32\pxtbaoaq.ini
2008-03-03 15:45 . 2008-03-05 10:24 1,306,883 --ahs---- C:\WINDOWS\system32\cnhofvvd.ini
2008-03-02 21:06 . 2008-03-30 13:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 21:06 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-02 21:06 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-02 21:06 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-02 21:06 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-02 21:05 . 2008-03-02 21:05 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\PC Tools
2008-03-01 09:00 . 2008-03-01 09:00 1,286,141 --ahs---- C:\WINDOWS\system32\rqfqltxm.tmp
2008-02-24 13:54 . 2008-02-29 23:38 <DIR> d-------- C:\WINDOWS\system32\ez2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 15:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-29 07:51 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-25 06:40 --------- d-----w C:\Program Files\adsoft
2008-03-17 09:27 65,536 ----a-w C:\WINDOWS\DUMPad0f.tmp
2008-03-17 09:25 65,536 ----a-w C:\WINDOWS\DUMPa76d.tmp
2008-03-17 09:23 65,536 ----a-w C:\WINDOWS\DUMPab43.tmp
2008-03-17 09:21 65,536 ----a-w C:\WINDOWS\DUMPa1f3.tmp
2008-03-17 09:19 65,536 ----a-w C:\WINDOWS\DUMPa96c.tmp
2008-03-17 09:17 65,536 ----a-w C:\WINDOWS\DUMPb0ef.tmp
2008-03-17 09:14 65,536 ----a-w C:\WINDOWS\DUMPafb8.tmp
2008-03-17 09:12 65,536 ----a-w C:\WINDOWS\DUMPab7f.tmp
2008-03-17 09:10 65,536 ----a-w C:\WINDOWS\DUMPadd7.tmp
2008-03-17 09:08 65,536 ----a-w C:\WINDOWS\DUMPb1d5.tmp
2008-03-17 09:06 65,536 ----a-w C:\WINDOWS\DUMPaff4.tmp
2008-03-17 09:04 65,536 ----a-w C:\WINDOWS\DUMPb912.tmp
2008-03-17 09:02 65,536 ----a-w C:\WINDOWS\DUMPb438.tmp
2008-03-17 08:59 65,536 ----a-w C:\WINDOWS\DUMPb899.tmp
2008-03-17 08:57 65,536 ----a-w C:\WINDOWS\DUMPa99e.tmp
2008-03-17 08:55 65,536 ----a-w C:\WINDOWS\DUMPae28.tmp
2008-03-17 08:53 65,536 ----a-w C:\WINDOWS\DUMPb6eb.tmp
2008-03-17 08:51 65,536 ----a-w C:\WINDOWS\DUMPa958.tmp
2008-03-17 08:48 65,536 ----a-w C:\WINDOWS\DUMPb167.tmp
2008-03-17 08:46 65,536 ----a-w C:\WINDOWS\DUMPa673.tmp
2008-03-17 08:44 65,536 ----a-w C:\WINDOWS\DUMPad2d.tmp
2008-03-17 08:41 65,536 ----a-w C:\WINDOWS\DUMPa9e4.tmp
2008-03-17 08:39 65,536 ----a-w C:\WINDOWS\DUMPa9bc.tmp
2008-03-17 08:37 65,536 ----a-w C:\WINDOWS\DUMPacdd.tmp
2008-03-17 08:35 65,536 ----a-w C:\WINDOWS\DUMPb930.tmp
2008-03-17 08:33 65,536 ----a-w C:\WINDOWS\DUMPa4ba.tmp
2008-03-17 08:31 65,536 ----a-w C:\WINDOWS\DUMPa3e8.tmp
2008-03-17 08:29 65,536 ----a-w C:\WINDOWS\DUMPae0a.tmp
2008-03-17 08:27 65,536 ----a-w C:\WINDOWS\DUMPb135.tmp
2008-03-17 08:25 65,536 ----a-w C:\WINDOWS\DUMPb6d7.tmp
2008-03-17 08:22 65,536 ----a-w C:\WINDOWS\DUMPae14.tmp
2008-03-17 08:20 65,536 ----a-w C:\WINDOWS\DUMPa410.tmp
2008-03-17 08:18 65,536 ----a-w C:\WINDOWS\DUMPb582.tmp
2008-03-17 08:16 65,536 ----a-w C:\WINDOWS\DUMPc008.tmp
2008-03-17 08:13 65,536 ----a-w C:\WINDOWS\DUMPaffe.tmp
2008-03-17 08:11 65,536 ----a-w C:\WINDOWS\DUMPad73.tmp
2008-03-17 08:09 65,536 ----a-w C:\WINDOWS\DUMPa803.tmp
2008-03-17 08:07 65,536 ----a-w C:\WINDOWS\DUMPb99e.tmp
2008-03-17 08:04 65,536 ----a-w C:\WINDOWS\DUMPa5aa.tmp
2008-03-17 08:02 65,536 ----a-w C:\WINDOWS\DUMPb550.tmp
2008-03-17 08:00 65,536 ----a-w C:\WINDOWS\DUMPb384.tmp
2008-03-17 07:57 65,536 ----a-w C:\WINDOWS\DUMPb980.tmp
2008-03-17 07:55 65,536 ----a-w C:\WINDOWS\DUMPabed.tmp
2008-03-17 07:53 65,536 ----a-w C:\WINDOWS\DUMPbb42.tmp
2008-03-17 07:51 65,536 ----a-w C:\WINDOWS\DUMPab39.tmp
2008-03-17 07:48 65,536 ----a-w C:\WINDOWS\DUMPb080.tmp
2008-03-17 07:46 65,536 ----a-w C:\WINDOWS\DUMPa4ec.tmp
2008-03-17 07:44 65,536 ----a-w C:\WINDOWS\DUMPa578.tmp
2008-03-17 07:42 65,536 ----a-w C:\WINDOWS\DUMPb1ad.tmp
2008-03-17 07:39 65,536 ----a-w C:\WINDOWS\DUMPabf7.tmp
2008-03-17 07:37 65,536 ----a-w C:\WINDOWS\DUMPb103.tmp
2008-03-17 07:35 65,536 ----a-w C:\WINDOWS\DUMPa60f.tmp
2008-03-17 07:33 65,536 ----a-w C:\WINDOWS\DUMPaaf2.tmp
2008-03-17 07:31 65,536 ----a-w C:\WINDOWS\DUMPaa02.tmp
2008-03-17 07:29 65,536 ----a-w C:\WINDOWS\DUMPa7f9.tmp
2008-03-17 07:27 65,536 ----a-w C:\WINDOWS\DUMPaeaa.tmp
2008-03-17 07:25 65,536 ----a-w C:\WINDOWS\DUMPaa16.tmp
2008-03-17 07:22 65,536 ----a-w C:\WINDOWS\DUMPa41a.tmp
2008-03-17 07:20 65,536 ----a-w C:\WINDOWS\DUMPad37.tmp
2008-03-17 07:18 65,536 ----a-w C:\WINDOWS\DUMPb2e3.tmp
2008-03-17 07:16 65,536 ----a-w C:\WINDOWS\DUMPb442.tmp
2008-03-17 07:13 65,536 ----a-w C:\WINDOWS\DUMPaf9a.tmp
2008-03-17 07:11 65,536 ----a-w C:\WINDOWS\DUMPb3de.tmp
2008-03-17 07:09 65,536 ----a-w C:\WINDOWS\DUMPad55.tmp
2008-03-17 07:07 65,536 ----a-w C:\WINDOWS\DUMPadcd.tmp
2008-03-17 07:05 65,536 ----a-w C:\WINDOWS\DUMPaee6.tmp
2008-03-17 07:03 65,536 ----a-w C:\WINDOWS\DUMPa44c.tmp
2008-03-17 07:00 65,536 ----a-w C:\WINDOWS\DUMPc347.tmp
2008-03-17 06:58 65,536 ----a-w C:\WINDOWS\DUMPb53c.tmp
2008-03-17 06:55 65,536 ----a-w C:\WINDOWS\DUMPb803.tmp
2008-03-03 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 02:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 19:17 --------- d-----w C:\Documents and Settings\Samara\Application Data\AdobeUM
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-29_ 2.00.11.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-07-01 22:08:18 361,984 ----a-w C:\WINDOWS\LastGood\system32\bits\qmgr.dll
+ 2003-03-31 12:00:00 14,848 ----a-w C:\WINDOWS\LastGood\system32\cdm.dll
+ 2002-12-12 08:14:32 130,304 ----a-w C:\WINDOWS\LastGood\system32\drivers\ks.sys
+ 2003-04-07 20:22:02 43,984 ----a-w C:\WINDOWS\LastGood\system32\drivers\snyluvcc.sys
+ 2003-04-07 20:22:12 424,143 ----a-w C:\WINDOWS\LastGood\system32\drivers\SonyVcc.sys
+ 2002-08-29 01:48:52 14,208 ----a-w C:\WINDOWS\LastGood\system32\drivers\usbscan.sys
+ 2001-08-17 22:36:18 45,568 ----a-w C:\WINDOWS\LastGood\system32\iyuv_32.dll
+ 2002-12-12 08:14:32 4,096 ----a-w C:\WINDOWS\LastGood\system32\ksuser.dll
+ 2002-08-29 03:41:32 286,720 ----a-w C:\WINDOWS\LastGood\system32\msh263.drv
+ 2003-02-17 18:16:28 16,896 ----a-w C:\WINDOWS\LastGood\system32\msyuv.dll
+ 2003-03-31 12:00:00 221,696 ----a-w C:\WINDOWS\LastGood\system32\qmgr.dll
+ 2003-03-31 12:00:00 17,408 ----a-w C:\WINDOWS\LastGood\system32\qmgrprxy.dll
+ 2001-08-17 22:36:34 8,192 ----a-w C:\WINDOWS\LastGood\system32\tsbyuv.dll
+ 2002-08-29 03:41:18 49,664 ----a-w C:\WINDOWS\LastGood\system32\vfwwdm32.dll
+ 2003-03-31 12:00:00 310,272 ----a-w C:\WINDOWS\LastGood\system32\winhttp.dll
+ 2003-03-31 12:00:00 139,776 ----a-w C:\WINDOWS\LastGood\system32\wuauclt.exe
+ 2003-03-31 12:00:00 189,440 ----a-w C:\WINDOWS\LastGood\system32\wuaueng.dll
+ 2004-07-01 22:08:18 361,984 ------w C:\WINDOWS\system32\bits\qmgr.dll
- 2003-03-31 12:00:00 14,848 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 00:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-03-29 03:16:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-30 18:09:09 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-29 03:16:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-30 18:09:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-29 03:16:46 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-30 18:09:09 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-29 06:08:00 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2008-03-30 18:46:48 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
+ 2007-07-31 00:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2002-12-12 08:14:32 130,304 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2002-12-12 08:14:32 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2003-02-17 18:16:28 16,896 -c--a-w C:\WINDOWS\system32\dllcache\msyuv.dll
+ 2007-07-31 00:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 00:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-12-04 14:56:02 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2007-07-11 18:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-10-11 19:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2007-10-30 15:46:25 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-29 07:05:31 40,394 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-30 15:46:25 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-29 07:05:31 312,172 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2003-03-31 12:00:00 221,696 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2004-07-01 22:08:18 361,984 ----a-w C:\WINDOWS\system32\qmgr.dll
+ 2001-08-17 22:36:18 45,568 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\iyuv_32.dll
+ 2002-12-12 08:14:32 130,304 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ks.sys
+ 2002-12-12 08:14:32 4,096 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\ksuser.dll
+ 2002-08-29 03:41:32 286,720 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\msh263.drv
+ 2003-02-17 18:16:28 16,896 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\msyuv.dll
+ 2001-08-17 22:36:34 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\tsbyuv.dll
+ 2002-08-29 01:48:52 14,208 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\usbscan.sys
+ 2002-08-29 03:41:18 49,664 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\vfwwdm32.dll
+ 2003-04-07 20:22:02 43,984 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\snyluvcc.sys
+ 2003-04-07 20:22:12 424,143 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\SonyVcc.sys
- 2005-05-04 19:45:26 13,536 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 19:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2003-03-31 12:00:00 139,776 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2003-03-31 12:00:00 189,440 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 00:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-03-30 18:09:57 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_738.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\Avast4\ashDisp.exe" [2008-03-29 13:37 79224]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2003-11-29 07:23 135168]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 00:08 28672]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 19:54 278528]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]
"HostManager"="C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe" [2006-03-08 13:38 48280]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2003-08-14 13:00 90112]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 17:21 114688]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2005-04-18 13:38 71256]
"RegistryMechanic"="" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-02 09:38 282624]
"OpwareSE4"="D:\ScanSoft OmniPage\OpwareSE4.exe" [2006-10-11 12:45 75304]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 19:46 45056 C:\WINDOWS\system32\ico.exe]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-03-27 10:57 126104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxxw]
fccyxxw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PowerPanel.lnk]
backup=C:\WINDOWS\pss\PowerPanel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"nvcoi"=C:\Program Files\nvcoi\nvcoi.exe

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 13:31]
R3 DVccUSBSony1;Sony Visual Communication Camera VCC-U01;C:\WINDOWS\System32\DRIVERS\SonyVcc.sys [2003-04-07 13:22]
R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\System32\DRIVERS\SonyPI.sys [2002-08-20 14:59]
S1 NwlsAcd;NwlsAcd;C:\WINDOWS\System32\drivers\mfmkaud.sys []
S3 fa410;NETGEAR FA410TX Fast Ethernet PC Card Driver;C:\WINDOWS\System32\DRIVERS\fa410nd5.sys [2001-08-17 07:12]

*Newly Created Service* - ASWSP
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 14:10:04
Windows 5.1.2600 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-03-30 14:12:41
ComboFix-quarantined-files.txt 2008-03-30 19:11:37
ComboFix2.txt 2008-03-29 07:01:31
Pre-Run: 4,230,197,248 bytes free
Post-Run: 4,213,768,192 bytes free
.
2008-03-30 18:17:55 --- E O F ---

>>>>>>>>>>>>>>>>>>here is my fresh hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:29 PM, on 3/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\Avast4\ashDisp.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
D:\ScanSoft OmniPage\OpwareSE4.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SoftwareDistribution\Download\eb5ff0ae9fdaa24285c4924997a7aa90\update\update.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft OmniPage\OpwareSE4.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206891611613
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.6.0.6.cab
O20 - Winlogon Notify: fccyxxw - fccyxxw.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8934 bytes

Thanks again for your help...Am I finally clean?

#6
miekiemoes

Posted 30 March 2008 - 01:27 PM

Malware Expert

Member
5,503 posts

Hi,

Almost done...

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\lhnlmtmq.ini
C:\WINDOWS\system32\gbqmpknk.ini
C:\WINDOWS\system32\ohmmgigi.ini
C:\WINDOWS\system32\dydbwaqo.ini
C:\WINDOWS\system32\gpsavdqk.ini
C:\WINDOWS\system32\hgkcxill.ini
C:\WINDOWS\system32\mortikbi.ini
C:\WINDOWS\system32\useedfoc.ini
C:\WINDOWS\system32\pxtbaoaq.tmp
C:\WINDOWS\system32\pxtbaoaq.ini
C:\WINDOWS\system32\cnhofvvd.ini
C:\WINDOWS\system32\rqfqltxm.tmp
C:\WINDOWS\system32\jksfught.ini
C:\WINDOWS\system32\mhlsvrfh.ini
C:\WINDOWS\system32\vuqplewf.ini
Folder::
C:\WINDOWS\system32\ez2
C:\VundoFix Backups
Driver::
NwlsAcd
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccyxxw]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"nvcoi"=-

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#7
jerryrs

Posted 30 March 2008 - 05:57 PM

New Member

Topic Starter
Member
5 posts

Here's the combofix logfile...

ComboFix 08-03-30.2 - Samara 2008-03-30 16:39:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.716 [GMT -5:00]
Running from: C:\Documents and Settings\Samara\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Samara\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\cnhofvvd.ini
C:\WINDOWS\system32\dydbwaqo.ini
C:\WINDOWS\system32\gbqmpknk.ini
C:\WINDOWS\system32\gpsavdqk.ini
C:\WINDOWS\system32\hgkcxill.ini
C:\WINDOWS\system32\jksfught.ini
C:\WINDOWS\system32\lhnlmtmq.ini
C:\WINDOWS\system32\mhlsvrfh.ini
C:\WINDOWS\system32\mortikbi.ini
C:\WINDOWS\system32\ohmmgigi.ini
C:\WINDOWS\system32\pxtbaoaq.ini
C:\WINDOWS\system32\pxtbaoaq.tmp
C:\WINDOWS\system32\rqfqltxm.tmp
C:\WINDOWS\system32\useedfoc.ini
C:\WINDOWS\system32\vuqplewf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\puncfugp.dll.bad
C:\WINDOWS\system32\cnhofvvd.ini
C:\WINDOWS\system32\dydbwaqo.ini
C:\WINDOWS\system32\ez2
C:\WINDOWS\system32\gbqmpknk.ini
C:\WINDOWS\system32\gpsavdqk.ini
C:\WINDOWS\system32\hgkcxill.ini
C:\WINDOWS\system32\jksfught.ini
C:\WINDOWS\system32\lhnlmtmq.ini
C:\WINDOWS\system32\mhlsvrfh.ini
C:\WINDOWS\system32\mortikbi.ini
C:\WINDOWS\system32\ohmmgigi.ini
C:\WINDOWS\system32\pxtbaoaq.ini
C:\WINDOWS\system32\pxtbaoaq.tmp
C:\WINDOWS\system32\rqfqltxm.tmp
C:\WINDOWS\system32\useedfoc.ini
C:\WINDOWS\system32\vuqplewf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWLSACD
-------\Service_NwlsAcd

((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-30 16:30 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-03-30 16:05 . 2008-03-30 16:05 2,694 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-03-30 15:49 . 2008-03-30 15:49 <DIR> d-------- C:\WINDOWS\peernet
2008-03-30 15:48 . 2008-03-30 15:48 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-30 15:39 . 2008-03-30 15:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-30 15:22 . 2008-03-30 15:22 <DIR> d-------- C:\WINDOWS\EHome
2008-03-30 15:06 . 2004-08-04 02:56 183,296 --------- C:\WINDOWS\system32\wuaueng1.dll
2008-03-30 15:06 . 2004-08-04 02:56 165,888 --------- C:\WINDOWS\system32\wuauclt1.exe
2008-03-30 15:06 . 2004-08-04 02:56 148,480 --------- C:\WINDOWS\system32\wscui.cpl
2008-03-30 15:06 . 2004-08-04 02:56 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2008-03-30 15:06 . 2004-08-04 02:56 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2008-03-30 15:06 . 2004-08-04 02:56 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2008-03-30 15:06 . 2004-08-04 02:56 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2008-03-30 15:06 . 2004-08-04 02:56 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2008-03-30 15:04 . 2004-08-04 00:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-03-30 15:03 . 2004-08-04 02:56 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-03-30 15:02 . 2004-08-04 02:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-03-30 15:02 . 2004-08-04 00:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-03-30 15:02 . 2004-08-04 00:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-03-30 15:02 . 2004-08-04 00:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-03-30 15:02 . 2004-08-04 02:56 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2008-03-30 15:02 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-03-30 15:02 . 2004-08-04 02:56 25,600 --------- C:\WINDOWS\system32\netsetup.cpl
2008-03-30 15:02 . 2004-08-04 01:07 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2008-03-30 15:02 . 2004-08-04 01:04 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2008-03-30 15:00 . 2004-08-04 00:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-03-30 14:59 . 2004-08-04 02:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-03-30 14:21 . 2008-03-30 14:23 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-30 11:23 . 2008-03-30 11:23 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Grisoft
2008-03-30 11:23 . 2008-03-30 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-30 11:23 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-30 10:51 . 2008-03-30 10:51 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-30 10:51 . 2008-03-30 16:30 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-30 10:51 . 2005-02-24 22:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-30 10:51 . 2008-03-30 10:52 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-30 10:48 . 2004-08-04 02:56 438,784 --------- C:\WINDOWS\system32\xpob2res.dll
2008-03-30 10:48 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-03-30 10:48 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-30 10:48 . 2004-08-04 02:56 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-03-30 10:48 . 2004-08-04 02:56 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-03-30 10:44 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-03-30 10:44 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-03-30 10:44 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-30 10:44 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-03-30 10:44 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-03-30 10:44 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-03-30 10:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-03-30 10:44 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-03-30 10:44 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-03-30 10:40 . 2008-03-30 10:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-30 10:40 . 2008-03-30 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-30 10:02 . 2008-03-29 13:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Malwarebytes
2008-03-29 10:52 . 2008-03-29 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-29 09:33 . 2008-03-29 09:33 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-29 09:33 . 2008-03-29 09:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-29 09:22 . 2004-08-04 02:56 294,912 --a------ C:\WINDOWS\system32\msh263.drv
2008-03-29 09:22 . 2004-08-04 02:56 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-03-29 09:22 . 2004-08-04 02:56 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2008-03-29 09:22 . 2004-08-04 00:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-29 09:22 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2008-03-29 09:22 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2008-03-29 09:21 . 2003-04-07 13:22 424,143 --a------ C:\WINDOWS\system32\drivers\SonyVcc.sys
2008-03-29 09:21 . 2003-04-07 13:22 43,984 --a------ C:\WINDOWS\system32\drivers\snyluvcc.sys
2008-03-29 09:06 . 2004-08-04 02:56 192,000 --a------ C:\WINDOWS\system32\iuengine.dll
2008-03-29 00:48 . 2008-03-29 00:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 23:08 . 2008-03-30 11:36 <DIR> d-------- C:\found.001
2008-03-26 07:27 . 2008-03-26 07:27 <DIR> d-------- C:\Program Files\CCleaner
2008-03-26 07:24 . 2008-03-26 07:24 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-03-23 19:44 . 2008-03-28 21:06 54,584 --a------ C:\WINDOWS\system32\drivers\sbapifs.sys
2008-03-23 19:42 . 2008-03-23 19:42 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\Sunbelt Software
2008-03-17 20:21 . 2008-03-17 20:21 <DIR> d-------- C:\found.000
2008-03-02 21:06 . 2008-03-30 15:17 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 21:06 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-03-02 21:06 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-03-02 21:06 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-03-02 21:06 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-03-02 21:05 . 2008-03-02 21:05 <DIR> d-------- C:\Documents and Settings\Samara\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 15:36 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 07:51 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-25 06:40 --------- d-----w C:\Program Files\adsoft
2008-03-17 09:27 65,536 ----a-w C:\WINDOWS\DUMPad0f.tmp
2008-03-17 09:25 65,536 ----a-w C:\WINDOWS\DUMPa76d.tmp
2008-03-17 09:23 65,536 ----a-w C:\WINDOWS\DUMPab43.tmp
2008-03-17 09:21 65,536 ----a-w C:\WINDOWS\DUMPa1f3.tmp
2008-03-17 09:19 65,536 ----a-w C:\WINDOWS\DUMPa96c.tmp
2008-03-17 09:17 65,536 ----a-w C:\WINDOWS\DUMPb0ef.tmp
2008-03-17 09:14 65,536 ----a-w C:\WINDOWS\DUMPafb8.tmp
2008-03-17 09:12 65,536 ----a-w C:\WINDOWS\DUMPab7f.tmp
2008-03-17 09:10 65,536 ----a-w C:\WINDOWS\DUMPadd7.tmp
2008-03-17 09:08 65,536 ----a-w C:\WINDOWS\DUMPb1d5.tmp
2008-03-17 09:06 65,536 ----a-w C:\WINDOWS\DUMPaff4.tmp
2008-03-17 09:04 65,536 ----a-w C:\WINDOWS\DUMPb912.tmp
2008-03-17 09:02 65,536 ----a-w C:\WINDOWS\DUMPb438.tmp
2008-03-17 08:59 65,536 ----a-w C:\WINDOWS\DUMPb899.tmp
2008-03-17 08:57 65,536 ----a-w C:\WINDOWS\DUMPa99e.tmp
2008-03-17 08:55 65,536 ----a-w C:\WINDOWS\DUMPae28.tmp
2008-03-17 08:53 65,536 ----a-w C:\WINDOWS\DUMPb6eb.tmp
2008-03-17 08:51 65,536 ----a-w C:\WINDOWS\DUMPa958.tmp
2008-03-17 08:48 65,536 ----a-w C:\WINDOWS\DUMPb167.tmp
2008-03-17 08:46 65,536 ----a-w C:\WINDOWS\DUMPa673.tmp
2008-03-17 08:44 65,536 ----a-w C:\WINDOWS\DUMPad2d.tmp
2008-03-17 08:41 65,536 ----a-w C:\WINDOWS\DUMPa9e4.tmp
2008-03-17 08:39 65,536 ----a-w C:\WINDOWS\DUMPa9bc.tmp
2008-03-17 08:37 65,536 ----a-w C:\WINDOWS\DUMPacdd.tmp
2008-03-17 08:35 65,536 ----a-w C:\WINDOWS\DUMPb930.tmp
2008-03-17 08:33 65,536 ----a-w C:\WINDOWS\DUMPa4ba.tmp
2008-03-17 08:31 65,536 ----a-w C:\WINDOWS\DUMPa3e8.tmp
2008-03-17 08:29 65,536 ----a-w C:\WINDOWS\DUMPae0a.tmp
2008-03-17 08:27 65,536 ----a-w C:\WINDOWS\DUMPb135.tmp
2008-03-17 08:25 65,536 ----a-w C:\WINDOWS\DUMPb6d7.tmp
2008-03-17 08:22 65,536 ----a-w C:\WINDOWS\DUMPae14.tmp
2008-03-17 08:20 65,536 ----a-w C:\WINDOWS\DUMPa410.tmp
2008-03-17 08:18 65,536 ----a-w C:\WINDOWS\DUMPb582.tmp
2008-03-17 08:16 65,536 ----a-w C:\WINDOWS\DUMPc008.tmp
2008-03-17 08:13 65,536 ----a-w C:\WINDOWS\DUMPaffe.tmp
2008-03-17 08:11 65,536 ----a-w C:\WINDOWS\DUMPad73.tmp
2008-03-17 08:09 65,536 ----a-w C:\WINDOWS\DUMPa803.tmp
2008-03-17 08:07 65,536 ----a-w C:\WINDOWS\DUMPb99e.tmp
2008-03-17 08:04 65,536 ----a-w C:\WINDOWS\DUMPa5aa.tmp
2008-03-17 08:02 65,536 ----a-w C:\WINDOWS\DUMPb550.tmp
2008-03-17 08:00 65,536 ----a-w C:\WINDOWS\DUMPb384.tmp
2008-03-17 07:57 65,536 ----a-w C:\WINDOWS\DUMPb980.tmp
2008-03-17 07:55 65,536 ----a-w C:\WINDOWS\DUMPabed.tmp
2008-03-17 07:53 65,536 ----a-w C:\WINDOWS\DUMPbb42.tmp
2008-03-17 07:51 65,536 ----a-w C:\WINDOWS\DUMPab39.tmp
2008-03-17 07:48 65,536 ----a-w C:\WINDOWS\DUMPb080.tmp
2008-03-17 07:46 65,536 ----a-w C:\WINDOWS\DUMPa4ec.tmp
2008-03-17 07:44 65,536 ----a-w C:\WINDOWS\DUMPa578.tmp
2008-03-17 07:42 65,536 ----a-w C:\WINDOWS\DUMPb1ad.tmp
2008-03-17 07:39 65,536 ----a-w C:\WINDOWS\DUMPabf7.tmp
2008-03-17 07:37 65,536 ----a-w C:\WINDOWS\DUMPb103.tmp
2008-03-17 07:35 65,536 ----a-w C:\WINDOWS\DUMPa60f.tmp
2008-03-17 07:33 65,536 ----a-w C:\WINDOWS\DUMPaaf2.tmp
2008-03-17 07:31 65,536 ----a-w C:\WINDOWS\DUMPaa02.tmp
2008-03-17 07:29 65,536 ----a-w C:\WINDOWS\DUMPa7f9.tmp
2008-03-17 07:27 65,536 ----a-w C:\WINDOWS\DUMPaeaa.tmp
2008-03-17 07:25 65,536 ----a-w C:\WINDOWS\DUMPaa16.tmp
2008-03-17 07:22 65,536 ----a-w C:\WINDOWS\DUMPa41a.tmp
2008-03-17 07:20 65,536 ----a-w C:\WINDOWS\DUMPad37.tmp
2008-03-17 07:18 65,536 ----a-w C:\WINDOWS\DUMPb2e3.tmp
2008-03-17 07:16 65,536 ----a-w C:\WINDOWS\DUMPb442.tmp
2008-03-17 07:13 65,536 ----a-w C:\WINDOWS\DUMPaf9a.tmp
2008-03-17 07:11 65,536 ----a-w C:\WINDOWS\DUMPb3de.tmp
2008-03-17 07:09 65,536 ----a-w C:\WINDOWS\DUMPad55.tmp
2008-03-17 07:07 65,536 ----a-w C:\WINDOWS\DUMPadcd.tmp
2008-03-17 07:05 65,536 ----a-w C:\WINDOWS\DUMPaee6.tmp
2008-03-17 07:03 65,536 ----a-w C:\WINDOWS\DUMPa44c.tmp
2008-03-17 07:00 65,536 ----a-w C:\WINDOWS\DUMPc347.tmp
2008-03-17 06:58 65,536 ----a-w C:\WINDOWS\DUMPb53c.tmp
2008-03-17 06:55 65,536 ----a-w C:\WINDOWS\DUMPb803.tmp
2008-03-03 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 02:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 19:17 --------- d-----w C:\Documents and Settings\Samara\Application Data\AdobeUM
.

((((((((((((((((((((((((((((( snapshot_2008-03-30_14.10.57.97 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-02-19 22:15:36 1,821,696 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
- 2003-03-31 12:00:00 406,528 ----a-w C:\WINDOWS\AppPatch\AcLayers.dll
+ 2004-08-04 07:56:41 450,048 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
- 2003-03-31 12:00:00 125,440 ----a-w C:\WINDOWS\AppPatch\AcLua.dll
+ 2004-08-04 07:56:41 137,728 ----a-w C:\WINDOWS\AppPatch\aclua.dll
- 2003-03-31 12:00:00 219,136 ----a-w C:\WINDOWS\AppPatch\AcSpecfc.dll
+ 2004-08-04 07:56:41 244,736 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
- 2003-03-31 12:00:00 107,520 ----a-w C:\WINDOWS\AppPatch\AcXtrnal.dll
+ 2004-08-04 07:56:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
- 2003-08-15 00:12:05 1,005,056 ----a-w C:\WINDOWS\explorer.exe
+ 2004-08-04 07:56:49 1,032,192 ----a-w C:\WINDOWS\explorer.exe
- 2003-03-31 12:00:00 32,256 ----a-w C:\WINDOWS\Help\sniffpol.dll
+ 2004-08-04 07:56:45 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
- 2003-03-31 12:00:00 30,720 ----a-w C:\WINDOWS\Help\sstub.dll
+ 2004-08-04 07:56:45 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
- 2003-03-31 12:00:00 262,656 ----a-w C:\WINDOWS\Help\tshoot.dll
+ 2004-08-04 07:56:46 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
- 2002-11-09 12:47:56 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2004-08-04 07:56:50 10,752 ----a-w C:\WINDOWS\hh.exe
- 2003-03-31 12:00:00 203,776 ----a-w C:\WINDOWS\ime\mscandui.dll
+ 2004-08-04 07:56:42 220,160 ----a-w C:\WINDOWS\ime\mscandui.dll
- 2003-03-31 12:00:00 121,344 ----a-w C:\WINDOWS\ime\SOFTKBD.DLL
+ 2004-08-04 07:56:45 130,048 ----a-w C:\WINDOWS\ime\softkbd.dll
- 2003-03-31 12:00:00 62,464 ----a-w C:\WINDOWS\ime\SPGRMR.dll
+ 2004-08-04 07:56:29 62,976 ----a-w C:\WINDOWS\ime\spgrmr.dll
- 2003-03-31 12:00:00 235,520 ----a-w C:\WINDOWS\ime\SPTIP.dll
+ 2004-08-04 07:56:45 250,880 ----a-w C:\WINDOWS\ime\sptip.dll
- 2003-03-31 12:00:00 22,016 ----a-w C:\WINDOWS\msagent\agentanm.dll
+ 2004-08-04 07:56:41 24,064 ----a-w C:\WINDOWS\msagent\agentanm.dll
- 2003-03-31 12:00:00 204,288 ----a-w C:\WINDOWS\msagent\agentctl.dll
+ 2004-08-04 07:56:41 214,016 ----a-w C:\WINDOWS\msagent\agentctl.dll
- 2003-03-31 12:00:00 35,840 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2004-08-04 07:56:41 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2003-03-31 12:00:00 50,688 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2004-08-04 07:56:41 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2003-03-31 12:00:00 44,032 ----a-w C:\WINDOWS\msagent\agentmpx.dll
+ 2004-08-04 07:56:41 49,152 ----a-w C:\WINDOWS\msagent\agentmpx.dll
- 2003-03-31 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\agentpsh.dll
+ 2004-08-04 07:56:41 24,064 ----a-w C:\WINDOWS\msagent\agentpsh.dll
- 2003-03-31 12:00:00 39,936 ----a-w C:\WINDOWS\msagent\agentsr.dll
+ 2004-08-04 07:56:41 44,032 ----a-w C:\WINDOWS\msagent\agentsr.dll
- 2003-03-31 12:00:00 235,008 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2004-08-04 07:56:47 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
- 2003-03-31 12:00:00 21,504 ----a-w C:\WINDOWS\msagent\agtintl.dll
+ 2004-08-04 07:56:41 24,064 ----a-w C:\WINDOWS\msagent\agtintl.dll
- 2003-03-31 12:00:00 36,352 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
+ 2004-08-04 07:56:43 39,936 ----a-w C:\WINDOWS\msagent\mslwvtts.dll
- 2003-03-31 12:00:00 66,048 ----a-w C:\WINDOWS\NOTEPAD.EXE
+ 2004-08-04 07:56:54 69,120 ----a-w C:\WINDOWS\notepad.exe
- 2003-03-31 12:00:00 742,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
+ 2004-08-04 07:56:49 768,512 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
- 2003-03-31 12:00:00 703,488 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
+ 2004-08-04 07:56:50 743,936 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
- 2003-03-31 12:00:00 8,704 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\HscUpd.exe
+ 2004-08-04 07:56:50 18,944 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
- 2003-03-31 12:00:00 145,408 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
+ 2004-08-04 07:56:53 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe
- 2003-03-31 12:00:00 348,160 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
+ 2004-08-04 07:56:43 376,320 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll
- 2002-11-27 18:50:20 94,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
+ 2004-08-04 07:56:44 102,400 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchshell.dll
- 2003-03-31 12:00:00 29,696 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
- 2003-03-31 12:00:00 138,752 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe
+ 2004-08-04 07:56:57 150,528 ----a-w C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
+ 2004-08-04 07:56:45 151,552 ------w C:\WINDOWS\peernet\sqldb20.dll
+ 2004-08-04 07:56:45 462,848 ------w C:\WINDOWS\peernet\sqlqp20.dll
+ 2004-08-04 07:56:45 110,592 ------w C:\WINDOWS\peernet\sqlse20.dll
- 2003-03-31 12:00:00 134,144 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-04 07:56:55 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-04 06:10:06 53,248 ------w C:\WINDOWS\ServicePackFiles\i386\1394bus.sys
+ 2004-08-04 06:00:03 12,288 ------w C:\WINDOWS\ServicePackFiles\i386\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\61883.sys
+ 2004-08-04 07:56:41 100,352 ------w C:\WINDOWS\ServicePackFiles\i386\6to4svc.dll
+ 2002-08-29 04:00:48 231,552 ------w C:\WINDOWS\ServicePackFiles\i386\ac97ali.sys
+ 2002-08-29 04:00:56 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\ac97via.sys
+ 2004-08-04 07:56:47 183,808 ------w C:\WINDOWS\ServicePackFiles\i386\accwiz.exe
+ 2004-08-04 07:56:41 1,852,416 ------w C:\WINDOWS\ServicePackFiles\i386\acgenral.dll
+ 2004-08-04 07:56:41 450,048 ------w C:\WINDOWS\ServicePackFiles\i386\aclayers.dll
+ 2004-08-04 07:56:41 137,728 ------w C:\WINDOWS\ServicePackFiles\i386\aclua.dll
+ 2004-08-04 07:56:41 114,688 ------w C:\WINDOWS\ServicePackFiles\i386\aclui.dll
+ 2004-08-04 06:07:38 187,776 ------w C:\WINDOWS\ServicePackFiles\i386\acpi.sys
+ 2004-08-04 07:56:41 244,736 ------w C:\WINDOWS\ServicePackFiles\i386\acspecfc.dll
+ 2004-08-04 07:56:41 194,048 ------w C:\WINDOWS\ServicePackFiles\i386\activeds.dll
+ 2004-08-04 07:56:47 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\actmovie.exe
+ 2004-08-04 07:56:41 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\actxprxy.dll
+ 2004-08-04 07:56:41 116,224 ------w C:\WINDOWS\ServicePackFiles\i386\acxtrnal.dll
+ 2004-08-04 07:56:41 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\admin.dll
+ 2004-08-04 07:56:47 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\admin.exe
+ 2002-08-29 04:00:48 10,880 ------w C:\WINDOWS\ServicePackFiles\i386\admjoy.sys
+ 2004-08-04 07:56:41 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\admparse.dll
+ 2004-08-04 07:56:41 175,616 ------w C:\WINDOWS\ServicePackFiles\i386\adsldp.dll
+ 2004-08-04 07:56:41 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\adsldpc.dll
+ 2004-08-04 07:56:41 68,096 ------w C:\WINDOWS\ServicePackFiles\i386\adsmsext.dll
+ 2004-08-04 07:56:41 263,680 ------w C:\WINDOWS\ServicePackFiles\i386\adsnt.dll
+ 2004-08-04 07:56:41 4,255 ------w C:\WINDOWS\ServicePackFiles\i386\adv01nt5.dll
+ 2004-08-04 07:56:41 3,967 ------w C:\WINDOWS\ServicePackFiles\i386\adv02nt5.dll
+ 2004-08-04 07:56:41 3,615 ------w C:\WINDOWS\ServicePackFiles\i386\adv05nt5.dll
+ 2004-08-04 07:56:41 3,647 ------w C:\WINDOWS\ServicePackFiles\i386\adv07nt5.dll
+ 2004-08-04 07:56:41 3,135 ------w C:\WINDOWS\ServicePackFiles\i386\adv08nt5.dll
+ 2004-08-04 07:56:41 3,711 ------w C:\WINDOWS\ServicePackFiles\i386\adv09nt5.dll
+ 2004-08-04 07:56:41 3,775 ------w C:\WINDOWS\ServicePackFiles\i386\adv11nt5.dll
+ 2004-08-04 07:56:41 616,960 ------w C:\WINDOWS\ServicePackFiles\i386\advapi32.dll
+ 2004-08-04 07:56:41 99,840 ------w C:\WINDOWS\ServicePackFiles\i386\advpack.dll
+ 2004-08-04 05:39:36 142,464 ------w C:\WINDOWS\ServicePackFiles\i386\aec.sys
+ 2004-08-04 06:14:14 138,496 ------w C:\WINDOWS\ServicePackFiles\i386\afd.sys
+ 2004-08-04 07:56:41 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentanm.dll
+ 2004-08-04 07:56:41 214,016 ------w C:\WINDOWS\ServicePackFiles\i386\agentctl.dll
+ 2004-08-04 07:56:41 41,984 ------w C:\WINDOWS\ServicePackFiles\i386\agentdp2.dll
+ 2004-08-04 07:56:41 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\agentdpv.dll
+ 2004-08-04 07:56:41 49,152 ------w C:\WINDOWS\ServicePackFiles\i386\agentmpx.dll
+ 2004-08-04 07:56:41 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agentpsh.dll
+ 2004-08-04 07:56:41 44,032 ------w C:\WINDOWS\ServicePackFiles\i386\agentsr.dll
+ 2004-08-04 07:56:47 256,512 ------w C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe
+ 2004-08-04 06:07:41 42,368 ------w C:\WINDOWS\ServicePackFiles\i386\agp440.sys
+ 2004-08-04 06:07:42 44,928 ------w C:\WINDOWS\ServicePackFiles\i386\agpcpq.sys
+ 2004-08-04 07:56:41 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\agtintl.dll
+ 2004-08-04 07:56:47 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\ahui.exe
+ 2004-08-04 07:56:47 44,544 ------w C:\WINDOWS\ServicePackFiles\i386\alg.exe
+ 2004-08-04 06:07:41 42,752 ------w C:\WINDOWS\ServicePackFiles\i386\alim1541.sys
+ 2004-08-04 07:56:41 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\alrsvc.dll
+ 2004-08-04 06:07:42 43,008 ------w C:\WINDOWS\ServicePackFiles\i386\amdagp.sys
+ 2004-08-04 05:59:19 36,992 ------w C:\WINDOWS\ServicePackFiles\i386\amdk6.sys
+ 2004-08-04 05:59:20 37,376 ------w C:\WINDOWS\ServicePackFiles\i386\amdk7.sys
+ 2004-08-04 07:56:41 70,656 ------w C:\WINDOWS\ServicePackFiles\i386\amstream.dll
+ 2002-08-29 03:59:12 36,224 ------w C:\WINDOWS\ServicePackFiles\i386\an983.sys
+ 2004-08-04 07:56:41 126,976 ------w C:\WINDOWS\ServicePackFiles\i386\apphelp.dll
+ 2004-08-04 07:56:41 331,264 ------w C:\WINDOWS\ServicePackFiles\i386\aqueue.dll
+ 2004-08-04 05:58:29 60,800 ------w C:\WINDOWS\ServicePackFiles\i386\arp1394.sys
+ 2004-08-04 07:55:59 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\asferror.dll
+ 2004-08-04 07:56:41 65,024 ------w C:\WINDOWS\ServicePackFiles\i386\asycfilt.dll
+ 2004-08-04 06:05:03 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\asyncmac.sys
+ 2004-08-04 07:56:47 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\at.exe
+ 2004-08-04 05:59:42 95,360 ------w C:\WINDOWS\ServicePackFiles\i386\atapi.sys
+ 2004-08-04 05:29:29 56,623 ------w C:\WINDOWS\ServicePackFiles\i386\ati1btxx.sys
+ 2004-08-04 05:29:29 11,615 ------w C:\WINDOWS\ServicePackFiles\i386\ati1mdxx.sys
+ 2004-08-04 05:29:29 12,047 ------w C:\WINDOWS\ServicePackFiles\i386\ati1pdxx.sys
+ 2004-08-04 05:29:30 30,671 ------w C:\WINDOWS\ServicePackFiles\i386\ati1raxx.sys
+ 2004-08-04 05:29:30 63,663 ------w C:\WINDOWS\ServicePackFiles\i386\ati1rvxx.sys
+ 2004-08-04 05:29:31 26,367 ------w C:\WINDOWS\ServicePackFiles\i386\ati1snxx.sys
+ 2004-08-04 05:29:31 21,343 ------w C:\WINDOWS\ServicePackFiles\i386\ati1ttxx.sys
+ 2004-08-04 05:29:31 36,463 ------w C:\WINDOWS\ServicePackFiles\i386\ati1tuxx.sys
+ 2004-08-04 05:29:31 29,455 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xbxx.sys
+ 2004-08-04 05:29:31 34,735 ------w C:\WINDOWS\ServicePackFiles\i386\ati1xsxx.sys
+ 2004-08-04 07:56:41 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\ati2cqag.dll
+ 2004-08-04 07:56:41 377,984 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvaa.dll
+ 2004-08-04 07:56:41 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\ati2dvag.dll
+ 2004-08-04 05:29:26 327,040 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtaa.sys
+ 2004-08-04 05:29:26 701,440 ------w C:\WINDOWS\ServicePackFiles\i386\ati2mtag.sys
+ 2004-08-04 07:56:41 870,784 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d1ag.dll
+ 2004-08-04 07:56:41 1,057,760 ------w C:\WINDOWS\ServicePackFiles\i386\ati3d2ag.dll
+ 2004-08-04 07:56:41 1,888,992 ------w C:\WINDOWS\ServicePackFiles\i386\ati3duag.dll
+ 2004-08-04 05:29:27 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\atinbtxx.sys
+ 2004-08-04 05:29:28 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinmdxx.sys
+ 2004-08-04 05:29:29 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\atinpdxx.sys
+ 2004-08-04 05:29:29 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\atinraxx.sys
+ 2004-08-04 05:29:30 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\atinrvxx.sys
+ 2004-08-04 05:29:30 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\atinsnxx.sys
+ 2004-08-04 05:29:30 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\atinttxx.sys
+ 2004-08-04 05:29:31 73,216 ------w C:\WINDOWS\ServicePackFiles\i386\atintuxx.sys
+ 2004-08-04 05:29:31 31,744 ------w C:\WINDOWS\ServicePackFiles\i386\atinxbxx.sys
+ 2004-08-04 05:29:31 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\atinxsxx.sys
+ 2004-08-04 07:56:41 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativtmxx.dll
+ 2004-08-04 07:56:41 516,768 ------w C:\WINDOWS\ServicePackFiles\i386\ativvaxx.dll
+ 2004-08-04 07:56:41 58,880 ------w C:\WINDOWS\ServicePackFiles\i386\atl.dll
+ 2004-08-04 07:56:47 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\atmadm.exe
+ 2004-08-04 05:58:30 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\atmarpc.sys
+ 2004-08-04 07:55:59 285,696 ------w C:\WINDOWS\ServicePackFiles\i386\atmfd.dll
+ 2004-08-04 05:58:34 55,936 ------w C:\WINDOWS\ServicePackFiles\i386\atmlane.sys
+ 2004-08-04 07:56:41 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\atmlib.dll
+ 2004-08-04 07:56:41 21,183 ------w C:\WINDOWS\ServicePackFiles\i386\atv01nt5.dll
+ 2004-08-04 07:56:41 11,359 ------w C:\WINDOWS\ServicePackFiles\i386\atv02nt5.dll
+ 2004-08-04 07:56:41 25,471 ------w C:\WINDOWS\ServicePackFiles\i386\atv04nt5.dll
+ 2004-08-04 07:56:41 14,143 ------w C:\WINDOWS\ServicePackFiles\i386\atv06nt5.dll
+ 2004-08-04 07:56:41 17,279 ------w C:\WINDOWS\ServicePackFiles\i386\atv10nt5.dll
+ 2004-08-04 07:56:41 42,496 ------w C:\WINDOWS\ServicePackFiles\i386\audiosrv.dll
+ 2004-08-04 07:56:47 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\auditusr.exe
+ 2004-08-04 07:56:41 20,540 ------w C:\WINDOWS\ServicePackFiles\i386\author.dll
+ 2004-08-04 07:56:47 16,439 ------w C:\WINDOWS\ServicePackFiles\i386\author.exe
+ 2004-08-04 07:56:41 56,832 ------w C:\WINDOWS\ServicePackFiles\i386\authz.dll
+ 2004-08-04 07:56:47 588,800 ------w C:\WINDOWS\ServicePackFiles\i386\autochk.exe
+ 2004-08-04 07:56:47 602,624 ------w C:\WINDOWS\ServicePackFiles\i386\autoconv.exe
+ 2004-08-04 07:56:47 580,608 ------w C:\WINDOWS\ServicePackFiles\i386\autofmt.exe
+ 2004-08-04 07:56:47 11,264 ------w C:\WINDOWS\ServicePackFiles\i386\autolfn.exe
+ 2004-08-04 06:10:10 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\avc.sys
+ 2004-08-04 06:09:58 13,696 ------w C:\WINDOWS\ServicePackFiles\i386\avcstrm.sys
+ 2004-08-04 07:56:41 84,992 ------w C:\WINDOWS\ServicePackFiles\i386\avifil32.dll
+ 2004-08-04 07:56:41 52,736 ------w C:\WINDOWS\ServicePackFiles\i386\basesrv.dll
+ 2004-08-04 07:56:41 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\batmeter.dll
+ 2004-08-04 07:56:41 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\batt.dll
+ 2004-08-04 06:10:12 11,776 ------w C:\WINDOWS\ServicePackFiles\i386\bdasup.sys
+ 2004-08-04 07:56:41 17,408 ------w C:\WINDOWS\ServicePackFiles\i386\bidispl.dll
+ 2004-08-04 07:56:41 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx2.dll
+ 2004-08-04 07:56:41 7,168 ------w C:\WINDOWS\ServicePackFiles\i386\bitsprx3.dll
+ 2004-08-04 07:56:41 286,208 ------w C:\WINDOWS\ServicePackFiles\i386\blackbox.dll
+ 2004-08-04 07:56:47 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\blastcln.exe
+ 2004-08-04 05:59:57 71,552 ------w C:\WINDOWS\ServicePackFiles\i386\bridge.sys
+ 2004-08-04 07:55:59 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\browselc.dll
+ 2004-08-04 07:56:41 77,312 ------w C:\WINDOWS\ServicePackFiles\i386\browser.dll
+ 2004-08-04 07:56:41 1,016,832 ------w C:\WINDOWS\ServicePackFiles\i386\browseui.dll
+ 2004-08-04 07:56:41 78,336 ------w C:\WINDOWS\ServicePackFiles\i386\browsewm.dll
+ 2004-08-04 07:56:41 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthci.dll
+ 2004-08-04 06:10:38 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\bthenum.sys
+ 2004-08-04 06:10:38 38,016 ------w C:\WINDOWS\ServicePackFiles\i386\bthmodem.sys
+ 2004-08-04 05:58:38 100,992 ------w C:\WINDOWS\ServicePackFiles\i386\bthpan.sys
+ 2004-08-04 06:10:37 274,304 ------w C:\WINDOWS\ServicePackFiles\i386\bthport.sys
+ 2004-08-04 06:10:37 35,456 ------w C:\WINDOWS\ServicePackFiles\i386\bthprint.sys
+ 2004-08-04 07:56:41 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\bthserv.dll
+ 2004-08-04 06:10:34 18,944 ------w C:\WINDOWS\ServicePackFiles\i386\bthusb.sys
+ 2004-08-04 07:56:41 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\btpanui.dll
+ 2004-08-04 07:56:41 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\cabinet.dll
+ 2004-08-04 07:56:41 84,480 ------w C:\WINDOWS\ServicePackFiles\i386\cabview.dll
+ 2004-08-04 07:56:41 385,024 ------w C:\WINDOWS\ServicePackFiles\i386\callcont.dll
+ 2004-08-04 07:56:41 50,688 ------w C:\WINDOWS\ServicePackFiles\i386\camocx.dll
+ 2004-08-04 07:56:41 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\catsrv.dll
+ 2004-08-04 07:56:41 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvps.dll
+ 2004-08-04 07:56:41 628,224 ------w C:\WINDOWS\ServicePackFiles\i386\catsrvut.dll
+ 2004-08-04 06:10:16 17,024 ------w C:\WINDOWS\ServicePackFiles\i386\ccdecode.sys
+ 2004-08-04 06:14:10 63,744 ------w C:\WINDOWS\ServicePackFiles\i386\cdfs.sys
+ 2004-08-04 07:56:41 150,528 ------w C:\WINDOWS\ServicePackFiles\i386\cdfview.dll
+ 2004-08-04 07:56:41 66,560 ------w C:\WINDOWS\ServicePackFiles\i386\cdm.dll
+ 2004-08-04 07:56:41 2,067,968 ------w C:\WINDOWS\ServicePackFiles\i386\cdosys.dll
+ 2004-08-04 05:59:52 49,536 ------w C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
+ 2004-08-04 07:56:41 194,560 ------w C:\WINDOWS\ServicePackFiles\i386\certcli.dll
+ 2004-08-04 07:56:41 457,728 ------w C:\WINDOWS\ServicePackFiles\i386\certmgr.dll
+ 2004-08-04 07:56:41 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\cewmdm.dll
+ 2004-08-04 07:56:41 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\cfgbkend.dll
+ 2004-08-04 07:56:00 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\cfgmgr32.dll
+ 2004-08-04 07:56:47 188,480 ------w C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe
+ 2004-08-04 07:56:41 15,423 ------w C:\WINDOWS\ServicePackFiles\i386\ch7xxnt5.dll
+ 2004-08-04 06:00:12 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\changer.sys
+ 2004-08-04 07:56:41 1,352,192 ------w C:\WINDOWS\ServicePackFiles\i386\cimwin32.dll
+ 2004-08-04 07:56:41 69,120 ------w C:\WINDOWS\ServicePackFiles\i386\ciodm.dll
+ 2004-08-04 07:56:47 5,632 ------w C:\WINDOWS\ServicePackFiles\i386\cisvc.exe
+ 2004-08-04 06:14:26 49,664 ------w C:\WINDOWS\ServicePackFiles\i386\classpnp.sys
+ 2004-08-04 07:56:41 110,080 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatex.dll
+ 2004-08-04 07:56:41 501,248 ------w C:\WINDOWS\ServicePackFiles\i386\clbcatq.dll
+ 2004-08-04 07:56:47 64,000 ------w C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe
+ 2004-08-04 07:56:41 77,824 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.dll
+ 2004-08-04 07:56:47 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe
+ 2004-08-04 07:56:47 102,912 ------w C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe
+ 2004-08-04 07:56:47 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe
+ 2004-08-04 07:56:41 57,856 ------w C:\WINDOWS\ServicePackFiles\i386\clusapi.dll
+ 2004-08-04 06:07:39 14,080 ------w C:\WINDOWS\ServicePackFiles\i386\cmbatt.sys
+ 2004-08-04 07:56:41 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\cmcfg32.dll
+ 2004-08-04 07:56:48 388,608 ------w C:\WINDOWS\ServicePackFiles\i386\cmd.exe
+ 2004-08-04 07:56:41 343,040 ------w C:\WINDOWS\ServicePackFiles\i386\cmdial32.dll
+ 2004-08-04 07:56:48 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe
+ 2004-08-04 07:56:48 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe
+ 2004-08-04 07:56:41 185,344 ------w C:\WINDOWS\ServicePackFiles\i386\cmprops.dll
+ 2004-08-04 07:56:41 13,824 ------w C:\WINDOWS\ServicePackFiles\i386\cmsetacl.dll
+ 2004-08-04 07:56:48 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cmstp.exe
+ 2004-08-04 07:56:41 39,936 ------w C:\WINDOWS\ServicePackFiles\i386\cmutil.dll
+ 2004-08-04 07:56:41 47,104 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon.dll
+ 2004-08-04 07:56:41 79,360 ------w C:\WINDOWS\ServicePackFiles\i386\cnbjmon2.dll
+ 2004-08-04 07:56:41 62,464 ------w C:\WINDOWS\ServicePackFiles\i386\colbact.dll
+ 2004-08-04 07:56:41 195,584 ------w C:\WINDOWS\ServicePackFiles\i386\comadmin.dll
+ 2004-08-04 07:56:41 611,328 ------w C:\WINDOWS\ServicePackFiles\i386\comctl32.dll
+ 2004-08-04 07:56:41 276,992 ------w C:\WINDOWS\ServicePackFiles\i386\comdlg32.dll
+ 2004-08-04 07:56:41 252,928 ------w C:\WINDOWS\ServicePackFiles\i386\compatui.dll
+ 2004-08-04 07:56:41 229,376 ------w C:\WINDOWS\ServicePackFiles\i386\compstui.dll
+ 2004-08-04 07:56:48 9,728 ------w C:\WINDOWS\ServicePackFiles\i386\comrepl.exe
+ 2004-08-04 07:56:41 792,064 ------w C:\WINDOWS\ServicePackFiles\i386\comres.dll
+ 2004-08-04 07:56:41 1,251,840 ------w C:\WINDOWS\ServicePackFiles\i386\comsvcs.dll
+ 2004-08-04 07:56:41 540,160 ------w C:\WINDOWS\ServicePackFiles\i386\comuid.dll
+ 2004-08-04 07:56:48 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\conf.exe
+ 2004-08-04 07:56:41 45,056 ------w C:\WINDOWS\ServicePackFiles\i386\confmrsl.dll
+ 2004-08-04 07:56:48 27,648 ------w C:\WINDOWS\ServicePackFiles\i386\conime.exe
+ 2004-08-04 07:56:41 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\corpol.dll
+ 2004-08-04 07:56:41 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\credui.dll
+ 2004-08-04 05:59:20 36,480 ------w C:\WINDOWS\ServicePackFiles\i386\crusoe.sys
+ 2004-08-04 07:56:41 597,504 ------w C:\WINDOWS\ServicePackFiles\i386\crypt32.dll
+ 2004-08-04 07:56:41 74,752 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdlg.dll
+ 2004-08-04 07:56:41 33,280 ------w C:\WINDOWS\ServicePackFiles\i386\cryptdll.dll
+ 2004-08-04 07:56:41 53,760 ------w C:\WINDOWS\ServicePackFiles\i386\cryptext.dll
+ 2004-08-04 07:56:41 63,488 ------w C:\WINDOWS\ServicePackFiles\i386\cryptnet.dll
+ 2004-08-04 07:56:41 60,416 ------w C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
+ 2004-08-04 07:56:41 512,512 ------w C:\WINDOWS\ServicePackFiles\i386\cryptui.dll
+ 2004-08-04 07:56:41 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\cscdll.dll
+ 2004-08-04 07:56:48 98,304 ------w C:\WINDOWS\ServicePackFiles\i386\cscript.exe
+ 2004-08-04 07:56:41 326,656 ------w C:\WINDOWS\ServicePackFiles\i386\cscui.dll
+ 2004-08-04 07:56:41 32,768 ------w C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll
+ 2004-08-04 07:56:48 6,144 ------w C:\WINDOWS\ServicePackFiles\i386\csrss.exe
+ 2004-08-04 07:56:48 15,360 ------w C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
+ 2004-08-04 07:56:41 249,856 ------w C:\WINDOWS\ServicePackFiles\i386\ctmasetp.dll
+ 2004-08-04 07:56:41 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\custsat.dll
+ 2004-08-04 05:32:25 48,640 ------w C:\WINDOWS\ServicePackFiles\i386\cwrwdm.sys
+ 2004-08-04 07:56:41 1,179,648 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8.dll
+ 2004-08-04 07:56:41 8,192 ------w C:\WINDOWS\ServicePackFiles\i386\d3d8thk.dll
+ 2004-08-04 07:56:41 1,689,088 ------w C:\WINDOWS\ServicePackFiles\i386\d3d9.dll
+ 2004-08-04 07:56:41 825,344 ------w C:\WINDOWS\ServicePackFiles\i386\d3dim700.dll
+ 2004-08-04 07:56:41 1,053,696 ------w C:\WINDOWS\ServicePackFiles\i386\danim.dll
+ 2004-08-04 07:56:42 561,179 ------w C:\WINDOWS\ServicePackFiles\i386\dao360.dll
+ 2004-08-04 07:56:42 54,272 ------w C:\WINDOWS\ServicePackFiles\i386\dataclen.dll
+ 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\davclnt.dll
+ 2004-08-04 07:56:42 640,000 ------w C:\WINDOWS\ServicePackFiles\i386\dbghelp.dll
+ 2004-08-04 07:56:42 24,576 ------w C:\WINDOWS\ServicePackFiles\i386\dbmsrpcn.dll
+ 2004-08-04 07:56:42 110,592 ------w C:\WINDOWS\ServicePackFiles\i386\dbnetlib.dll
+ 2004-08-04 07:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dbnmpntw.dll
+ 2004-08-04 07:56:42 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\dcap32.dll
+ 2004-08-04 07:56:42 8,704 ------w C:\WINDOWS\ServicePackFiles\i386\dciman32.dll
+ 2004-08-04 07:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe
+ 2004-08-04 07:56:42 266,240 ------w C:\WINDOWS\ServicePackFiles\i386\ddraw.dll
+ 2004-08-04 07:56:42 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\ddrawex.dll
+ 2004-08-04 07:56:48 25,088 ------w C:\WINDOWS\ServicePackFiles\i386\defrag.exe
+ 2004-08-04 07:56:42 59,904 ------w C:\WINDOWS\ServicePackFiles\i386\devenum.dll
+ 2004-08-04 07:56:42 282,624 ------w C:\WINDOWS\ServicePackFiles\i386\devmgr.dll
+ 2004-08-04 07:56:48 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe
+ 2004-08-04 07:56:48 104,960 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe
+ 2004-08-04 07:56:42 38,912 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgsnap.dll
+ 2004-08-04 07:56:42 123,904 ------w C:\WINDOWS\ServicePackFiles\i386\dfrgui.dll
+ 2004-08-04 07:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dfsshlex.dll
+ 2004-08-04 07:56:42 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dgnet.dll
+ 2004-08-04 07:56:42 111,104 ------w C:\WINDOWS\ServicePackFiles\i386\dhcpcsvc.dll
+ 2004-08-04 07:56:48 539,136 ------w C:\WINDOWS\ServicePackFiles\i386\dialer.exe
+ 2004-08-04 07:56:48 85,504 ------w C:\WINDOWS\ServicePackFiles\i386\diantz.exe
+ 2004-08-04 07:56:42 68,608 ------w C:\WINDOWS\ServicePackFiles\i386\digest.dll
+ 2004-08-04 07:56:42 159,232 ------w C:\WINDOWS\ServicePackFiles\i386\dinput.dll
+ 2004-08-04 07:56:42 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dinput8.dll
+ 2004-08-04 07:56:42 81,408 ------w C:\WINDOWS\ServicePackFiles\i386\directdb.dll
+ 2004-08-04 05:59:54 36,352 ------w C:\WINDOWS\ServicePackFiles\i386\disk.sys
+ 2004-08-04 05:59:52 14,208 ------w C:\WINDOWS\ServicePackFiles\i386\diskdump.sys
+ 2004-08-04 07:56:48 163,840 ------w C:\WINDOWS\ServicePackFiles\i386\diskpart.exe
+ 2004-08-04 07:56:48 294,912 ------w C:\WINDOWS\ServicePackFiles\i386\dlimport.exe
+ 2004-08-04 07:56:48 5,120 ------w C:\WINDOWS\ServicePackFiles\i386\dllhost.exe
+ 2004-08-04 06:00:04 8,320 ------w C:\WINDOWS\ServicePackFiles\i386\dlttape.sys
+ 2004-08-04 07:56:48 224,768 ------w C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe
+ 2004-08-04 07:56:42 28,672 ------w C:\WINDOWS\ServicePackFiles\i386\dmband.dll
+ 2004-08-04 06:07:17 799,744 ------w C:\WINDOWS\ServicePackFiles\i386\dmboot.sys
+ 2004-08-04 07:56:42 61,440 ------w C:\WINDOWS\ServicePackFiles\i386\dmcompos.dll
+ 2004-08-04 07:56:42 200,704 ------w C:\WINDOWS\ServicePackFiles\i386\dmdskmgr.dll
+ 2004-08-04 07:56:42 181,248 ------w C:\WINDOWS\ServicePackFiles\i386\dmime.dll
+ 2004-08-04 06:07:16 153,344 ------w C:\WINDOWS\ServicePackFiles\i386\dmio.sys
+ 2004-08-04 07:56:42 35,840 ------w C:\WINDOWS\ServicePackFiles\i386\dmloader.dll
+ 2004-08-04 07:56:48 15,872 ------w C:\WINDOWS\ServicePackFiles\i386\dmremote.exe
+ 2004-08-04 07:56:42 82,432 ------w C:\WINDOWS\ServicePackFiles\i386\dmscript.dll
+ 2004-08-04 07:56:42 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dmserver.dll
+ 2004-08-04 07:56:42 105,984 ------w C:\WINDOWS\ServicePackFiles\i386\dmstyle.dll
+ 2004-08-04 07:56:42 103,424 ------w C:\WINDOWS\ServicePackFiles\i386\dmsynth.dll
+ 2004-08-04 07:56:42 104,448 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.dll
+ 2004-08-04 06:07:38 52,864 ------w C:\WINDOWS\ServicePackFiles\i386\dmusic.sys
+ 2004-08-04 07:56:42 52,224 ------w C:\WINDOWS\ServicePackFiles\i386\dmutil.dll
+ 2004-08-04 07:56:42 148,480 ------w C:\WINDOWS\ServicePackFiles\i386\dnsapi.dll
+ 2004-08-04 07:56:42 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
+ 2004-08-04 07:56:42 48,128 ------w C:\WINDOWS\ServicePackFiles\i386\docprop2.dll
+ 2004-08-04 05:51:21 53,840 ------w C:\WINDOWS\ServicePackFiles\i386\dosx.exe
+ 2004-08-04 05:58:29 207,360 ------w C:\WINDOWS\ServicePackFiles\i386\dot4.sys
+ 2004-08-04 06:13:53 97,280 ------w C:\WINDOWS\ServicePackFiles\i386\dpcdll.dll
+ 2004-08-04 07:56:48 30,208 ------w C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe
+ 2004-08-04 07:56:42 229,888 ------w C:\WINDOWS\ServicePackFiles\i386\dplayx.dll
+ 2004-08-04 07:56:42 23,552 ------w C:\WINDOWS\ServicePackFiles\i386\dpmodemx.dll
+ 2004-08-04 07:56:03 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnaddr.dll
+ 2004-08-04 07:56:42 375,296 ------w C:\WINDOWS\ServicePackFiles\i386\dpnet.dll
+ 2004-08-04 07:56:42 35,328 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhpast.dll
+ 2004-08-04 07:56:42 60,928 ------w C:\WINDOWS\ServicePackFiles\i386\dpnhupnp.dll
+ 2004-08-04 07:56:03 3,584 ------w C:\WINDOWS\ServicePackFiles\i386\dpnlobby.dll
+ 2004-08-04 07:56:48 18,432 ------w C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe
+ 2004-08-04 07:56:42 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\dpvacm.dll
+ 2004-08-04 07:56:42 212,480 ------w C:\WINDOWS\ServicePackFiles\i386\dpvoice.dll
+ 2004-08-04 07:56:48 83,456 ------w C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe
+ 2004-08-04 07:56:42 116,736 ------w C:\WINDOWS\ServicePackFiles\i386\dpvvox.dll
+ 2004-08-04 07:56:42 57,344 ------w C:\WINDOWS\ServicePackFiles\i386\dpwsockx.dll
+ 2004-08-04 07:57:04 299,520 ------w C:\WINDOWS\ServicePackFiles\i386\drmclien.dll
+ 2004-08-04 06:07:58 60,288 ------w C:\WINDOWS\ServicePackFiles\i386\drmk.sys
+ 2004-08-04 07:56:42 87,040 ------w C:\WINDOWS\ServicePackFiles\i386\drmstor.dll
+ 2004-08-04 07:57:02 695,296 ------w C:\WINDOWS\ServicePackFiles\i386\drmv2clt.dll
+ 2004-08-04 07:56:42 14,336 ------w C:\WINDOWS\ServicePackFiles\i386\drprov.dll
+ 2003-03-31 12:00:00 4,656 ------w C:\WINDOWS\ServicePackFiles\i386\ds16gt.dll
+ 2004-08-04 07:56:42 16,384 ------w C:\WINDOWS\ServicePackFiles\i386\ds32gt.dll
+ 2004-08-04 07:56:42 181,760 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmo.dll
+ 2004-08-04 07:56:42 71,680 ------w C:\WINDOWS\ServicePackFiles\i386\dsdmoprp.dll
+ 2004-08-04 13:00:00 92,672 ------w C:\WINDOWS\ServicePackFiles\i386\dskquota.dll
+ 2004-08-04 07:56:42 367,616 ------w C:\WINDOWS\ServicePackFiles\i386\dsound.dll
+ 2004-08-04 07:56:42 1,294,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsound3d.dll
+ 2004-08-04 07:56:42 142,336 ------w C:\WINDOWS\ServicePackFiles\i386\dsprop.dll
+ 2004-08-04 07:56:04 4,096 ------w C:\WINDOWS\ServicePackFiles\i386\dsprpres.dll
+ 2004-08-04 07:56:42 239,104 ------w C:\WINDOWS\ServicePackFiles\i386\dsquery.dll
+ 2004-08-04 07:56:42 51,200 ------w C:\WINDOWS\ServicePackFiles\i386\dssec.dll
+ 2004-08-04 05:31:43 137,216 ------w C:\WINDOWS\ServicePackFiles\i386\dssenh.dll
+ 2004-08-04 07:56:42 113,152 ------w C:\WINDOWS\ServicePackFiles\i386\dsuiext.dll
+ 2004-08-04 07:56:42 19,456 ------w C:\WINDOWS\ServicePackFiles\i386\dswave.dll
+ 2004-08-04 07:56:48 10,752 ------w C:\WINDOWS\ServicePackFiles\i386\dumprep.exe
+ 2004-08-04 07:56:42 304,128 ------w C:\WINDOWS\ServicePackFiles\i386\duser.dll
+ 2004-08-04 07:56:48 17,920 ------w C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe
+ 2004-08-04 07:56:48 180,224 ------w C:\WINDOWS\ServicePackFiles\i386\dwwin.exe
+ 2004-08-04 07:56:42 619,008 ------w C:\WINDOWS\ServicePackFiles\i386\dx7vb.dll
+ 2004-08-04 07:56:42 1,227,264 ------w C:\WINDOWS\ServicePackFiles\i386\dx8vb.dll
+ 2004-08-04 07:56:48 1,298,432 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe
+ 2004-08-04 07:56:42 2,113,536 ------w C:\WINDOWS\ServicePackFiles\i386\dxdiagn.dll
+ 2004-08-04 06:00:54 71,040 ------w C:\WINDOWS\ServicePackFiles\i386\dxg.sys
+ 2004-08-04 07:56:42 498,205 ------w C:\WINDOWS\ServicePackFiles\i386\dxmasf.dll
+ 2004-08-04 07:56:42 357,888 ------w C:\WINDOWS\ServicePackFiles\i386\dxtmsft.dll
+ 2004-08-04 07:56:42 201,728 ------w C:\WINDOWS\ServicePackFiles\i386\dxtrans.dll
+ 2004-08-04 07:56:42 183,296 ------w C:\WINDOWS\ServicePackFiles\i386\els.dll
+ 2004-08-04 07:56:42 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\encapi.dll
+ 2004-08-04 07:56:42 186,368 ------w C:\WINDOWS\ServicePackFiles\i386\encdec.dll
+ 2004-08-04 07:56:05 40,960 ------w C:\WINDOWS\ServicePackFiles\i386\ep9res.dll
+ 2004-07-17 18:39:35 120,320 ------w C:\WINDOWS\ServicePackFiles\i386\epcl5res.dll
+ 2004-08-04 07:56:42 23,040 ------w C:\WINDOWS\ServicePackFiles\i386\ersvc.dll
+ 2004-08-04 07:56:42 243,200 ------w C:\WINDOWS\ServicePackFiles\i386\es.dll
+ 2004-08-04 07:56:42 1,082,368 ------w C:\WINDOWS\ServicePackFiles\i386\esent.dll
+ 2004-08-04 07:56:42 247,808 ------w C:\WINDOWS\ServicePackFiles\i386\esscli.dll
+ 2002-08-29 04:00:54 137,088 ------w C:\WINDOWS\ServicePackFiles\i386\essm2e.sys
+ 2004-08-04 07:56:49 193,024 ------w C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe
+ 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
+ 2004-08-04 07:56:42 101,888 ------w C:\WINDOWS\ServicePackFiles\i386\evntagnt.dll
+ 2004-08-04 07:56:49 24,064 ------w C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe
+ 2004-08-04 07:56:42 22,016 ------w C:\WINDOWS\ServicePackFiles\i386\evntrprv.dll
+ 2004-08-04 07:56:49 92,160 ------w C:\WINDOWS\ServicePackFiles\i386\evntwin.exe
+ 2004-08-04 07:56:49 1,032,192 ------w C:\WINDOWS\ServicePackFiles\i386\explorer.exe
+ 2004-08-04 07:56:42 380,957 ------w C:\WINDOWS\ServicePackFiles\i386\expsrv.dll
+ 2004-08-04 07:56:42 55,808 ------w C:\WINDOWS\ServicePackFiles\i386\extmgr.dll
+ 2004-08-04 07:56:49 45,568 ------w C:\WINDOWS\ServicePackFiles\i386\extrac32.exe
+ 2004-08-04 06:14:16 143,360 ------w C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
+ 2004-08-04 07:56:42 472,064 ------w C:\WINDOWS\ServicePackFiles\i386\fastprox.dll
+ 2004-08-04 07:56:42 80,384 ------w C:\WINDOWS\ServicePackFiles\i386\faultrep.dll
+ 2004-08-04 07:56:49 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe
+ 2004-08-04 05:59:27 27,392 ------w C:\WINDOWS\ServicePackFiles\i386\fdc.sys
+ 2004-08-04 07:56:42 21,504 ------w C:\WINDOWS\ServicePackFiles\i386\feclient.dll
+ 2004-08-04 07:56:42 337,920 ------w C:\WINDOWS\ServicePackFiles\i386\filemgmt.dll
+ 2004-08-04 07:56:49 27,136 ------w C:\WINDOWS\ServicePackFiles\i386\findstr.exe
+ 2004-08-04 07:56:42 87,552 ------w C:\WINDOWS\ServicePackFiles\i386\fldrclnr.dll
+ 2004-08-04 05:59:27 20,480 ------w C:\WINDOWS\ServicePackFiles\i386\flpydisk.sys
+ 2004-08-04 07:56:42 16,896 ------w C:\WINDOWS\ServicePackFiles\i386\fltlib.dll
+ 2004-08-04 07:56:49 22,528 ------w C:\WINDOWS\ServicePackFiles\i386\fltmc.exe
+ 2004-08-04 06:01:19 124,800 ------w C:\WINDOWS\ServicePackFiles\i386\fltmgr.sys
+ 2004-08-04 07:56:42 382,976 ------w C:\WINDOWS\ServicePackFiles\i386\fontext.dll
+ 2004-08-04 07:56:49 20,992 ------w C:\WINDOWS\ServicePackFiles\i386\fontview.exe
+ 2004-08-04 05:31:22 34,173 ------w C:\WINDOWS\ServicePackFiles\i386\forehe.sys
+ 2004-08-04 07:56:42 32,828 ------w C:\WINDOWS\ServicePackFiles\i386\fp40ext.dll
+ 2004-08-04 07:56:42 184,435 ------w C:\WINDOWS\ServicePackFiles\i386\fp4amsft.dll
+ 2004-08-04 07:56:42 82,035 ------w C:\WINDOWS\ServicePackFiles\i386\fp4anscp.dll
+ 2004-08-04 07:56:42 147,513 ------w C:\WINDOWS\ServicePackFiles\i386\fp4apws.dll
+ 2004-08-04 07:56:42 49,210 ------w C:\WINDOWS\ServicePackFiles\i386\fp4areg.dll
+ 2004-08-04 07:56:42 102,509 ------w C:\WINDOWS\ServicePackFiles\i386\fp4atxt.dll
+ 2004-08-04 07:56:42 618,605 ------w C:\WINDOWS\ServicePackFiles\i386\fp4autl.dll
+ 2004-08-04 07:56:42 41,020 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avnb.dll
+ 2004-08-04 07:56:42 32,826 ------w C:\WINDOWS\ServicePackFiles\i386\fp4avss.dll
+ 2004-08-04 07:56:42 49,212 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awebs.dll
+ 2004-08-04 07:56:42 876,653 ------w C:\WINDOWS\ServicePackFiles\i386\fp4awel.dll
+ 2004-08-04 07:56:49 15,120 ------w C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe
+ 2004-08-04 07:56:49 109,840 ------w C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe
+ 2004-08-04 07:56:49 24,632 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe
+ 2004-08-04 07:56:42 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpadmdll.dll
+ 2004-08-04 07:56:49 188,494 ------w C:\WINDOWS\ServicePackFiles\i386\fpcount.exe
+ 2004-08-04 07:56:42 94,208 ------w C:\WINDOWS\ServicePackFiles\i386\fpencode.dll
+ 2004-08-04 07:56:42 20,541 ------w C:\WINDOWS\ServicePackFiles\i386\fpexedll.dll
+ 2004-08-04 07:56:42 598,071 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmc.dll
+ 2004-08-04 07:56:06 208,896 ------w C:\WINDOWS\ServicePackFiles\i386\fpmmcsat.dll
+ 2004-08-04 07:56:49 20,538 ------w C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe
+ 2004-08-04 07:56:49 28,728 ------w C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe
+ 2004-08-04 07:56:06 9,344 ------w C:\WINDOWS\ServicePackFiles\i386\framebuf.dll
+ 2004-08-04 07:56:42 185,856 ------w C:\WINDOWS\ServicePackFiles\i386\framedyn.dll
+ 2004-08-04 07:56:49 193,024 ------w C:\WINDOWS\ServicePackFiles�

#8
miekiemoes

Posted 31 March 2008 - 12:36 AM

Malware Expert

Member
5,503 posts

Hi,

I see you were doing Windows updates in between.

Can you also post a new HijackThislog please?

#9
jerryrs

Posted 31 March 2008 - 08:31 PM

New Member

Topic Starter
Member
5 posts

Here's my latest hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:47 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\ashMaiSv.exe
C:\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Apoint\Apntex.exe
D:\ScanSoft OmniPage\OpwareSE4.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110064663\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpwareSE4] "D:\ScanSoft OmniPage\OpwareSE4.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/...ns.10.6.0.4.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1206891611613
O16 - DPF: {6BAB93B7-1917-4214-A7D2-874FA6DB4740} (AOL Newport Editor Ctrl) - http://o.aolcdn.com/...ns.10.6.0.6.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 8830 bytes

#10
miekiemoes

Posted 31 March 2008 - 11:01 PM

Malware Expert

Member
5,503 posts

Hi,

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5".
Click the "Download" button to the right.
For Platform, select "Windows"
For language, select your language
Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
Click Continue
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:
- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 6
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

#11
miekiemoes

Posted 09 April 2008 - 12:44 PM

Malware Expert

Member
5,503 posts

Let me know in your next reply how things are now.

Still with us?

#12
miekiemoes

Posted 17 April 2008 - 11:00 AM

Malware Expert

Member
5,503 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.